10 of 203 total reports
Synack breaks down agentic AI in pentesting, contrasting it with standard LLMs. What's interesting: agents can autonomously chain tools (nmap→hashcat→curl), learn from results, and adapt—going beyond just answering quest…
Category: Research & Analysis / AI Security
Akira ransomware listed Apache OpenOffice on their leak site claiming 23GB of stolen data including employee PII (addresses, DOB, driver's licenses, SSN, credit cards), financial records, and internal bug reports. What's…
Category: Threat Alerts / Malware & Ransomware / Malware & Ransomware
Educational breakdown of modern phishing tradecraft evolution. What's changed: attackers now use AI to generate fluent, localized content removing the 'bad grammar' tell. Common vectors include urgency/fear subject lines…
Category: Research & Analysis / Social Engineering
International Association for Cryptologic Research issued a call for proposals for the next generation of cryptographic hash algorithms. This follows the pattern of previous competitions like SHA-3 selection. What this s…
Category: Research & Analysis / Cryptography
Canadian Cyber Centre and RCMP report multiple incidents where hacktivists targeted internet-exposed ICS devices. What's brutal: attackers tampered with water facility pressure values causing service degradation, manipul…
Category: Threat Alerts / Critical Infrastructure / ICS/SCADA
King Addons for Elementor plugin (10,000+ sites) has two critical unauthenticated vulnerabilities enabling full site takeover. CVE-2025-6327: arbitrary file upload via exposed AJAX handler—attackers can upload web shells…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Debian released patches for Squid proxy covering CVE-2025-62168: missing redaction of authentication data leading to information disclosure. Leonardo Giovanni discovered the flaw. Squid is a widely deployed caching proxy…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Socket discovered 10 malicious npm packages delivering infostealer malware across Windows, Linux, and macOS. What's sophisticated: 4 layers of obfuscation hide payloads, fake CAPTCHA appears legitimate, and attackers fin…
Category: Threat Alerts / Supply Chain / Supply Chain
Koi Security discovered PhantomRaven campaign compromising 86,000+ npm downloads via Remote Dynamic Dependencies (RDD)—an obscure npm feature allowing HTTP URLs as package dependencies. What's clever: malicious code live…
Category: Threat Alerts / Supply Chain / Supply Chain
Google published research showing Android's AI-driven scam protections outperform iOS. What's interesting: YouGov survey of 5,000 users found Android users 58% more likely to report zero scam texts vs iOS (96% advantage …
Category: Research & Analysis / Mobile Security