Government-backed hackers infiltrated a U.S. nuclear weapons component manufacturer by exploiting vulnerabilities in Microsoft SharePoint. The incident affected the Kansas City National Security Campus (KCNSC), part of the National Nuclear Security Administration (NNSA) under...
Pentest Copilot is an open-source tool built to assist ethical hackers and penetration testers. By integrating LLMs, it automates and enhances various pentesting tasks. The tool is deployable locally with Docker and includes an...
GhostBeacon mainly consists of two primary modules: the Rogue (Fake) Access Point Spotter, which analyses Beacon Frames using couple of parameters to identify Rogue Access Points; and the Hidden Access Point Spotter, which analyses...
After a brief period of dormancy, the operator of the LockBit ransomware has returned to full-scale activity, unveiling a new and more sophisticated version of its malware. In the spring of 2024, the group’s...
In mid-summer 2025, the ToolShell vulnerability (CVE-2025-53770) became the catalyst for a major wave of compromises. Attackers exploited the flaw on SharePoint servers shortly after Microsoft released its patch, gaining unauthenticated access to files...
North Korea has intensified its reliance on cybercrime and the overseas remote employment of its citizens to circumvent international sanctions and finance its missile and nuclear programs. This conclusion was presented by member states...
The Lazarus hacking group has resurfaced—this time targeting European defence firms engaged in unmanned aerial systems development. ESET traces the activity to the DreamJob campaign, attributed to North Korea, which habitually employs bogus job...
The PhantomCaptcha operation proved to be one of the most sophisticated phishing campaigns of recent months, directed at humanitarian and administrative organizations. According to SentinelLabs, the attackers orchestrated a meticulously crafted scheme, masquerading as...
A widespread exploitation campaign has descended upon WordPress sites: attackers are targeting installations that use the GutenKit and Hunk Companion plugins, which harbor critical flaws permitting arbitrary code execution on vulnerable servers. Wordfence, a...
Researchers at SquareX have published a comprehensive report on a newly discovered vulnerability known as AI Sidebar Spoofing—a novel class of attacks that leverages malicious browser extensions disguised as AI sidebar interfaces. This technique...
The malicious modification of Telegram X, discovered by specialists at Doctor Web, turned out to be far more than a simple espionage tool—it is a fully fledged platform for the covert takeover and remote...
Trend Research has detailed a new wave of attacks carried out by the Agenda ransomware group, which has developed the ability to execute a Linux variant of its encryptor within Windows-based environments. This tactic...
