React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
Executive Summary
In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we’ve...
Contemporary Controls BASC 20T
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete,...
Anthropic Claude Code Action Runner Arbitrary Code Execution via Malicious MCP Server Configuration
Anthropic Claude Code Action Runner Arbitrary Code Execution via Malicious MCP Server Configuration The claude-code-action GitHub Action checks out the PR head branch when...
The long road to your crypto: ClipBanker and its marathon infection chain
At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks...
From Tax Refund to Total Compromise: IRS-Themed Phishing Email Drives Full-Stack Financial Fraud
Author: Intelligence Team, Kahng AnCofense PDC (Phishing Defense Center) and Cofense Intelligence have found an Internal Revenue Service (IRS)-spoofing email that purports to give...
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562
A look at how Kubernetes CVE-2020-8562 allows attackers to bypass API server proxy protections using DNS rebinding - Read more
Third-Party Risk Is an Intelligence Operation. It’s Time We Treated It Like One.
For years, the cybersecurity industry has treated third-party risk management as a compliance exercise. Assess your vendors. Assign a score. File the report....
A framework for securely collecting forensic artifacts into S3 buckets
When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and...
Arelion employs NETSCOUT Arbor DDoS protection products
Arelion operates the world’s best-connected IP fiber backbone, providing high-capacity transit services to a variety of the globe’s leading ISPs...
Latest article
GreatXML zero-day BitLocker bypass doesn’t seem to work, yet
A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit...
New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact.
The post New Windows Zero-Day Claims BitLocker...
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as...
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
Domain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and others - Read...
