The Scattered Spider group has intensified its assaults on corporate IT environments, concentrating its efforts on VMware ESXi hypervisors within U.S. companies across the retail, transportation, and insurance sectors. Rather than exploiting conventional software...
Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email...
U.S.-based digital payments giant PayPal has officially launched a groundbreaking cryptocurrency payment service, “Pay with Crypto,” in the American market. Set to roll out to merchants nationwide over the coming weeks, the service supports...
Microsoft has acknowledged that its July security updates failed to fully address vulnerabilities in on-premises versions of SharePoint, leaving systems susceptible to remote code execution. As a result, targeted attacks have continued, with experts...
Researchers have uncovered two parallel malicious campaigns targeting vulnerable and misconfigured components of cloud infrastructure. Both operations involve the deployment of cryptominers and are attributed to groups designated as Soco404 and Koske—whose activities have...
The FortiGuard Labs team has published an in-depth analysis of a heavily obfuscated web shell that was used in an attack targeting critical infrastructure in the Middle East. The research focuses on a script...
At the inaugural DistrictCon Junkyard competition, analysts from Trail of Bits vividly demonstrated the grave risks posed by outdated networking devices left without updates. During the event, they remotely compromised two discontinued products—the Netgear...
Veteran Linux kernel developer Sasha Levin, currently at NVIDIA and formerly with Google and Microsoft, has proposed the formal inclusion of guidelines for the use of AI assistants in kernel development within the official...
Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind...
The threat group known as Patchwork—also operating under aliases such as APT-C-09, APT-Q-36, Chinastrats, Dropping Elephant, Operation Hangover, Quilted Tiger, and Zinc Emerson—has launched a new targeted phishing campaign aimed at Turkey’s defense sector....
The Tails project has released a new version of its security- and privacy-focused operating system. Update 6.18 introduces a significant enhancement that enables users to circumvent internet censorship—even in the most heavily monitored regions....
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service...
Amid the looming end of support for Windows 10 in October 2025 and the stringent hardware requirements imposed by Windows 11, many users find themselves in search of viable alternatives. One of the most...
The China National Nuclear Corporation (CNNC) has unveiled its next-generation reactor project, the CFR-1000—a commercial fast neutron reactor with an electrical output of up to 1.2 gigawatts. This capacity is sufficient to power approximately...
An unusual attack targeting Linux servers has unveiled a new echelon of malware obfuscation—and possibly, its artificial origin. Researchers at AquaSec have documented a threat dubbed Koske, which hides within seemingly innocuous images of...
Law enforcement agencies have conducted a sweeping international operation to dismantle the digital infrastructure of one of the most prolific ransomware enterprises of the past decade—BlackSuit. This cybercriminal syndicate was responsible for hundreds of...
