Stolen Keys Let Attacker Mint 300M H Tokens on BSC
The attack on Humanity Protocol’s H token was not a smart contract exploit at all. Instead, it served as a painful reminder of one of crypto’s oldest problems: lose control of your private keys,...
Category: Cybercriminals
SQL Server 2025 AI Features Enable Data Exfiltration
Databases have long evolved beyond mere tabular repositories. However, new functionalities within SQL Server 2025 illustrate the inherent dangers of this progression. Recently, SpecterOps researchers discovered significant vulnerabilities. They detailed how attackers can abuse...
OptinMonster Supply Chain Attack Hits 1.2M Sites
Popular WordPress plugins have found themselves at the center of a supply chain attack, where the products themselves were not compromised directly. Instead, attackers targeted the infrastructure responsible for distributing them. Three plugins from...
Payroll Pirate Hijacks Sessions to Steal Paychecks
Payroll systems rarely attract attention until a single edited bank detail quietly turns a routine paycheck into a direct transfer to criminals. Researchers at BushidoToken Threat Intel have detailed a new financially motivated campaign...
Velvet Ant Hid in Air-Gapped Network for 10 Years
An air-gapped network offers no guarantee of safety when adversaries are willing to spend years probing for a way in. Researchers at Sygnia have released the full details of Operation Highland, a campaign in...
Handala’s FBI Drone Hack Claim Doubted by Experts
An Iran-linked hacking group called Handala has claimed it gained access to data from the FBI’s FPV drones, and the group is now threatening participants in the upcoming World Cup. According to a report...
Oracle PeopleSoft Zero-Day Exploit: ShinyHunters Attack
The Hidden Threat Within Utility Modules Colossal corporate networks frequently suffer breaches through obscure utility modules. Indeed, these quiet systems harbor valuable employee, student, and client archives for decades. Recently, the notorious ShinyHunters syndicate...
UNK_DeadDrop: North Korean Hackers Target Developers
North Korean hackers have launched a sweeping new campaign against software developers. The attackers rely on fake job postings and offers to review someone else’s code. According to Proofpoint, they have already targeted employees...
Adversarial Alignment: Threat Actors Weaponize AI Safety Guards to Thwart Malware Analysis
Most frontier artificial intelligence models feature built-in safety mechanisms. Consequently, these protocols actively block inquiries regarding biological or nuclear weaponry. Specifically, when systems detect hazardous triggers, they immediately refuse the prompt. However, threat actors...
Persistent Exposure: Exploitation of Legacy WinRAR Installations Persists Across Institutional Perimeters
Although the official security deployment addressing a critical vulnerability within the WinRAR file archiver debuted in July 2025, outdated iterations of the utility continue to grant threat actors unhindered ingress into corporate infrastructures. This...
Persistent Exposure: How OP-512 Exploits Legacy IIS Infrastructure
Legacy web servers frequently appear as ordinary infrastructure components for months. Meanwhile, hidden adversaries quietly establish initial access pathways into internal networks. ReliaQuest recently documented a sophisticated compromise of this nature. Specifically, they attributed...
Judicial Paradigm Shift: Belgian Court Orders Bank to Reimburse Phishing Victims
An elderly couple in Antwerp, Belgium, suffered a devastating loss of €50,000. Specifically, an impostor masqueraded as a banking official. He seamlessly manipulated the spouses into transferring their funds to an alleged “secure” account....
