Back to Insights
EF

Elena Fischer

Threat Intelligence Analyst

Elena covers active threat campaigns, phishing tradecraft and the social-engineering tactics behind modern intrusions. She focuses on turning raw incident reporting into clear lessons organisations can act on before they become the next headline.

GCTICISM

Articles by Elena

A dramatic low-angle shot of a server room at night, rows of glowing blue and white rack-mounted servers stretching into
Threats

81 Million Authentication Attempts: Azure CLI Password Spray Breaches 78 Cloud Tenants

A two-week campaign fired more than 81 million login attempts at Microsoft's Azure command-line interface from a single IPv6 block, successfully compromising at least 78 accounts — exposing how programmatic cloud access often sits outside standard MFA controls.

A photoreal server room at night, rows of glowing blue rack-mounted servers, one rack conspicuously overheating with amb
Vulnerabilities

CVE-2025-33017: Attackers Are Turning Forgotten Langflow Servers Into Monero Mines

A critical unauthenticated remote-code-execution flaw in Langflow is under active exploitation, with threat actors deploying XMRig cryptocurrency miners on any instance left exposed to the public internet.

A photoreal editorial close-up of a tangled cluster of consumer routers, IP cameras, and small set-top boxes sitting on
Threats

RustDuck Botnet Has Been Building a DDoS Swarm Since February 2026 — and It's Evolving Faster Than It's Growing

QiAnXin's XLab team has identified a Rust-written, two-stage botnet called RustDuck quietly enlisting home routers, IP cameras, Android TV boxes, and exposed Linux servers into a DDoS-for-hire operation. The headline isn't the size of the swarm. It's how fast the code is changing.

A close-up photoreal shot of a server rack in a dimly lit enterprise data center, with a single rack unit emitting a fai
Vulnerabilities

CVE-2026-46817: Unauthenticated Attackers Are Actively Exploiting Oracle E-Business Suite Payments

A CVSS 9.8 flaw in Oracle's Payments module lets remote attackers seize full control of EBS instances — no credentials required — and exploitation is already underway.

A close-up photoreal shot of hands hovering over a laptop keyboard in a dimly lit office, the glow of a browser address
Threats

Fake Perplexity Chrome Extension Sent Every Address Bar Keystroke to an Attacker Server

Microsoft's threat research team caught a malicious Chrome extension impersonating Perplexity AI — one that silently intercepted omnibox input, character by character, before users ever saw a search result.

A photoreal editorial scene of a glowing laptop screen displaying green terminal code in a dimly lit developer workspace
Threats

Hijacked npm Packages Abuse VS Code Tasks to Drop Cross-Platform Python Infostealer

JFrog researchers found attackers who compromised two legitimate npm maintainer accounts and built a Go module cluster to deliver a Python stealer — hiding execution inside VS Code workspace task definitions rather than the lifecycle hooks most tools actually scan.

Photoreal editorial scene: a software developer sitting at a dual-monitor workstation in a dimly lit open-plan office, f
Vulnerabilities

CVE-2026-12957: Amazon Q Developer Flaw Let a Cloned Repo Steal AWS Credentials

A high-severity vulnerability in Amazon's AI coding assistant allowed a hostile repository to hijack ambient AWS credentials the moment a developer clicked 'trust workspace.' Amazon has shipped a patch.

A photorealistic editorial scene showing a close-up of a smartphone lying face-up on a cold metal table in a sparse, dim
Threats

Russia Used Cellebrite Against an Activist, Five Eyes Sounded an AI Alarm, and Scattered Spider Pleaded Guilty — Here Is What Defenders Should Do Next

Four security developments from one week paint a coherent picture: surveillance tools reach beyond their intended users, AI threats are operational not theoretical, Mac endpoints carry real risk, and social-engineering crews face real prison time.

Photoreal editorial scene: a darkened server room bathed in cold blue light, rows of network hardware with blinking ambe
Threats

ASIO: State Hackers Stole IT Staff Credentials at Australian Critical Infrastructure Site

Australia's domestic intelligence chief confirmed a foreign state actor had harvested valid login credentials from privileged IT accounts inside a critical infrastructure operator — and was positioned for sabotage, not passive surveillance.

