Attackers have begun abusing the DFIR tool Velociraptor to stage ransomware deployments of LockBit and Babuk. Cisco Talos attributes these campaigns to a cluster known as Storm-2603, believed to operate from China. Analysts report...
According to a new report from Microsoft Threat Intelligence, the financially motivated group Storm-2657 is conducting large-scale attacks against universities and private companies, using stolen employee credentials to redirect payroll funds into their own...
Researchers at FireTail have discovered the resurrection of an old-class flaw — ASCII Smuggling — now resurfacing in a modern guise capable of subverting contemporary artificial-intelligence systems. In September 2025, the team evaluated a...
Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files. The flaws stemmed from how the program handled symbolic links within archives, enabling attackers to traverse...
In June 2025, a researcher operating under the pseudonym rick disclosed a critical vulnerability in GitHub Copilot dubbed CamoLeak, rated CVSS 9.6. The flaw enabled an attacker to surreptitiously exfiltrate sensitive information and source...
Wiz researchers have recently disclosed a critical vulnerability in Redis affecting version 8.2.1 and earlier releases. Tracked as CVE-2025-49844 with a CVSS score of 10, the flaw stems from unsafe memory handling during the...
Researchers have identified a large-scale wave of attacks orchestrated by the RondoDox botnet, which employs the so-called “exploit shotgun” technique—literally “firing at everything that moves.” This method involves automatically testing dozens of exploits in...
Forescout specialists recorded a targeted intrusion in September against a honeypot simulating the control system of a water-treatment facility. A newly emerged hacktivist collective calling itself TwoNet claimed responsibility; the group operates within an...
A new vulnerability has been discovered in OpenSSH — CVE-2025-61984 — which permits remote code execution (RCE) by abusing the ProxyCommand parameter and peculiarities in shell character handling. Exploitation is possible even in the...
On October 14, 2025, official support for Windows 10—the operating system released by Microsoft in 2015—will come to an end. After this date, users may continue to operate their existing devices; however, the company...
Modern televisions are slimmer, larger, and designed to fit seamlessly into the home. One of the most popular ways to make the most of this technology is by mounting the TV on the wall....
msLDAPDump LDAP enumeration tool implemented in Python3 msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works...
