The Office of the Attorney General of Pennsylvania (OAG) has confirmed that it fell victim to a large-scale ransomware attack that crippled its servers and caused significant delays in both criminal and civil proceedings....
The APT group Silver Fox has integrated a previously unknown vulnerable driver, WatchDog Antimalware, signed by Microsoft, into its attack chains. Exploiting this driver, the attackers disable defenses even on fully updated Windows 10...
Cisco Talos specialists have uncovered more than 1,100 instances of Ollama—a framework designed for running LLM models locally—exposed directly to the internet. Around 20% of these were active, serving models vulnerable to unauthorized access,...
Low-profile droppers, long considered auxiliary tools in the arsenals of Android banking trojans and RATs, are undergoing a rapid and troubling transformation. According to ThreatFabric researchers, these once secondary instruments are now being actively...
Researchers at Socket have uncovered a malicious npm package named nodejs-smtp, masquerading as the widely used nodemailer library (which averages 3.9 million weekly downloads). In reality, the package serves as a tool for covert...
A large-scale theft of authentication tokens from Salesloft, developer of the corporate chatbot platform, has triggered a chain reaction of threats across digital infrastructure worldwide. According to a warning from Google, the breach affects...
A security researcher uncovered critical vulnerabilities in the admin panel of Pudu Robotics, China’s largest supplier of commercial service robots. The flaw allowed attackers to redirect robots and issue arbitrary commands. Pudu manufactures over...
Experts at Truesec have reported a large-scale malicious campaign in which attackers promoted a fake PDF-editing application, AppSuite PDF Editor, through Google Ads. Beneath its veneer of legitimacy lurked the TamperedChef infostealer, capable of...
OnionC2 is a command and control (C2) framework with communications over Tor network. It’s packed with privacy & security features, and operational capabilities. It is simple to setup, and has a friendly user interface....
Researchers at Stripe OLT’s SOC have uncovered a large-scale, targeted phishing campaign aimed at senior executives and top managers across multiple industries. The attackers distribute emails disguised as internal correspondence from HR departments, inviting...