Trust in a familiar sender keeps turning into a weak point. A new campaign against WhatsApp users builds on exactly that bet. The attackers send malicious files from already-hijacked accounts. They disguise the attachments...
The longer an electronics supply chain grows, the harder it gets to keep trade secrets inside factory walls. India’s Tata Electronics has now confirmed a recent cyber incident. The confirmation followed reports that files...
Sometimes a leak starts not with a hacked admin panel, but with an open service request. Attackers are using exactly that method against WordPress sites that run the Gravity SMTP plugin. The vulnerability, tracked...
At a Glance Field Detail Malware family Prinz Eugen (Go-based ransomware, .prinzeugen extension) Threat actor Prinz Eugen group; linked to the operator handle ROOTBOY (suspected) Victims At least five organizations, including Standard Bank Group...
Malware Family: AryStinger Threat Actor: Unknown (Suspected) Victims: Over 4,000 legacy D-Link routers and NAS systems Delivery Vector: Exploitation of older CVEs Key Capabilities: Traffic proxying, distributed scanning, DNS hijacking Source: XLab (Qianxin) Over...
Generative AI as a Criminal Commodity Cybercriminals increasingly integrate artificial intelligence into traditional attack strategies. However, they frequently exploit this novel technology as a lucrative commodity. Recently, researchers investigated various illicit forums and dark...
Even services built for private conversation sometimes betray themselves. The giveaway is not the content of the messages. Instead, it is the ordinary network infrastructure behind them. Analysts at Covert Security found that the...
F5 has issued an unscheduled security advisory for several products tied to NGINX and BIG-IP. The company detailed six NGINX vulnerabilities in total. Some earned a high severity rating, and F5 has already fixed...
GitHub has filled up with fake repositories. They disguise themselves as ordinary developer projects. In reality, they push Trojans through links to ZIP archives. A developer using the alias Orchid uncovered the large campaign....
Attackers have already begun abusing a critical Splunk Enterprise vulnerability. Meanwhile, hundreds of open instances of the product remain reachable on the internet. So the window to patch is closing fast. What Is CVE-2026-20253?...
The market intelligence platform Klue has confirmed a breach of part of its integration infrastructure. Attackers obtained OAuth tokens, the digital keys that grant access between services. With those keys, they slipped into the...
Unpatchable Hardware Vulnerabilities Emerge Even the most robust smartphone security inevitably ages alongside its hardware. Recently, Paradigm Shift vividly demonstrated this reality with the iPhone 11. Surprisingly, this older device still receives the latest...
