A new commodity has surfaced on underground forums for those seeking to operate more quietly—and for longer. An actor using the alias AlphaGhoul has begun promoting a utility called NtKiller, which, according to its...
The analytical firm QKS Group has published its Exposure Management market study for the fourth quarter of 2025. The report evaluates more than 30 vendors operating in the fields of vulnerability management and attack...
Security researchers uncovered several vulnerabilities in Eurostar’s public chatbot, demonstrating that a “modern” LLM interface can fail for exactly the same reasons as traditional web services: weak server-side data binding, missing validation, and blind...
The latest iteration of the macOS stealer known as MacSync has learned to infiltrate victims’ machines almost “like a legitimate application.” According to Jamf, it is now distributed as a signed Swift app packaged...
Commercial robots have proved far less secure than many assume. Security researchers are increasingly demonstrating that certain machines can be taken over in a matter of minutes, and that flaws in software logic can...
The world’s largest online black markets may no longer reside in the dark web, but openly on Telegram itself. According to analysts, a sprawling network of Chinese-language “guarantor markets” has taken root on the...
A critical vulnerability in the globally used workflow automation platform n8n allows attackers to execute arbitrary code remotely. Tracked as CVE-2025-68613, the flaw carries an exceptionally high CVSS score of 9.9 out of 10....
U.S. law enforcement authorities have announced the seizure of a domain used in a large-scale scheme to steal bank accounts. According to the U.S. Department of Justice, the site—web3adspanels[.]org—served as a control hub for...
Threat actors have begun repurposing a legitimate server monitoring tool as a ready-made platform for remotely controlling systems that have already been compromised. According to the Ontinue Cyber Defense Center, recent incidents involve Nezha,...
A malicious package named lotusbail has been uncovered in the npm repository, masquerading as a library for working with WhatsApp Web while quietly siphoning conversations and granting attackers persistent access to user accounts. According...
Spotify has blocked a number of accounts after the Anna’s Archive team publicly released a dataset collected from the streaming platform. According to the group, the trove comprises 86 million audio files and an...
OpenAI has released a security update for ChatGPT Atlas, a browser equipped with a built-in “agent mode” that can browse the web and act within it almost like a human—clicking, typing, and carrying out...