Photoreal editorial scene: a darkened government server room in Southeast Asia, rows of illuminated rack-mounted servers
Threats

New TinyRCT Backdoor Targets Southeast Asian Energy and Government Networks in Stealthy Chinese-Speaking Campaign

Palo Alto Networks Unit 42 has identified a previously unknown implant — TinyRCT — deployed by an intrusion cluster called CL-STA-1062 against state-owned energy enterprises and government ministries across Southeast Asia.

Photoreal editorial scene: a dimly lit government office at night, a serious professional in civilian clothes staring at
Threats

Russia Ran Fake Messenger Support Scams Against Officials Across Three Continents, SSU and FBI Say

GRU and FSB-linked operators impersonated tech-support staff and trusted contacts to hijack Signal, Telegram, and WhatsApp accounts belonging to soldiers, politicians, and activists in Ukraine, Europe, and the United States.

A photoreal editorial scene of a darkened government operations center in Asia at night, multiple monitors displaying ne
Threats

SharkLoader: A Custom-Built Stager Is Planting Cobalt Strike Beacon on Asian Government Networks

Kaspersky researchers tracking a campaign called StrikeShark have identified a previously undocumented loader family dropping Cobalt Strike Beacon on a diplomatic organization in Indonesia and government targets in Taiwan — a targeting profile that points squarely to state-sponsored espionage.

Photoreal editorial scene: a dimly lit industrial server room inside a large manufacturing facility, rows of humming rac
Vulnerabilities

Web Shells Deployed on PTC Windchill PLM Systems as Attackers Exploit Critical Deserialization Flaw

A CVSS 9.3 vulnerability in PTC Windchill and FlexPLM — software trusted by defense contractors, aerospace primes, and automotive manufacturers — is under active exploitation, with attackers establishing persistent backdoors inside some of the most sensitive engineering environments on earth.

A close-up editorial photograph of a person's hands holding a smartphone displaying a blurred messaging app settings scr
Threats

GRU Phishing Campaign Targets Signal's Backup Recovery Key — And the Key Never Expires

The FBI and CISA have updated their advisory on Russian intelligence operators targeting Signal users, warning that attackers have shifted tactics from linked-device hijacking to stealing the Backup Recovery Key — a credential that grants permanent, silent access to a user's full message history.

A lone executive in a dark suit walks through a modern glass-walled corporate security operations centre at dusk, multip
Threats

Philip Martin Joins Uber as CISO, Bringing Crypto and Defence Credentials to a Chair With History

The former Coinbase security chief takes over at Uber — a company whose breach record, regulatory scrutiny, and expanding data footprint make the hire one of the more consequential CISO appointments in recent memory.

A close-up, photoreal editorial shot of a laptop screen displaying a browser window with a puzzle-piece extension icon g
Threats

Featured Chrome Extension 'Adblock for YouTube' Carries Hidden Remote-Execution Capability — 10 Million Users at Risk

A widely installed ad-blocking extension holds code that can fetch and run arbitrary JavaScript on any page a user visits. No malicious payload has been observed yet. That 'yet' is the problem.

A dimly lit enterprise network operations center at night, rows of physical server racks and blinking network switches i
Vulnerabilities

Cisco Catalyst SD-WAN Zero-Day Exploited for Two Months Before Disclosure

CVE-2026-20245 gave attackers root on enterprise WAN gear while defenders had no patch to apply — and possibly no idea the intrusion was happening.

A photoreal editorial scene inside a dimly lit corporate server room at night, a hooded figure reflected faintly in a ra
Threats

Mistic Backdoor: How an Access Broker Is Selling Footholds to Qilin, Akira, and Black Basta

A threat group called Woodgnat has deployed a custom in-memory backdoor since at least April 2025, quietly auctioning enterprise access to some of the most active ransomware gangs operating today.

A photoreal close-up editorial photograph of a rack-mounted industrial network device with serial ports and ethernet con
Vulnerabilities

CISA Adds Lantronix EDS5000 Code Injection Bug to Known Exploited Vulnerabilities List

CVE-2025-67038 scores a 9.8 CVSS and is already being exploited in the wild. Federal agencies have until June 26, 2026 to patch — a deadline that tells you nothing about how fast attackers are moving right now.

A photoreal close-up of a film strip partially unwinding from a damaged reel on a dark server room floor, with dramatic
Vulnerabilities

PixelSmash: Critical FFmpeg Flaw Puts Media Servers and Cloud Pipelines at Risk

A heap out-of-bounds write in FFmpeg's MagicYUV decoder — CVE-2026-8461 — can crash applications or hand attackers remote code execution via a 50 KB video file.

