A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking...

The Australian Cyber Security Centre (ACSC) has published a new guide, Quantum Technology Primer: Overview, aimed at helping organizations understand the field of quantum technologies for...

For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized...

Lexi DiScola shares how her unconventional path led her to global cyber threat analysis and highlights the power of diverse backgrounds on an international team

The weak RC4 for administrative authentication has been a hacker holy grail for decades.

Regulator proposes strict limits on screen-based testing, cites infrastructure concerns and lack of evidence for benefits Most students taking school and college GCSE, A-level, and AS-level exams...

Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous,...

[11/20/2025] – Fieldtex Products, Inc. (“Fieldtex”) has become aware of a data security incident that may have impacted certain protected health information. Fieldtex is a medical supply...

Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.

A $0 card test signaled a Chinese state-linked cyberattack on Anthropic’s AI platform. Learn how card-testing fraud intelligence spots nation-state ops early.

On December 17, 2025 Cisco announced that they had detected a campaign exploiting a zero day in their email security devices. The vulnerability affects the physical and virtual versions of Cisco...

Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like BeaverTail.

China is consolidating cyber power through zero-days. Explore how state control of vulnerabilities enables long-term strategic advantage.

Offensive cyber operations are spreading beyond the Big Four. Discover how regional conflicts are driving new state-linked cyber threats.

Misconfigured servers are in, 0-days out Chinese espionage crew Ink Dragon has expanded its snooping activities into European government networks, using compromised servers to create illicit relay...

In both EVM and Solana programs, a common security issue is not validating external calls properly. This can led to DOS issues, reentrancy or loss of funds bugs. This article has a list of 7...

Ethereum storage is very simple: a 32-byte slot with 32-byte values. Mapping these slots back to meaningful variable names and use cases is difficult to do though. This post is about going from...

While reviewing the application, the author of the post found a self-XSS vulnerability. Normally, this doesn't have any impact on other users but they wanted to create it. Thus starts the chain!...

An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The...

An employee of the adult site could be responsible. Analytics vendor Mixpanel says it is not the source of data stolen from Pornhub and says the info was last accessed by an employee of the adult site.…

HttpWebClientProtocol has several variants of it - the main focus in this post is SoapHttpClientProtocol. Since this has HTTP in it, it's completely understandable that it would only support HTTP....

Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet...

XSS is cool and all but there's more to it. This wiki goes into other frontend security issues like CSRF, prototype pollution, CSS injection and many other things. Just a good reference overall.

More than 8 million people have installed extensions that eavesdrop on chatbot interactions Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been...

The author of this post created a long-tail MEV strategy around the hourly Bean emissions on the Beanstalk protocol. By coordinating with several other MEV's, they were able to collectively earn...

AI tools are being integrated deeper and deeper into our workflow. As this happens, this opens up the attack surface to trick the bot into doing malicious things with attacker controlled input....

WASHINGTON – House Homeland Security Chairman Andrew Garbarino (R-N.Y.) said that he wants to see proactive offensive cyber capabilities take a prime role in the White House’s forthcoming national...

Gemini's Markdown renderer fails to sanitize HTML-like content within code blocks when there are premature code fence terminations (```). An example payload: ``` test ``` ``` ```` ... The payload...

All I want for Christmas … is all of your data A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals'...