Information Security News Blog
ADPulse — Active Directory Security Scanner ADPulse is an open-source Active Directory security auditing tool that connects to a domain controller via LDAP(S), runs 35 automated security checks, and produces detailed reports in console,...
A critical vulnerability has been unearthed within the widely utilized Java authentication library, pac4j-jwt, empowering a malicious actor to masquerade as any system user, administrators included. This severe flaw has been designated the identifier...
Researchers at Check Point have disclosed that since the eruption of hostilities on February 28th, a coalition of Iranian threat syndicates has been aggressively scouring the digital landscape for vulnerable, internet-exposed surveillance cameras across...
Novel artificial intelligence instruments are increasingly being co-opted into the arsenals of cybercriminals. A recent paradigm of this phenomenon involves the OpenClaw initiative: malefactors proliferated compromised installation files, whilst the AI-augmented Bing search engine...
Kaspersky Lab has categorically repudiated the hypothesis that the iPhone exploit framework, recently delineated by Google, was engineered by the same architects responsible for the vulnerability chains weaponized in the “Operation Triangulation” campaign of...
Cisco has issued a stark admonition regarding sustained cyber offensives wherein malicious actors are actively exploiting vulnerabilities within the Catalyst SD-WAN Manager network governance matrix. The corporation implores network administrators to expeditiously deploy software...
An international law enforcement operation has successfully dismantled Tycoon 2FA, one of the most formidable phishing-as-a-service platforms in existence. Operating upon a subscription-based paradigm, this clandestine service empowered malicious actors to execute indiscriminate, large-scale...
In a recent dossier, OX Research delineated how a mundane email dispatched to a corporate address can precipitate the complete subjugation of a server. Cybersecurity sentinels have unearthed a critical vulnerability entrenched within the...
For several years, the Silver Dragon syndicate has orchestrated a clandestine cyber offensive against state apparatuses and prominent enterprises across Europe and Southeast Asia. These malefactors systematically breach public-facing servers, disseminate meticulously crafted phishing...
While the majority of the corporate world remains preoccupied with the latest vulnerabilities, a cadre of Chinese threat actors has been stealthily architecting a subterranean infrastructure for cyberespionage. A meticulous forensic analysis of nascent...
M365Pwned Red Team tooling for Microsoft 365 exploitation via Microsoft Graph API. Two WinForms GUI tools for enumerating, searching, and exfiltrating data from M365 environments using application-level OAuth tokens — no user interaction required....
The conflicts of the twenty-first century are increasingly inaugurated not by the roar of missiles, but by imperceptible incursions into digital networks. Cybernetic systems pave the way for aerial armadas, paralyze adversarial infrastructure, and...