Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.… Read More »Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Monday again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic… Read More »⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re… Read More »The Hardest Fork
Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every… Read More »AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and… Read More »VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January… Read More »UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in… Read More »VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is… Read More »New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence… Read More »CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping… Read More »Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI