Persistent Access Through Tailscale and OpenSSH Bypasses C2 Shutdown
A junior attacker used Tailscale and OpenSSH as a backup channel to maintain access to a compromised automotive business after the primary command and control server went offline.
The Latest
New Loaders BabaDeda, Lorem Ipsum, and Potemkin Spread via ClickFix Lures
Three new malware loaders are being distributed through ClickFix social engineering campaigns targeting education, finance, and other sectors with fake…
Expired TLS Certificate Disrupts Microsoft 365 Connectivity Testing Tool
The connectivity.office.com domain used by IT teams to verify Microsoft 365 access is showing TLS certificate expired errors, disrupting enterprise…
DPAPISnoop Tool Gains CREDHIST Extraction for Offline Password Cracking
The updated DPAPISnoop tool parses Windows CREDHIST files to generate crackable hashes that reveal users' complete password change history through…
Fabricated Breach Reports Force Maine AG to Shutter Public Database
An unidentified third party exploited Maine's automated breach reporting system to post fake security incidents, prompting the state to temporarily…
Coordinated Campaign of 152 Chrome Extensions Falsifies Ad Traffic
A network of 152 Chrome extensions posing as wallpaper tools secretly collects user data and generates fake search traffic to…
Open Source Toolkit Automates Bug Bounty Workflows with Local AI Models
BugHunter allows security researchers to run vulnerability testing and generate submission ready reports from a single terminal command using free…
AI-Powered Fuzzing Pipeline Uncovers $500,000 in Google Bugs
An AI-driven fuzzing pipeline uncovered over $500,000 in bug bounties from Google by exploiting access control failures across roughly 1,500…
Velvet Ant APT Spent Years Hiding Inside Linux Login Stack
A China linked threat group compromised Linux PAM and OpenSSH components to maintain undetected access for nearly a decade, evading…
JDY Botnet Grows to 1500 Compromised Devices for Recon Operations
The JDY botnet has expanded to over 1,500 compromised SOHO and IoT devices, acting as a high performance scanner for…
Global Police Takedown Hits AudiA6 Crypto Laundering Network Used by Ransomware Gangs
A coordinated international law enforcement operation has dismantled the AudiA6 cryptocurrency laundering service, which allegedly processed over $380 million for ransomware gangs and other cybercriminals.
Phantom Mantis Ransomware Group Evolves Into Self-Sufficient Operation With 478 Victims
The threat actor behind The Gentlemen ransomware was identified as a 36 year old Russian from Izhevsk after transitioning from…
OceanLotus APT Targets Vietnamese Investors and Construction Firm With SPECTRALVIPER Backdoor
ESET reveals OceanLotus deployed SPECTRALVIPER backdoor in supply chain attack on Vietnamese stock investment software and a separate prolonged espionage…
SniperDz PhaaS Platform Arms Criminals with 70+ Brand Impersonation Templates
Group-IB researchers uncovered a turnkey PhaaS platform enabling brand impersonation and browser hijacking through social media lures across the Middle…
Spotlight
Iran Linked BLUERABBIT Backdoor Combines Encryption, Data Theft, and Full Disk Wipe on Windows Systems
The BLUERABBIT backdoor uses enterprise messaging protocols like RabbitMQ to hide its command and control traffic while enabling both data theft and complete disk destruction on infected Windows machines.
GoFlateLoader Evades Detection by Bloated File Strategy
GoFlateLoader uses oversized PE overlays to bypass security scanning, already infecting over 33,000 users globally since April 2026.
CISA Mandates Three Day Patch Deadline for Critical Exploited Flaws
CISA's BOD 26-04 requires federal agencies to patch critical exploited vulnerabilities within three days, replacing previous patch directives with a risk-tiered framework.
ServiceNow Warns Customers After Malicious Actors Exploit Instance Access Flaw
ServiceNow disclosed that threat actors exploited an unpatched configuration flaw to query a subset of customer instances before a security update was applied on June 5.
Features
npm 12 to Block Install Scripts by Default to Thwart Code Execution Attacks
npm version 12 will require explicit user approval for install scripts and Git dependencies to block automatic code execution from…
AI Assistant OpenClaw Found Vulnerable to Credential Theft via Email Trickery
A controlled phishing test demonstrated that the OpenClaw AI agent can be manipulated into forwarding sensitive credentials like AWS keys…
Smart TV Apps Expose Home Networks as Stealth Proxies for AI Data Collection
A reverse engineering investigation reveals that free apps on smart TVs and phones act as exit nodes for a web…
Leftover Debug Flag in Microsoft 365 Android Apps Exposed Account Tokens
A leftover debug flag in Microsoft's shared Android SDK allowed any app on the same device to steal FOCI authentication…
Domain User Can Trigger Remote Code Execution via Veeam Backup Flaw
A newly disclosed flaw in Veeam Backup
Active Exploitation of Langflow File Write Bug Enables Remote Code Execution
Attackers are exploiting an unpatched path traversal vulnerability in the Langflow AI development platform that allows unauthenticated remote code execution…
