As of August 1, 2025, the European Union has enacted new cybersecurity requirements for smartphones and other radio equipment—amendments introduced under the revised Directive 2014/53/EU (RED) and supplemented by Delegated Regulation 2022/30. These new...
As the Pentagon grapples with the consequences of funding shortfalls and high turnover in the field of cybersecurity, Donald Trump’s inner circle is floating a bold proposal: the creation of a new combat branch—Cyber...
A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP...
Amid the rapid proliferation of cryptocurrency ATMs across the United States, the Department of the Treasury has issued a warning about the growing risk of their exploitation for illicit purposes. In a recently published...
Generative AI models are rapidly evolving into fully-fledged instruments within the arsenals of cyber adversaries. This trend is underscored in CrowdStrike’s 2025 annual report, which highlights a sharp increase in the use of artificial...
A large-scale campaign exploiting a chain of vulnerabilities in Microsoft SharePoint continues to escalate—this time with the active involvement of ransomware groups. During an investigation into a series of coordinated attacks, researchers at Palo...
At first glance, static RAM (SRAM) appeared to be a reliable sanctuary for sensitive data. Embedded directly within the processor die and incapable of retaining information once power is cut, it was long considered...
The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States. The...
pamspy — Credentials Dumper for Linux pamspy leverages eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the PAM (Pluggable Authentication Modules) library, used by many...
evilgophish Combination of evilginx2 and GoPhish. Why? As a penetration tester or red teamer, you may have heard of evilginx2 as a proxy man-in-the-middle framework capable of bypassing two-factor/multi-factor authentication. This is enticing to us, to say the...
Critical vulnerabilities discovered in the NVIDIA Triton Inference Server platform pose a significant threat to the security of AI infrastructure across both Windows and Linux environments. This concerns an open-source solution designed for large-scale...
Proton, a company renowned for its commitment to privacy and security, made an unfortunate misstep in its latest offering—Proton Authenticator, a two-factor authentication app. In the iOS version, users’ TOTP secrets—used to generate one-time...
Cloudflare, the company safeguarding millions of websites from digital threats, has issued grave accusations against the AI search engine Perplexity AI. According to their investigation, this popular AI assistant employs covert methods to extract...
Every Windows 11 user inevitably encounters the same frustration: the operating system arrives bloated with a multitude of pre-installed applications, most of which remain unused. Clipchamp, Feedback Hub, Maps, and dozens of other programs...
Apple is developing its own AI engine for answering questions—akin to ChatGPT—according to a report by Bloomberg. The initiative is being led by a newly formed internal team known as Answers, Knowledge, and Information...
A critical vulnerability has been discovered in the Squid proxy server, enabling remote execution of arbitrary code. The flaw affects nearly all actively used versions, and given the widespread deployment of Squid, millions of...
