Your blog category
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is… Read More »Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of… Read More »Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads. According to… Read More »Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since… Read More »From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.… Read More »175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how… Read More »The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1),… Read More »From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG)… Read More »CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known… Read More »From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google… Read More »New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps