JDY Botnet Grows to 1500 Compromised Devices for Recon Operations
The JDY botnet has expanded to over 1,500 compromised SOHO and IoT devices, acting as a high performance scanner for Chinese state sponsored threat actors to map vulnerable infrastructure at scale.
The Latest
Global Police Takedown Hits AudiA6 Crypto Laundering Network Used by Ransomware Gangs
A coordinated international law enforcement operation has dismantled the AudiA6 cryptocurrency laundering service, which allegedly processed over $380 million for…
Phantom Mantis Ransomware Group Evolves Into Self-Sufficient Operation With 478 Victims
The threat actor behind The Gentlemen ransomware was identified as a 36 year old Russian from Izhevsk after transitioning from…
OceanLotus APT Targets Vietnamese Investors and Construction Firm With SPECTRALVIPER Backdoor
ESET reveals OceanLotus deployed SPECTRALVIPER backdoor in supply chain attack on Vietnamese stock investment software and a separate prolonged espionage…
SniperDz PhaaS Platform Arms Criminals with 70+ Brand Impersonation Templates
Group-IB researchers uncovered a turnkey PhaaS platform enabling brand impersonation and browser hijacking through social media lures across the Middle…
Iran Linked BLUERABBIT Backdoor Combines Encryption, Data Theft, and Full Disk Wipe on Windows Systems
The BLUERABBIT backdoor uses enterprise messaging protocols like RabbitMQ to hide its command and control traffic while enabling both data…
GoFlateLoader Evades Detection by Bloated File Strategy
GoFlateLoader uses oversized PE overlays to bypass security scanning, already infecting over 33,000 users globally since April 2026.
CISA Mandates Three Day Patch Deadline for Critical Exploited Flaws
CISA's BOD 26-04 requires federal agencies to patch critical exploited vulnerabilities within three days, replacing previous patch directives with a…
ServiceNow Warns Customers After Malicious Actors Exploit Instance Access Flaw
ServiceNow disclosed that threat actors exploited an unpatched configuration flaw to query a subset of customer instances before a security…
npm 12 to Block Install Scripts by Default to Thwart Code Execution Attacks
npm version 12 will require explicit user approval for install scripts and Git dependencies to block automatic code execution from…
AI Assistant OpenClaw Found Vulnerable to Credential Theft via Email Trickery
A controlled phishing test demonstrated that the OpenClaw AI agent can be manipulated into forwarding sensitive credentials like AWS keys and database passwords with a single deceptive email.
Smart TV Apps Expose Home Networks as Stealth Proxies for AI Data Collection
A reverse engineering investigation reveals that free apps on smart TVs and phones act as exit nodes for a web…
Leftover Debug Flag in Microsoft 365 Android Apps Exposed Account Tokens
A leftover debug flag in Microsoft's shared Android SDK allowed any app on the same device to steal FOCI authentication…
OpenAI Introduces Lockdown Mode to Block Data Exfiltration via Prompt Injection
OpenAI launches Lockdown Mode for ChatGPT to limit outbound network requests and block data exfiltration pathways from prompt injection attacks.
Spotlight
Domain User Can Trigger Remote Code Execution via Veeam Backup Flaw
A newly disclosed flaw in Veeam Backup
Active Exploitation of Langflow File Write Bug Enables Remote Code Execution
Attackers are exploiting an unpatched path traversal vulnerability in the Langflow AI development platform that allows unauthenticated remote code execution through file writes.
One Click Attack on GitHub.dev Could Expose Private Repositories via VS Code
Researchers demonstrate how a single click can steal full access GitHub OAuth tokens through a vulnerability in the VS Code and GitHub.dev integration.
Critical Use After Free Bug Opens Door to Remote Code Execution in OpenSSL
A critical use after free bug in OpenSSL's PKCS7_verify function allows attackers to execute arbitrary code on systems processing crafted signed messages.
Features
Anthropic Unveils Claude Fable 5 with Built in Cybersecurity Guardrails
The new Mythos class model routes risky cybersecurity prompts to a less capable model while offering a defensive version to…
MLTBackdoor Malware Hits Automotive Sites via ClickFix Attack Chain
The MLTBackdoor malware uses an automotive themed web page lure and a multi-stage infection chain involving ClickFix prompts and DLL…
RoguePlanet Exploit Grants SYSTEM Access Through Microsoft Defender
A race condition exploit targeting Microsoft Defender can grant SYSTEM level access on fully patched Windows 10 and 11 systems.
Fake Software Tutorials on TikTok and Instagram Deliver Vidar Infostealer
Attackers are using polished TikTok and Instagram Reels clips that promise free software, directing viewers to download sites hosting the…
Fake Microsoft Login Popup Campaign Uses Deceptive Browser in Browser Trick
Attackers use a fake browser popup that mimics Microsoft's OAuth login screen to steal credentials from unsuspecting users.
Assistive AI Agents in Microsoft 365 Pose Stealth Identity Risk
Researchers found that compromised assistive AI agents in Microsoft 365 can send malicious emails using a real user's permissions, evading…
