Metasploit Wrap Up 05/22/2026
Another week, another authentication bypassOur humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and...
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365....
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has released a temporary mitigation for YellowKey, a Windows zero-day that can reportedly bypass BitLocker protections.
The post Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can...
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Key Findings
The Iranian, IRGC affiliated, threat actor Nimbus Manticore resurfaced during Operation Epic Fury, the US military campaign against Iran launched on February 28, 2026,...
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should...
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets - Read more
Apple Blocked $2.2bn in App Store Fraud in the Last Year
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn - Read more
Cloud Atlas activity in the second half of 2025 and early 2026: new tools...
In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and...
Real-Time Webhook Notifications: No More Lost Security Alerts
Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a...
Latest article
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed....
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified...
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security...
3 Principles to Safely Scale Agentic AI
- Read more
