Latest IntelligencePage 36
Search by keyword →
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
A new supply chain attack campaign is quietly targeting developers through a method most would never think to look for. Hidden inside software packages on GitHu...
Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials and Drain Crypto Wallets
A solo Russian-speaking threat actor leveraged a jailbroken instance of Google Gemini to run a five-year MAGA-themed influence operation, crack WordPress admini...
Hackers Abuse Shared CDN Infrastructure to Bypass Domain Reputation Security Controls
Hackers are actively abusing a flaw in shared Content Delivery Network (CDN) infrastructure to hide malicious traffic behind trusted, high-reputation domains, e...
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks...
Drupal warns of active exploitation attempts targeting critical SQL injection flaw
Drupal is warning administrators that attackers are already attempting to exploit a newly disclosed SQL injection vulnerability affecting the open-source conten...
KnowledgeDeliver LMS Zero-Day Exploited to Deploy BLUEBEAM Web Shell
A newly disclosed zero-day vulnerability in the KnowledgeDeliver Learning Management System (LMS) has been actively exploited in the wild to deploy the BLUEBEAM...
Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer
A well-known Iranian threat group has found a new way to push malware onto people’s machines. Instead of sending phishing emails, the group built a fake w...
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from ...
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability E...
Kazuar Malware Evolves Into Modular Espionage Ecosystem for Secret Blizzard Operations
A Russian state-sponsored threat group has quietly upgraded one of its most powerful cyber weapons, and the result is a spying tool that is harder to detect, ha...
Texas sues Meta and WhatsApp for allegedly lying about encrypted message privacy
Texas Attorney General Ken Paxton has filed a lawsuit against Meta and its messaging platform WhatsApp, accusing the companies of misleading consumers about the...
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentic...
Oncology Institute Discloses Data Breach
The affected third-party vendor has not been named, but one possible candidate is TriZetto. The post Oncology Institute Discloses Data Breach appeared first on ...
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. ...
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that include...
266,000 Affected by Data Breach at Radiology Associates of Richmond
Threat actors stole files containing names and protected health information from the healthcare organization’s systems. The post 266,000 Affected by Data Breach...
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
Many findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase. The post Anthropic: Mythos Detected...
Hackers Actives Scanning SonicWall Firewall Interfaces – 597,000 Sessions Observed
A sharp rise in internet-wide scanning activity targeting SonicWall firewall management interfaces has been detected, raising concerns about a potential pre-dis...
Laravel-Lang Packages Poisoned for Malware Delivery
Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Deliv...
Italian Authorities Dismantled CINEMAGOAL App that Enables Access to Various Streaming Platforms
Italian law enforcement has dismantled a large-scale audiovisual piracy network centered around a sophisticated application called CINEMAGOAL, which enable...