Metasploit Wrap Up 05/22/2026
Another week, another authentication bypassOur humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and...
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365....
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has released a temporary mitigation for YellowKey, a Windows zero-day that can reportedly bypass BitLocker protections.
The post Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can...
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Key Findings
The Iranian, IRGC affiliated, threat actor Nimbus Manticore resurfaced during Operation Epic Fury, the US military campaign against Iran launched on February 28, 2026,...
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should...
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets - Read more
Apple Blocked $2.2bn in App Store Fraud in the Last Year
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn - Read more
Cloud Atlas activity in the second half of 2025 and early 2026: new tools...
In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and...
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and...
[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities
Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00
Sensor Proxy leverages third-party software to help provide underlying functionality....
Latest article
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published. - Read more
Hackers Use Six-Layer Persistence to Maintain Access on Compromised FreePBX Systems
A hacker group known as INJ3CTOR3 has been running an active campaign against FreePBX systems, deploying a newly discovered PHP webshell called JOMANGY that...
Metasploit Wrap Up 05/22/2026
Another week, another authentication bypassOur humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and...
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365....
