Home Blog Page 2

Detection engineering: A programmatic approach to identifying cyber threats

Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology environment without drowning in...

The Platform You Trust Is the Platform They Target

By: Max Gannon, Cofense IntelligenceCofense Intelligence is observing a clear shift in phishing operations: threat actors are moving beyond broad, one-size-fits-all campaigns and adopting platform-aware delivery that adapts to the victim’s device, browser, and environment. What began as simple Windows-focused malware distribution campaigns has evolved into more sophisticated campaigns that can selectively deliver credential phishing, remote access tools, or...

Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool

Executive Summary Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, used to disseminate MarkiRAT malware in support of Iranian government surveillance operations. It is highly likely that TAG-182 is targeting Iranians living inside and outside the country using different lures, including free download tools and fake VPN applications. The group’s operations are highly likely...

Backdoors & Breaches: New scenarios and adaptations

Sharing new scenarios and adaptations to play the Datadog expansion pack of Backdoors & Breaches. - Read more

Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users

A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab proxies. A Reddit user identified as LegitMichel777 on the r/ClaudeAI subreddit posted detailed findings on June 30, 2026, claiming...

SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux

A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, developer, and AI credentials. The post SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux appeared first on TechRepublic. - Read more

CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only. - Read more

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1...

Schneider Electric EasyLogic T150 and Saitel DP RTU

View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected: EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.30 (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR)...

Malicious Chromium extension spoofs Perplexity AI to hijack browser searches

Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its...

Latest article

Apple’s ‘Hide My Email’ Privacy Flaw Exposes Real Email Addresses

Researchers say Apple’s Hide My Email flaw may expose real addresses, despite two fixes. Here’s what users should know about the privacy risk. The post...

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that...

Test Cache

Testing cache response - Read more

Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall

Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and...