Photoreal wide-angle editorial shot of a server room at night, rows of rack-mounted firewall and network appliances with
Threats

FortiBleed: How a Credential-Stuffing IAB Probed 430,000 FortiGate Firewalls

A financially motivated initial access broker has been running brute-force and credential-stuffing attacks against internet-exposed FortiGate appliances since February 2026 — and the TTPs are textbook, repeatable, and preventable.

A photorealistic editorial scene: a glowing smartphone screen displaying an anonymous chat message with a file attachmen
Threats

WhatsApp DMs Are Delivering VBScript Droppers That Install Legitimate RMM Tools on Victims' Machines

An active, multi-continent campaign sends malicious Visual Basic Script files over WhatsApp to sideload commercial remote-monitoring software — and most endpoint controls never fire.

A photoreal close-up of a glowing computer screen in a darkened server room showing lines of YAML pipeline code, with a
Vulnerabilities

GitHub Hardens actions/checkout to Kill 'Pwn Request' Attacks Dead

A new default in actions/checkout v7, announced June 18, automatically blocks unreviewed fork code from running inside privileged workflows — closing an exploit path that attackers had used for years to steal secrets and poison packages.

A photorealistic editorial scene of a software engineer in a dimly lit server room staring at a monitor displaying a pip
Threats

ShapedPlugin Pro Plugins Shipped Backdoor Code Through the Vendor's Own Update Channel

Attackers compromised ShapedPlugin's build and distribution pipeline, silently delivering malicious code to paying customers who did everything right.

Photoreal editorial scene: a dimly lit operations center in a Southeast Asian city at night, multiple large monitors dis
Threats

INTERPOL's 2025/2026 Assessment: Phishing, Ransomware, and AI Fraud Are Overwhelming Asia-Pacific Defenses

A new INTERPOL threat report finds cybercrime accelerating across Asia and the South Pacific, with phishing driving initial access, ransomware hitting under-resourced nations hardest, and generative AI removing the last natural barriers to mass fraud.

A photoreal editorial scene of a modern open-plan office at dusk, warm overhead lights, several professionals wearing wi
Vulnerabilities

Four Security Stories You Shouldn't Ignore: Beats Eavesdropping, a GCP Privilege-Escalation Flaw, and a Threat Actor Who Lived Inside a Network for a Decade

Apple quietly patched a Bluetooth vulnerability in Beats firmware, Google Cloud's Config Connector carries an unpatched privilege-escalation bug, and the threat group Velvet Ant spent roughly ten years undetected inside a target network. Here is what defenders need to know — and do — right now.

A photoreal close-up of a physical server rack in a dimly lit data center, with a single open padlock resting on a cable
Vulnerabilities

Gravity SMTP Vulnerability CVE-2026-4020 Is Being Actively Exploited — Patch and Rotate Now

An unauthenticated information-disclosure flaw in the popular WordPress mailer plugin is already under active attack, putting API keys, OAuth tokens, and SMTP credentials at risk on up to 100,000 websites.

A close-up macro photograph of a modern mobile processor chip on a circuit board, with a thin beam of ultraviolet light
Vulnerabilities

usbliter8: Researchers Crack Apple A12 and A13 SecureROM in an Exploit That Cannot Be Patched

A working tethered exploit from Paradigm Shift reaches code burned into the chip at fabrication — and no software update on earth can fix it.

A pair of sleek white wireless earbuds resting on a dark matte surface, soft blue Bluetooth signal waves glowing faintly
Vulnerabilities

Beats Studio Buds Firmware Patch Closes Bluetooth Flaw That Could Turn Earbuds Into a Listening Device

A CVSS 8.8 authorization bug in the Airoha Bluetooth audio SDK let any attacker within radio range pair with Studio Buds without the owner's knowledge — and potentially capture microphone audio.

A photorealistic editorial scene of a dimly lit living room at night, a cheap plastic Android TV streaming box glowing w
Threats

Popa Botnet Tied to NASDAQ-Listed Residential Proxy Firm Alarum Technologies

Researchers from Synthient and Qurium traced four years of Android TV box traffic-relaying back to infrastructure connected to NetNut, the residential proxy service owned by Israel's Alarum Technologies — raising hard questions about where legitimate proxy networks end and silent botnets begin.

