Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion of security software and bypasses application...
Hackers have begun actively exploiting a critical vulnerability that grants them full control over thousands of servers, including those performing vital functions in data centers. This alarming development has prompted a warning from the...
Microsoft is preparing a significant overhaul of the infamous Blue Screen of Death (BSOD) in Windows. As part of the Windows Resiliency Initiative, the iconic blue error screen will be replaced by a new...
A new wave of malicious npm packages has been uncovered, linked to the ongoing Contagious Interview operation, which has been attributed to North Korean threat actors. The discovery was made by the cybersecurity firm...
A cybercriminal group has begun exploiting the popular ConnectWise ScreenConnect software to craft malware bearing a legitimate digital signature, thereby enabling the covert installation of remote access tools on victims’ devices. This alarming tactic...
Cybercriminals have launched a large-scale campaign dubbed OneClik, targeting companies in the energy, oil, and gas sectors. The attack leverages Microsoft’s legitimate ClickOnce technology and a custom-designed backdoor known as RunnerBeacon, allowing threat actors...
The French police have carried out a sweeping operation targeting the organizers of the infamous cybercriminal forum BreachForums, which in recent years had become a major hub for the trafficking of stolen data. According...
The French city of Lyon has announced a sweeping move away from Microsoft products in favor of open-source software—a decision that further signals Europe’s growing appetite for technological sovereignty. According to city officials, the...
Citrix has issued a warning regarding a newly discovered critical vulnerability in its NetScaler appliances, which is already being actively exploited in the wild. Tracked as CVE-2025-6543, this flaw affects the widely deployed NetScaler...
Siemens has encountered an unforeseen challenge: Microsoft’s antivirus solution is interfering with the operation of industrial facilities. The very software intended to safeguard corporate systems may inadvertently paralyze critical segments of production. The source...
A British citizen has been formally charged in the United States for orchestrating large-scale cyberattacks and trafficking in stolen confidential data, resulting in an estimated $25 million in damages. According to the U.S. Attorney’s...
Unknown threat actors have begun disseminating a counterfeit version of the SonicWall application, designed to steal credentials used to access VPNs. The campaign was uncovered by experts at SonicWall and Microsoft, who detected attempts...
Earlier this year, Dell announced its decision to retire product names such as XPS in favor of a streamlined naming convention: Dell, Dell Pro, and Dell Pro Max. Building upon this shift, the company...
Hollowise is a Windows-based tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques. It allows for stealth execution of debuggers and code and network analizers by replacing the memory of a suspended process (e.g. calc.exe) with...
The Pakistani cyber-espionage group APT36, also known as Transparent Tribe, has launched a sophisticated new phishing campaign targeting personnel within India’s defense sector. Experts at CYFIRMA have uncovered that the threat actors are employing...
At the international Botconf conference held in May 2025 in Angers, France, experts from NICT CSRI unveiled the findings of their three-year investigation into the RapperBot malware. Their conclusions were alarming: this evolved variant...
