Information Security News Blog
Cybercriminals who compromised an academic institution in Antwerp have resorted to exerting psychological pressure on parents after the administration refused to acquiesce to their ransom demands. The adversaries are currently disseminating threatening missives, warning...
The sophisticated threat actor APT28 has commenced the exploitation of a nascent Microsoft Office vulnerability almost immediately following its public disclosure. According to researchers, these incursions were initiated within a mere three-day window, primarily...
A sophisticated technique has been unearthed within Chrome that permits the exfiltration of the complete URL from any active tab, even by an extension explicitly denied access to tabs or website content. This vulnerability...
Security researcher Julian Peña has unveiled GhostKatz, a formidable new utility engineered to exfiltrate credentials from the LSASS process by directly accessing a computer’s physical memory. The project is hosted publicly on GitHub under...
A critical Remote Code Execution (RCE) vulnerability has been unearthed within the enterprise solution Quest KACE Desktop Authority, a platform widely utilized for the centralized administration of Windows workstations. The software instantiates an agent...
Cybersecurity researchers persist in their investigation of a sophisticated incursion targeting the ubiquitous text editor Notepad++, which remained undetected for nearly half a year—from June through December 2025. By compromising the hosting provider for...
A sophisticated supply chain incursion has been documented within the Open VSX extension registry, precipitated by the illicit seizure of a developer’s credentials. Adversaries surreptitiously integrated malicious payloads into widely utilized development tools to...
ESET has disclosed the intricate technical specifications of an incursion involving a nascent data-obliteration utility designated as DynoWiper. The incident compromised an energy sector entity in Poland, distinguished by its calculated focus on critical...
Analysts at Intrinsec have documented a surge in offensives leveraging the PhantomVAI loader, a utility architected upon the legacy RunPE framework and deployed in global cyber incursions. This instrument has surfaced concurrently across several...
PwnPad is an affordable, hands-on Hardware Hacking Learning Platform created by TwelveSec, designed to guide learners through progressively advanced hardware security concepts, from PCB design and firmware extraction to side-channel attacks and glitching. Key features include: A modular...
A pronounced escalation in the activity of infrastructure tethered to the AsyncRAT remote access trojan has been meticulously documented across the global network. Analysis of pervasive telemetry reveals that the command-and-control (C2) servers of...
Authorities in South Korea and the nation’s preeminent financial institutions have intensified the integration of artificial intelligence to combat fraudulent machinations within the equity and cryptocurrency markets. This initiative primarily targets “pump and dump”...