Chinese-language Phishing-as-a-Service (PhaaS) platforms have significantly evolved, now incorporating artificial intelligence and sophisticated MFA bypass techniques. These commercial services lower the barrier to entry for cybercriminals, offering turnkey phishing solutions with advanced evasion c
A critical SQL injection vulnerability in Ghost CMS is being actively exploited in a widespread ClickFix social engineering campaign. Attackers are compromising Ghost-powered websites to inject malicious scripts that display fake error messages, tricking users into executing PowerShell commands that
Anthropic’s Project Glasswing leveraged advanced AI to identify more than 10,000 security vulnerabilities across open-source software in just 30 days. While this achievement demonstrates unprecedented vulnerability discovery capabilities, it simultaneously exposes a critical gap: our ability to patc
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Drupal Core vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The flaw, which affects multiple versions of the popular content management system, allows
Recent research presented at LABScon25 reveals that major cybersecurity breaches create predictable market patterns that sophisticated traders are already exploiting. This “breach alpha” phenomenon shows that companies experiencing significant cyber incidents follow consistent stock price trajectori
PyrsistenceSniper is a newly released open-source detection tool capable of identifying 117 different malware persistence mechanisms across Windows, Linux, and macOS platforms. This cross-platform scanner helps security teams identify how threat actors maintain long-term access to compromised system
Popular Laravel localization packages maintained by the Laravel-Lang organization were compromised in a supply chain attack, with malicious actors injecting credential-stealing malware into legitimate translation packages. The attack affected multiple packages downloaded thousands of times, potentia
A critical memory corruption vulnerability dubbed “poolslip” (CVE-2024-7347) has been discovered in Nginx’s HTTP/3 QUIC implementation, affecting versions 1.25.0 through 1.27.0. The flaw allows remote attackers to trigger denial-of-service conditions and potentially execute arbitrary code through sp
Cybercriminals are abandoning encryption-based ransomware in favor of pure extortion tactics that rely solely on data theft and threats of public disclosure. This shift eliminates the need for decryption negotiations, reduces technical complexity, and circumvents backup recovery strategies. Organiza
Italian authorities have shut down CINEMAGOAL, a sophisticated piracy application that masqueraded as a free streaming service while covertly harvesting authentication credentials from 1.4 million users. The operation, coordinated by Italy’s Guardia di Finanza and Postal Police, dismantled infrastru