A photoreal editorial scene of a server rack in a dimly lit data center, with a single amber warning light casting a glo
Vulnerabilities

F5 Patches Two Critical NGINX Flaws That Allow Unauthenticated Remote Code Execution

A use-after-free in NGINX's HTTP/3 module earns a CVSS v4 score of 9.2 — and any deployment with QUIC enabled should treat the patch as same-day work.

A photorealistic editorial scene of a glowing blue computer server rack in a dark enterprise data center, with a single
Vulnerabilities

CVE-2026-50656: Microsoft's Unpatched 'RoguePlanet' Flaw Puts Every Defender Install at Risk

A privilege-escalation zero-day in the Malware Protection Engine — the scanning core shared by every supported Defender variant — has been confirmed by Microsoft, with no patch yet shipped.

A photoreal close-up of a server rack in a dimly lit data center, one rack unit glowing amber with a warning indicator l
Vulnerabilities

CVSS 10.0: CISA Confirms Active Exploitation of Joomla Content Editor Flaw CVE-2026-48907

Widget Factory's JCE extension contains an unauthenticated arbitrary file-write vulnerability that attackers are already burning in the wild. Federal agencies have three weeks to patch. Everyone else should move faster.

A close-up photoreal editorial shot of a human hand hovering over a mechanical keyboard, fingers poised to press keys, w
Threats

ClickFix Goes Mainstream: Three Loader Families Exploit the Same Social-Engineering Trick

BabaDeda, Lorem Ipsum, and Potemkin loaders all use the same clipboard-paste attack pattern — and education and finance organizations absorbed the bulk of April 2026 hits.

A photoreal editorial close-up of a glass jar sealed with a metal lid sitting on a server rack inside a dimly lit data c
Threats

Pickle in the Middle: Google Vertex AI SDK Flaw Gave Attackers Code Execution Inside Google's Cloud

A bucket-squatting vulnerability in the Google Cloud Vertex AI Python SDK let an unauthenticated attacker intercept ML model uploads and run arbitrary code inside Google's managed serving infrastructure — no project credentials required.

A photorealistic editorial scene of a server rack in a dimly lit data center, shot from a low angle with shallow depth o
Vulnerabilities

CISA Flags LiteSpeed cPanel Plugin Flaw as Actively Exploited — Root Access at Stake

CVE-2026-54420 carries a CVSS score of 8.5 and hands attackers root-level control over shared hosting servers. Federal agencies must patch by June 18, 2026. Everyone else should move faster.

A software developer sits at a dual-monitor workstation in a dimly lit modern office at night, intensely reviewing code
Threats

North Korea's Contagious Interview Crew Targets Developers With Code-Review Phishing Bait

The DPRK-linked threat cluster known as Contagious Interview has added a deceptively simple new lure to its arsenal: a polite request to review some code.

A photorealistic close-up of a terminal screen glowing in a dark room showing lines of shell script code, with faint gre
Threats

400+ AUR Packages Hijacked to Drop Rust Credential Stealer and eBPF Rootkit

Attackers rewrote PKGBUILD scripts across more than 400 Arch User Repository packages, turning the normal build process into a credential-harvesting operation — with a kernel-level rootkit waiting for any build that ran as root.

A photoreal editorial scene shot in a dark server room: rows of black rack-mounted servers glow with faint blue and gree
Threats

Velvet Ant Hid Inside Linux Auth for Nearly a Decade by Backdooring PAM and OpenSSH

A China-nexus threat actor planted rogue authentication modules on victim networks and stayed undetected for close to ten years — by targeting the one layer most incident-response playbooks quietly trust.

A photoreal editorial scene showing a tangled mass of glowing fiber-optic cables being severed by a pair of heavy-duty b
Threats

Outsider Enterprise Dismantled: What the 'AI-Powered' Phishing Takedown Actually Tells Defenders

The FBI, Google, and Lumen's Black Lotus Labs jointly knocked a Chinese phishing-as-a-service operation offline after it registered nearly one million malicious domains. The AI angle is real — but narrower than headlines suggest.

A high-tech conference room with IT professionals discussing cybersecurity vulnerabilities, a digital screen displaying
Vulnerabilities

Critical Vulnerability in Splunk Enterprise Exposes Systems to Remote Code Execution

Splunk addresses a severe flaw in its Enterprise software that could allow unauthenticated users to execute arbitrary code.

Photoreal editorial scene: an empty school district IT server room at night, fluorescent lights flickering, a lone works
Threats

Former Iowa School IT Admin Sentenced to 21 Months for Post-Termination Network Intrusions

No malware, no nation-state tradecraft — just valid credentials that nobody revoked. A disgruntled ex-employee deleted accounts and disrupted classrooms for months before federal charges ended it.

A close-up photoreal editorial photograph of a laptop computer open on a dark desk, the screen displaying a blue Windows
Vulnerabilities

GreatXML: A BitLocker Bypass That Doesn't Quite Work — Yet

A pseudonymous researcher dropped an alleged Windows Recovery Environment exploit days after Patch Tuesday. A respected vulnerability analyst couldn't replicate it. The researcher is already hunting a workaround.

A dimly lit developer workstation at night showing a terminal screen with cascading green text and package build output,
Threats

400+ Arch Linux AUR Packages Backdoored With Rust Credential Stealer and eBPF Rootkit

Attackers hijacked more than 400 community-maintained Arch User Repository packages this week, silently modifying build scripts to drop a Rust-based credential harvester — and, when the build ran as root, an eBPF rootkit capable of hiding itself from every standard Linux detection tool.

A close-up photoreal editorial shot of a laptop sitting open and unattended on a hotel room desk at night, soft lamp lig
Vulnerabilities

GreatXML: How a Researcher Cracked BitLocker in Four Hours Using Windows' Own Recovery Partition

A hobbyist find targeting XML configuration files in the Windows Recovery Environment exposes a fundamental gap in full-disk encryption's trust model — and no Microsoft patch exists yet.

A photoreal editorial scene of a glowing blue server rack inside a dimly lit data center, with cascading green terminal
Vulnerabilities

CVE-2026-5027: Unauthenticated Path Traversal in Langflow Is Being Exploited Right Now

A write-anywhere bug in the popular open-source AI workflow builder carries a CVSS 8.8 score and is already seeing opportunistic mass exploitation — patch immediately or assume compromise.

Photoreal editorial scene: a dimly lit university server room at night, rows of blinking rack-mounted servers casting bl
Threats

ShinyHunters Exploited an Oracle PeopleSoft Zero-Day for Two Weeks Before a Patch Existed

The extortion crew tracked as UNC6240 spent May 27 through June 9 inside university PeopleSoft environments — stealing student records, HR files, and financial data — while Oracle's advisory sat unpublished.

A close-up photoreal editorial scene of a developer's hands at a mechanical keyboard in a dimly lit office, a terminal w
Vulnerabilities

npm 12 Kills Install Scripts by Default — and That Changes the Supply Chain Math

GitHub's decision to disable lifecycle hooks in npm 12 removes the single most-abused primitive in JavaScript supply chain attacks. Here is what defenders, DevOps teams, and security engineers need to know before the cutover.

A photorealistic scene of a cybersecurity analyst examining a computer screen with lines of code, depicting a race condi
Vulnerabilities

RoguePlanet Exploit Unveiled: Microsoft Defender's Latest Vulnerability Challenge

An exploit named RoguePlanet has surfaced, targeting Microsoft Defender with a local privilege escalation vulnerability, raising security concerns.

A photorealistic scene of a busy software development office with engineers working on computers, digital screens showin
Vulnerabilities

AI-Driven Bug Disclosures and Zero-Day Threats Dominate Microsoft's June Patch Tuesday

Microsoft addresses a record number of vulnerabilities amid AI-assisted bug discoveries and a high-profile researcher threatening further zero-day releases.

A close-up photoreal shot of a server rack in a dimly lit enterprise data center, with one server panel illuminated by a
Vulnerabilities

Microsoft's KB5094127 Patches Windows 10 ESU Fleets — and Starts the Secure Boot Certificate Clock

The June 2026 cumulative update for Windows 10 22H2 Extended Security Updates enrollees bundles this month's vulnerability fixes and adds diagnostic hooks for a looming Secure Boot certificate transition that could leave unpatched systems open to bootkit attacks.

