The LastPass breach that occurred back in 2022 continues to generate illicit profits years later. A recent on-chain analysis by TRM Labs has uncovered new details about the underlying criminal infrastructure. At the time...
In late December, an unwelcome supply-chain surprise erupted around the popular text editor EmEditor. According to the developer, between December 19 and 22, 2025, the download button on the official website may have served...
Blockchain investigator ZachXBT reported on December 25 that, over the preceding hours, numerous Trust Wallet users had experienced unauthorized withdrawals. Affected individuals claimed their assets were drained from their wallets without any form of...
Fortinet has warned administrators that real-world attacks are once again exploiting the vulnerability FG-IR-19-283 (CVE-2020-12812), first disclosed in July 2020. Under certain FortiGate configurations, the flaw allows attackers to bypass two-factor authentication and log...
The former head of Georgia’s State Security Service has become the central figure in a major corruption scandal tied to an international fraud scheme. Georgian prosecutors allege that Grigol Liluashvili spent several years accepting...
IronJump is a hardened SSH bastion and endpoint management framework written in Bash. It enables security professionals and administrators to securely deploy and maintain jump servers and endpoint devices across hybrid infrastructure including IT,...
Orsted C2 is a command an control framework. It consists of many orsted-beacons that communicates with each other and to the main orsted-server. An operator can interact with the orsted-beacon using the orsted-client. Features...
A new commodity has surfaced on underground forums for those seeking to operate more quietly—and for longer. An actor using the alias AlphaGhoul has begun promoting a utility called NtKiller, which, according to its...
The analytical firm QKS Group has published its Exposure Management market study for the fourth quarter of 2025. The report evaluates more than 30 vendors operating in the fields of vulnerability management and attack...
Security researchers uncovered several vulnerabilities in Eurostar’s public chatbot, demonstrating that a “modern” LLM interface can fail for exactly the same reasons as traditional web services: weak server-side data binding, missing validation, and blind...
The new release of elementary OS 8.1 arrives a year after its predecessor, bringing notable advances in security, compatibility, and overall usability. The update is already available for download and comes preinstalled on select...
The latest iteration of the macOS stealer known as MacSync has learned to infiltrate victims’ machines almost “like a legitimate application.” According to Jamf, it is now distributed as a signed Swift app packaged...
