45 Day Assessment Reveals Hidden Risks in Trusted IT Tools
A 45 day assessment of internal tools reveals that trusted utilities like PowerShell and WMIC are used in 84% of high severity incidents, shifting security focus from malware to over entitlement.
The Latest
Unsafe Class Loading in Amazon Redshift JDBC Driver Opens Door to Remote Code Execution
Attackers can exploit unsafe class loading in the Redshift JDBC driver by supplying a crafted database URL, leading to full…
TeamPCP Supply Chain Poisoning Targets TanStack npm Hits OpenAI Employee Devices
TeamPCP's TanStack npm supply chain attack compromised two OpenAI employee workstations, prompting certificate rotation and urgent macOS app update requirements.
Trusted Tool Turned Threat: HPE Agent Used in Stealth Attack Campaign
Attackers exploited a legitimate HPE monitoring tool for over 100 days, pushing malicious scripts through a trusted management channel without…
Stealthy OrBit Rootkit Steals Linux Login Credentials for Years
The OrBit rootkit, based on the open source Medusa project, has evaded detection for years by hooking over forty system…
Device Code Phishing Campaigns Exploit Microsoft Authentication Flow
Cybercriminals are using Microsoft's OAuth device authorization flow to steal authentication tokens through phishing campaigns that bypass traditional security tools.
Gunra Ransomware Matures Into Full Service Model With Global Reach
Gunra ransomware has grown from a regional threat into a global RaaS operation with 32 confirmed victims and no restrictions…
Critical cPanel Flaws Expose Hosting Servers to Remote Takeover
Administrators must urgently patch newly disclosed cPanel flaws that grant unauthenticated access to sensitive system resources across shared hosting environments.
OpenAI Employee Systems Breached Through TanStack Supply Chain Attack
OpenAI disclosed a supply chain breach affecting two employee devices via the TanStack attack, requiring macOS users to update ChatGPT…
Massive Scan Reveals Deep Security Failures in Self-Hosted AI Infrastructure
A scan of a million self-hosted AI services found widespread misconfiguration, with many systems exposed without any authentication, leaving sensitive…
Malicious Updates to Node IPC Library Steal Developer Cloud Credentials
Three newly published versions of the Node IPC npm package contain a stealthy backdoor that exfiltrates developer credentials across 90 categories to an external server.
Microsoft Exchange Server Vulnerability Allows Remote Code Execution via Email
Microsoft warns customers that attackers are actively exploiting a high-severity cross-site scripting flaw in on-premises Exchange Server via malicious email…
Cisco SD-WAN Auth Bypass Under Active Attack as CISA Sets Remediation Deadline
CISA mandates federal agencies patch a critical Cisco SD WAN authentication bypass by May 17 as threat actors exploit the…
Self Hosted Next.js Apps at Risk as SSRF Flaw Exposes Internal Networks
Attackers can exploit a Server-Side Request Forgery flaw in self-hosted Next.js to bypass firewalls and steal IAM credentials and API…
Spotlight
TencShell Malware Framework Uses Tencent Style Traffic to Evade Detection
The TencShell framework repurposes open source Rshell code and uses Tencent style API traffic to hide its command and control communications from security tools.
Active Exploitation Reported for Microsoft Exchange Server Spoofing Flaw
Microsoft warns that attackers are exploiting a critical cross site scripting flaw in Exchange Server's Outlook Web Access to perform network level spoofing attacks on on premises systems.
Secret Blizzard Upgrades Kazuar Into Modular Espionage Botnet
The malware has evolved from a standard backdoor into a modular ecosystem targeting government and diplomatic organizations across Europe and Central Asia.
FrostyNeighbor Group Uses Windows Scheduled Tasks for Stealthy Persistence
The FrostyNeighbor hacking group targets Ukrainian government organizations with spearphishing emails and server side filtering before abusing Windows Scheduled Tasks to maintain persistent access on compromised systems.
Features
Critical Zero-Day in Cisco SD-WAN Controller Allows Full Admin Takeover
The flaw gives unauthenticated attackers full administrative control over enterprise SD-WAN infrastructure without any valid credentials.
FamousSparrow Campaign Targets Energy Infrastructure via Exchange Flaw
Researchers detail a months-long espionage operation where an APT group exploited an Exchange server flaw to breach an Azerbaijani energy…
Google Ships Patch for 79 Chrome Flaws, Urges Immediate Update
Google's Chrome 148 update patches 79 security flaws, including 14 critical bugs that could allow remote code execution through malicious…
Two New Zero Day Flaws Bypass BitLocker and Elevate Privileges on Windows
Chaotic Eclipse reveals two zero day flaws, one bypassing BitLocker encryption via the Windows Recovery Environment and another elevating privileges…
Attackers Exploit Unpatched PraisonAI API Authentication Gap
Attackers began probing PraisonAI deployments within hours of the advisory, scanning for the exposed /agents and /chat endpoints on internet…
Active Exploitation of PAN-OS Flaw Grants Attackers Root Access
Palo Alto Networks warns of active exploitation of a PAN-OS remote code execution vulnerability by state-sponsored actors, with patches expected…