Canadian National Charged for Operating Kimwolf DDoS Botnet
A 23 year old Canadian man has been arrested for operating the Kimwolf botnet, which infected unsecured devices like digital photo frames to launch massive DDoS attacks on global targets.
The Latest
Two Actively Exploited Flaws Added to CISA Known Vulnerabilities Catalog
CISA adds two actively exploited flaws to its KEV catalog, including a critical Langflow vulnerability exploited by Iranian state hackers…
Signed Lenovo Driver Exploited to Kill Security Software
A legitimate signed Lenovo driver contains a security flaw that lets low privileged users terminate any process, including EDR and…
New Phishing Service Kali365 Targets Microsoft 365 Tokens to Evade MFA
The FBI warns that the Kali365 phishing platform captures OAuth tokens through Microsoft's legitimate device code flow, allowing attackers to…
Microsoft Revamps Edge Password Security After Criticism
Microsoft is rolling out a change to Edge that prevents saved passwords from remaining in plaintext memory throughout the browsing…
Microsoft Takes Down Certificate Fraud Ring That Signed Malware for Criminals
Microsoft dismantled Fox Tempest, a malware signing service that used fraudulently obtained certificates to help cybercriminals bypass security controls.
Active Attacks Target cPanel Flaw to Install Filemanager Backdoor
Threat actors are actively exploiting a critical cPanel authentication bypass flaw to drop a cross-platform backdoor and steal credentials from…
Zero Day in NGINX 1.31.0 Enables Remote Code Execution via Memory Pool Flaw
A newly disclosed zero day in NGINX 1.31.0 exploits memory pool handling to bypass ASLR and achieve remote code execution,…
TeamPCP Threat Group Claims Major Source Code Heist from GitHub Internal Systems
The financially motivated threat group has allegedly stolen 4,000 private repositories from GitHub's internal systems and is demanding payment for…
How Stolen Identities Create Hidden Highways Through Your Cloud
A single cached access key that arrived through normal behavior could have exposed nearly every critical workload in a company's…
Patch Now: Critical Drupal Bug Enables SQL Injection on PostgreSQL Systems
A critical Drupal Core vulnerability allows unauthenticated SQL injection attacks on PostgreSQL sites, potentially leading to remote code execution and data exposure.
Cybercriminals Turn Indian Student Records into Phishing Goldmine
Researchers found millions of student records from Indian universities and EdTech firms being traded on cybercrime forums, enabling criminals to…
Storm 2949 Exploits Entra ID for Cloud Data Theft
Storm 2949 gains persistent access through social engineering of Microsoft's self service password reset feature to exfiltrate data from cloud…
Flipper One Cyberdeck Targets Network Security Research With Open Linux Stack
Flipper's new cyberdeck runs mainline Linux on a Rockchip RK3576 with modular expansion for SDR, storage, and cellular connectivity.
Spotlight
Operation Saffron: Global Takedown of Criminal VPN Service First VPN
Seven country law enforcement operation seized 33 servers and thousands of user identities from a VPN service that openly catered to ransomware groups and other cybercriminals.
Event Lure Phishing Operation Poses as Invitations to Steal Credentials
A phishing operation using fake event invitations and a repeatable automated framework has been targeting U.S. education, banking, government, technology, and healthcare organizations since December 2025.
New Linux Kernel Flaw Grants Root Access Via AFS Network Layer
The DirtyDecrypt flaw in the Linux kernel's AFS networking layer lets local attackers gain root by exploiting a missing copy-on-write guard during packet decryption.
Google Releases Emergency Patch for Chrome Critical Flaws
The emergency update addresses 16 security issues including two critical flaws that could allow attackers to take control of affected systems through malicious web pages.
Features
JDownloader Website Hack Delivers Remote Access Trojan via Tainted Installers
Malicious actors replaced Windows and Linux JDownloader installers with a Python based remote access Trojan after exploiting an unpatched CMS…
Microsoft Releases Mitigation for BitLocker Bypass Exploit Dubbed YellowKey
Microsoft released a mitigation for a BitLocker bypass that allows attackers with physical access to spawn an unrestricted shell and…
Two Actively Exploited Microsoft Defender Flaws Enable System Takeover
Two Microsoft Defender flaws are being exploited in the wild, allowing attackers to gain SYSTEM privileges or crash the antimalware…
Developer Tool Poisoning Leads to GitHub Internal Repository Breach
GitHub confirmed a breach after a malicious Visual Studio Code extension compromised an employee device, leading to exfiltration of internal…
GhostTree Technique Traps EDR Scanners in Infinite Directory Loops
GhostTree exploits NTFS junctions to create recursive directory loops that trap EDR scanners in infinite traversal paths, leaving malicious files…
Researcher Exposes Flaw in Claude Code Sandbox That Leaked Developer Secrets
A SOCKS5 null-byte injection in Claude Code's network sandbox allowed attackers to exfiltrate credentials and source code for over five…