A photoreal editorial scene of a glowing smartphone screen displaying a chat interface with a suspicious unread message
Threats

Meta Accuses NSO Group of Violating WhatsApp Injunction With Fresh Spear-Phishing Campaign

A federal jury awarded Meta roughly $168 million in May after NSO's Pegasus spyware abused a WhatsApp voice-call flaw in 2019. Now Meta says NSO's operators are back — this time with social-engineering lures — and is asking a judge to hold the vendor in contempt.

A dramatic wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors display
Vulnerabilities

Cisco SD-WAN Manager Hit by Active Command-Injection Exploit — No Patch Available Yet

CVE-2026-20245 lets an authenticated attacker escalate to root through the CLI. Mandiant reported the bug after spotting real intrusions, and Cisco has confirmed unauthorized configuration changes in the wild.

A photoreal close-up of glowing green terminal text scrolling across a dark monitor screen in a dimly lit server room, c
Vulnerabilities

CVE-2026-23111: Public Exploit Turns Unpatched Linux Kernels Into Root Shells

A weaponized proof-of-concept for a use-after-free in nf_tables dropped on June 8, 2026 — four months after the upstream fix — and it works reliably against hardened kernels with KASLR and SMAP enabled.

A photoreal close-up of tangled fiber optic cables glowing blue and amber in a dark server room, with one cable visibly
Threats

Miasma Worm Burrows Into Microsoft's GitHub Presence, Tainting 73 Repositories Across Four Organizations

A self-replicating campaign is chaining stolen developer tokens into an ever-widening blast radius — and Microsoft's own GitHub organizations were not immune.

A photoreal close-up of a computer circuit board bathed in cool blue light, with streams of green binary code cascading
Vulnerabilities

AI Agent Finds 21 Zero-Days in FFmpeg the Same Week Chrome Ships a Record 429 Security Fixes

An autonomous AI fuzzer exposed 21 previously unknown vulnerabilities in the media library embedded in nearly every video-capable product on earth. Days later, Google released Chrome 149 with 429 patches — the largest single browser security update on record. Neither story is routine.

A photoreal editorial scene inside a quiet law firm office at dusk: a professional in business attire sits at a desk spe
Threats

Silent Ransom Group Calls Law Firms Directly — Then Drains Files Within Hours

A financially motivated extortion crew is impersonating IT staff over the phone, tricking employees into handing over remote access, and exfiltrating privileged client files before most firms even open a help ticket.

A photoreal editorial scene showing a server rack in a dimly lit enterprise data center, one server unit with a blinking
Vulnerabilities

CISA Adds SolarWinds Serv-U DoS Flaw to Known Exploited Vulnerabilities List

CVE-2026-28318 crashes the Serv-U file transfer service in the wild. Federal agencies have roughly three weeks to patch. Everyone else should treat that deadline as their own.

A photorealistic wide-angle shot of a dimly lit modern living room at night, a large smart television glowing with a str
Threats

Your Smart TV May Be Relaying Scraping Traffic Right Now — And You Probably Agreed to It

A reverse-engineering of Bright Data's iOS SDK reveals how consumer apps — including always-on televisions — quietly enlist household devices as exit nodes in a massive residential proxy network increasingly serving AI data demands.

A photoreal close-up of a developer's hands on a mechanical keyboard in a dimly lit office, a large monitor showing a br
Vulnerabilities

One-Click github.dev Flaw Let Attackers Steal GitHub OAuth Tokens

A single crafted link was enough to drain a developer's GitHub OAuth token from the browser-based VS Code editor — granting read/write access to private repositories with no second click required.

A photoreal wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors displa
Vulnerabilities

Cisco Catalyst SD-WAN Manager Flaw CVE-2026-20245 Exploited in the Wild — No Patch Available

A high-severity authorization vulnerability in Cisco's SD-WAN control plane is under active attack across on-premises, cloud, and FedRAMP deployments. Cisco has confirmed exploitation and has not yet released a fix.

Photoreal editorial scene: a close-up of a developer's hands at a mechanical keyboard in a dimly lit office, a terminal
Vulnerabilities

RubyGems Adds Bundler Cooldown to Block Supply Chain Attacks Before They Land

A new --cooldown flag for Bundler delays installation of freshly published gems, buying defenders the time attackers have long exploited.

Photorealistic close-up of a developer's hands typing on a mechanical keyboard in a dimly lit office at night, multiple
Threats

Two npm Supply-Chain Campaigns Run Simultaneously: A Rust-Based eBPF Stealer and a Self-Spreading Worm

JFrog researchers caught two parallel attacks inside the npm registry — one hiding inside the Linux kernel, the other replicating across 50-plus packages by hijacking maintainer credentials.

