ReliaQuest warns that the cybercriminal collective βScattered Lapsus$ Huntersβ appears to be using social engineering attacks to target organizationsβ Zendesk instances.
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.
In the second installment of the βAdvent of Configuration Extractionβ series, security researchers have unwrapped QuasarRAT, a widely-deployed .NET remote access trojan (RAT), revealing sophisticated techniques for extracting its encrypted configuration from both clean and obfuscated binary samples. The analysis demonstrates a reproducible methodology using Jupyter Notebook, pythonnet, and dnSpy, providing cybersecurity professionals with practical [β¦]
NVIDIA and Lakera AI have introduced a groundbreaking unified security and safety framework designed to address the emerging challenges posed by autonomous AI agents in enterprise environments. This collaborative effort represents a significant step forward in making agentic systems AI systems capable of independent planning, tool use, and multi-step task execution safer and more secure [β¦]
Indiaβs government is considering a controversial proposal that could require smartphone manufacturers to enable satellite location tracking on all devices permanently. The plan has sparked significant backlash from major tech companies, including Apple, Google, and Samsung, who argue the measure poses serious privacy and security risks. The proposal originates in Indiaβs telecom industry, specifically the [β¦]
Adex, the anti-fraud and traffic-quality platform operating under AdTech Holding, has successfully identified and neutralized a sophisticated, multi-year malware operation linked to the infamous Triada Trojan. This campaign, which has persistently targeted the mobile advertising ecosystem, underscores the evolving dangers of supply-chain attacks in the digital ad space. According to industry data released alongside the [β¦]
Global cybercrime is accelerating toward a projected cost of 15.63 trillion dollars by 2029, up from an estimated 10.5 trillion dollars today, as criminals exploit new technologies faster than businesses can defend against them. Yet 59% of organisations say they suffered at least one successful cyber attack in the past 12 months, and one in [β¦]
A critical security vulnerability has been discovered affecting billions of WhatsApp and Signal users worldwide. Researchers found that hackers can exploit delivery receipts to secretly monitor user activity, track daily routines, and drain battery life, all without leaving any visible trace.β The attack, calledΒ βCareless Whisper,βΒ uses the delivery receipt feature that confirms when messages reach their [β¦]
A new platform known as the βkittenβ project has emerged as a coordination hub for hacktivist campaigns targeting Israel, operating at the intersection of cyber activism and state-aligned influence. While the operators publicly deny direct ties to Iran, technical evidence and infrastructure traces indicate a close relationship with an Iranian cybersecurity ecosystem and pro-Iranian hacktivist [β¦]
Itβs been a week of chaos in code and calm in headlines. A bug that broke the internetβs favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks β all within days. If you blink, youβll miss how fast the threat map is changing.
New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.Β
Why holiday peaks
Hello, aspiring Cyber Forensic Investigators. In our previous blogpost, you learnt in detail about Computer Forensics. In this article, you will learn about dd forensic tool, and evidence acquisition tool which made a guest entry in the above-mentioned blogpost. Despite the rapid evolution of digital forensics tools, one command-line utility has remained a trusted backbone [β¦]
A new security analysis has unveiled βLOLPROX,β a comprehensive catalog of βLiving Off The Landβ (LOL) techniques specifically targeting Proxmox Virtual Environment (VE). The research, detailed by security researcher Andy Gill (ZephrSec), highlights how threat actors can weaponize the popular open-source hypervisorβs native tools to execute stealthy, deep-persistence attacks that bypass traditional network monitoring and [β¦]
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Metaβs React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifierΒ CVE-2025-55182, the security flaw dubbed βReact2Shellβ by the security community is currently being exploited in the wild, prompting urgent calls for remediation. React2Shell is a Remote Code Execution [β¦]
Hundreds of Porsche owners across Russia are facing a significant problem as their luxury cars have suddenly stopped working. The issue stems from a failure in the factory-installed security and tracking systems, which have completely shut down the vehicles. According to reports from the Rolf dealership network, the largest Porsche service provider in Russia, the [β¦]
Next.js developers have a new weapon in the fight against the critical βReact2Shellβ vulnerability. This new scanner offers a simple, one-line solution for development teams to identify vulnerable versions of Next.js and React Server Components (RSC) and apply the necessary security updates instantly. Vercel Labs has released a dedicated command-line tool,Β fix-react2shell-next, designed to automatically detect [β¦]
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising [β¦]
Login
GBHackers
