Latest IntelligencePage 74
Search by keyword →
Mozilla, Mullvad, Proton, sign letter opposing UK age verification
Privacy advocates, browser makers, VPN providers, and digital rights groups have signed a joint statement urging UK policymakers to abandon plans for broader on...
A Vulnerability in Apache HTTP Server Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache HTTP Server with the HTTP/2 protocol that could allow for remote code execution. Apache is a free, open-source web...
Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [...]...
CloudZ RAT Abuses Microsoft Phone Link to Steal SMS OTPs and Mobile Notifications
A newly discovered threat is turning a built-in Microsoft feature into a powerful spying tool. Security researchers have found a remote access tool called Cloud...
New Cisco DoS flaw requires manual reboot to revive devices
Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems...
.webp)
QLNX Targets Developers With Credential Theft Designed for Supply Chain Compromise
A new and previously undocumented Linux threat has emerged, targeting software developers in a way that could put entire supply chains at risk. Named Quasar Lin...
Member of Prolific Russian Ransomware Group Sentenced to 102 Months in Prison
A Latvian national operating out of Moscow was sentenced to 102 months in federal prison for his central role in a sprawling Russian ransomware syndicate. Denis...
Argo CD’s ServerSideDiff Vulnerability Enables Kubernetes Secret Extraction
A critical cybersecurity vulnerability has been uncovered in Argo CD, a widely used declarative GitOps continuous delivery tool for Kubernetes environments. Tra...
Taiwan High Speed Rail Hacked Using Radio Signal Spoofing Attack That Halted Three Trains
On the final night of the Qingming Festival holiday, three Taiwan High Speed Rail trains were forced into emergency stops due to a sophisticated radio signal sp...
New MajorDoMo RCE Vulnerability Exposes Servers to Code Execution Attacks
A newly disclosed flaw exposes internet-facing MajorDoMo servers to unauthenticated remote code execution via a broken authentication flow and unsafe dynamic PH...
New Phishing-to-RMM Attacks: How Analysts Can Detect Trusted-Tool Abuse Early
ANY.RUN researchers uncovered a phishing-to-RMM campaign in which attackers use fake Microsoft, Adobe, and OneDrive pages to deliver legitimate remote managemen...
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free ver...
Hackers Use Microsoft Teams to Steal Credentials and Manipulate MFA
Iranian APT group MuddyWater deployed Chaos ransomware as a “false flag” in a sophisticated hybrid espionage campaign targeting Western organization...
New Fanwei E-cology10 Server Vulnerability Could Let Attackers Hijack Sessions and Steal Credentials
A critical security flaw has been discovered in Fanwei E-cology10, a widely used enterprise collaboration platform built for medium and large organizations. The...
Salesforce Marketing Cloud Vulnerability Opened Door to Email Data Exposure
A significant set of security vulnerabilities in Salesforce Marketing Cloud (SFMC) could have allowed attackers to read and expose private email data belonging ...
Autonomous Offensive Security Firm XBOW Raises $35 Million
The company raised another $35 million as an extension to its previously announced Series C funding round. The post Autonomous Offensive Security Firm XBOW Rais...
GrapheneOS fixes Android VPN leak Google refused to patch
GrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address. The leak happ...
Why ransomware attacks succeed even when backups exist
Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryp...
.webp)
Malicious OpenClaw DeepSeek Skill Exploits Agentic AI Workflows to Deliver RAT and Stealer
A cleverly disguised malware campaign is targeting developers and AI-driven systems by hiding inside what looks like a legitimate plugin for an open-source AI f...
Google Chrome silently installs 4GB Gemini Nano AI model on user devices
Google Chrome has been quietly downloading and installing a 4GB Gemini Nano AI model on user devices without displaying a consent prompt or offering a clear opt...