Photoreal editorial scene: a dimly lit server room with rows of illuminated rack-mounted servers casting blue and white
Threats

PCPJack Hijacks 230 Cloud Servers Across AWS, Azure, and Google Cloud to Build a Stealth SMTP Relay Grid

A threat actor quietly converted compromised business workloads on three major cloud platforms into a verified mail-relay network, refreshing its inventory every five minutes and burning victims' IP reputations in the process.

A photoreal editorial scene of a large open-plan corporate office in a European city at dusk, rows of monitors glowing w
Threats

TA4922 Expands Phishing Operations Into Europe and South Africa With ValleyRAT and Atlas RAT

A China-linked threat crew is cycling through commodity and custom malware at an unusually fast clip — and it has started targeting organizations far outside its traditional Asia-Pacific base.

A photoreal aerial view of a generic Southeast Asian city at dusk, digital network node lines faintly overlaid on the ci
Threats

DOJ 'Disruption Week' Targets Southeast Asia Pig-Butchering Networks — But the Real Story Is What Platforms Already Knew

A May 18 coordinated takedown froze $3.8 million in crypto and pulled millions of social-media and email accounts linked to Southeast Asian fraud compounds. The dollar figure is almost beside the point.

A photoreal close-up of a developer's hands on a laptop keyboard in a dimly lit office, the screen casting a blue glow s
Vulnerabilities

GitHub's Browser Editor Handed Attackers an Unscoped OAuth Token — and a Path to Every Private Repo You Own

A malicious Jupyter notebook, a bypassed publisher trust check, and a single browser tab were all an attacker needed to steal an OAuth token granting access to every repository tied to a GitHub account.

A photoreal editorial scene showing a glowing server rack inside a dark data center, with a single open circuit board in
Vulnerabilities

CVE-2026-23479: Redis Sat Vulnerable for Two Years Before an AI Found the Bug

A use-after-free flaw in Redis's blocking-client code went undetected from version 7.2.0 until patches landed on May 5, 2025 — and it took an autonomous AI auditing tool, not a human researcher, to surface it.

A photoreal editorial scene of a teenage boy sitting at a dimly lit gaming desk, staring at a monitor showing a Minecraf
Threats

Weedhack MaaS Campaign Has Compromised Over 3,800 Devices by Hijacking Minecraft's Modding Culture

A malware-as-a-service operation active since January 2026 is using YouTube tutorials and fake Minecraft clients to silently hand attackers full remote control of victims' machines — and the infection count keeps climbing.

A photoreal editorial scene of a server room bathed in low blue light, with a single rack of servers visibly older and d
Vulnerabilities

CISA Flags Two-Year-Old Oracle WebLogic Flaw as Actively Exploited — Federal Deadline Is Four Days

CVE-2024-21182 earned a CVSS 7.3 score and a July 2024 Oracle patch. Neither was enough to stop threat actors from finding the organizations that never bothered.

A close-up, photoreal editorial photograph of a glowing computer monitor displaying a WordPress admin dashboard with an
Vulnerabilities

CVE-2026-8732: Attackers Are Creating Rogue Admin Accounts on WordPress Sites Right Now

A critical unauthenticated privilege-escalation flaw in the WP Maps Pro plugin lets anyone register a full administrator account — no login, no phishing, no waiting. Active exploitation is already underway.

Photoreal editorial scene: a developer's dimly lit workstation at night, multiple monitors showing terminal windows with
Vulnerabilities

Miasma Supply Chain Attack Plants Credential-Stealing Worm Inside Red Hat npm Packages

A sophisticated campaign named Miasma has weaponized npm packages tied to the Red Hat ecosystem, silently harvesting developer credentials and burrowing into CI/CD pipelines the moment a compromised package lands on disk.

Password Security

Building a Strong Password Policy

Compromised credentials are implicated in the majority of hacking-related breaches. Discover best practices for creating and managing strong passwords, implementing MFA, and using password managers across your organisation.

24h
Incident Response

Incident Response: The Critical First 24 Hours

When a security incident occurs, every minute counts. This guide walks through the critical first 24 hours of incident response, from detection to containment and communication.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress