A security researcher has demonstrated how a “booby-trapped” e-book can turn an ordinary Kindle into a gateway to a user’s Amazon account—granting access to payment details and even enabling one-click purchases. Valentino Ricotta crafted...
Researchers at Koi Security have identified a new malicious campaign dubbed GhostPoster, targeting users of the Firefox browser. As part of the operation, attackers distributed extensions that appeared harmless and even amassed tens of...
A covert threat has been uncovered within the .NET ecosystem, stemming from the substitution of a widely used tracing library. For more than five years, a malicious package circulated in the NuGet repository, masquerading...
Microsoft has announced plans to retire the legacy RC4 algorithm from Windows authentication. The company is preparing changes that will affect Kerberos infrastructure and strengthen the resilience of corporate networks against modern threats, including...
By the end of 2025, the internet had become even more tightly bound to cloud infrastructure, mobile traffic, and automation, with protective mechanisms increasingly operating “by default” within large content delivery networks. In its...
A new wave of pressure targeting Israeli professionals linked to the defense sector has moved beyond conventional cyberattacks and into the realm of personal intimidation. A group allegedly connected to Iran has shifted its...
In the run-up to the New Year holidays, underground marketplaces often see a surge of freshly minted data-stealing tools, and this time SantaStealer is being aggressively promoted across Telegram channels and hacker forums. It...
SpeechRuntimeMove Lateral Movement via SpeechRuntime DCOM trigger & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement abuses the fact, that some COM Classes configured as INTERACTIVE USER will spawn a process in the context...
One of the key defensive barriers against the creation of fake online accounts has proven alarmingly fragile—capable of being bypassed for just a few cents. Researchers at the University of Cambridge have found that...
Over a three-month observation period, Forescout researchers recorded more than 60 million malicious requests targeting devices positioned at the edge of industrial networks. Analysis of honeypot activity revealed a clear pattern: perimeter devices—industrial routers...