Although humans have traditionally been regarded as the weakest link in the cybersecurity chain, a new study by Canadian researchers reveals that even untrained individuals can effectively detect malicious software when provided with minimal...
Over the past year, a social engineering technique known as ClickFix has witnessed a meteoric rise, propelled by a fusion of unique delivery methods, persuasive narratives, and sophisticated evasion tactics. According to analysts at...
The AI-powered code editor Cursor was recently found vulnerable to an attack technique dubbed “MCPoison” by the Check Point research team. This flaw enabled remote execution of arbitrary code on a developer’s machine, provided...
Critical vulnerabilities have been discovered in the Broadcom ControlVault microchip, a component responsible for storing sensitive data on over a hundred models of Dell laptops. According to Cisco Talos, this cluster of vulnerabilities allows...
In recent months, cybercriminals have once again turned their attention to long-known vulnerabilities in popular models of D-Link Wi-Fi cameras and network video recorders. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially...
Adobe has issued an out-of-band security update for its Adobe Experience Manager (AEM) Forms platform on Java EE, following the public disclosure of an exploit chain that enables unauthenticated remote code execution on vulnerable...
ProtectMyTooling A script that wraps around a multitude of packers, protectors, obfuscators, shellcode loaders, encoders, and generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark...
jscythe jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any...
As of August 1, 2025, the European Union has enacted new cybersecurity requirements for smartphones and other radio equipment—amendments introduced under the revised Directive 2014/53/EU (RED) and supplemented by Delegated Regulation 2022/30. These new...
As the Pentagon grapples with the consequences of funding shortfalls and high turnover in the field of cybersecurity, Donald Trump’s inner circle is floating a bold proposal: the creation of a new combat branch—Cyber...
A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP...
Amid the rapid proliferation of cryptocurrency ATMs across the United States, the Department of the Treasury has issued a warning about the growing risk of their exploitation for illicit purposes. In a recently published...
Generative AI models are rapidly evolving into fully-fledged instruments within the arsenals of cyber adversaries. This trend is underscored in CrowdStrike’s 2025 annual report, which highlights a sharp increase in the use of artificial...
A large-scale campaign exploiting a chain of vulnerabilities in Microsoft SharePoint continues to escalate—this time with the active involvement of ransomware groups. During an investigation into a series of coordinated attacks, researchers at Palo...
At first glance, static RAM (SRAM) appeared to be a reliable sanctuary for sensitive data. Embedded directly within the processor die and incapable of retaining information once power is cut, it was long considered...
The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States. The...
