Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data… Read More »First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to… Read More »Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This… Read More »Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and… Read More »Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem,… Read More »Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence… Read More »CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0),… Read More »Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since… Read More »Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess.… Read More »ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on… Read More »Microsoft Warns of Two Actively Exploited Defender Vulnerabilities