Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure
A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in...
This WhatsApp Link Can Hand Over Your Account in Seconds
A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance.
The post This WhatsApp...
Output from vibe coding tools prone to critical security flaws, study finds
Popular vibe coding platforms consistently generate insecure code in response to common programming prompts, including creating vulnerabilities rated as ‘critical,’...
Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft
RedVDS cyber-crime-as-a-service platform powering phishing, BEC attacks and other fraud has cost victims millions - Read more
Texas judge throws out second lawsuit over CrowdStrike outage
A US judge has dismissed a lawsuit filed by CrowdStrike shareholders over the July 2024 outage that caused widespread disruption around the world. ...
Sicarii Ransomware: Truth vs Myth
Key findings
Sicarii is a newly observed RaaS operation that surfaced in late 2025 and has only published 1 claimed victim. The group explicitly brands itself...
Reducing Cloud Chaos: Rapid7 Partners with ARMO to Deliver Cloud Runtime Security
Rapid7 has partnered with ARMO, a leader in cloud infrastructure and application security based on runtime data, to offer Cloud Runtime Security. The new...
Secure Connectivity Principles for Operational Technology (OT)
CISA and the UK National Cyber Security Centre (NCSC-UK), in collaboration with federal and international partners, have released Secure Connectivity Principles for Operational Technology...
Siemens TeleControl Server Basic
View CSAF
Summary
TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges....
Microsoft DCU uses UK courts to hunt down cyber criminals
Microsoft has taken down the RedDVS cyber crime-as-a-service network after obtaining a UK court order, marking its first civil legal action outside of the...
Latest article
23 ClawHub Plugins Abuse Official Org Scopes to Impersonate Trusted AI Agent Tools
A new supply chain threat has surfaced in the AI agent ecosystem that is both subtle and serious. Researchers uncovered 23 plugins on...
New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available
Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with physical access.
The post New Apple Exploit Exposes Millions...
AI-powered cyber attacks may be just months away, warn Five Eyes
Frontier AI models will pose a greater cyber security risk to government and businesses than previously thought, putting businesses and governments at risk within...
AWS Continuum offers devs help with securing code
AI coding agents are making it easier than ever to produce software. Ensuring that software is secure before deployment is...
