News

Ukraine’s State Railways Recover From Multilayer Cyberattack: Technical Analysis

APT-News

Ukraine’s State Railways Recover From Multilayer Cyberattack: Technical Analysis

Ukrzaliznytsia, Ukraine’s state-owned railway operator, has restored online ticket sales after a sophisticated cyberattack disrupted its systems...

Pro-Russian Hacktivists Target Belgian Government Websites in Retaliatory DDoS Campaign

APT-News

Pro-Russian Hacktivists Target Belgian Government Websites in Retaliatory DDoS Campaign

Belgian government portals, including the citizen services platform MyGov.be and the Walloon Parliament website, experienced service disruptions...

Meta Warns of Actively Exploited FreeType Vulnerability (CVE-2025-27363) with High-Severity RCE Risk

CVE News

Meta Warns of Actively Exploited FreeType Vulnerability (CVE-2025-27363) with High-Severity RCE Risk

Meta has issued a warning about an actively exploited vulnerability in the FreeType font rendering library, tracked...

Real-World Adversarial Misuse of Generative AI in Cyber Operations

Threat Intelligence

Real-World Adversarial Misuse of Generative AI in Cyber Operations

Generative AI tools like Google’s Gemini are increasingly being weaponized by state-sponsored threat actors, according to recent...

NHS Vendor Advanced Fined £3M for Security Failures Leading to 2022 Ransomware Attack

Cyber Laws & Regulations

NHS Vendor Advanced Fined £3M for Security Failures Leading to 2022 Ransomware Attack

The UK Information Commissioner’s Office (ICO) has confirmed that NHS software supplier Advanced will pay £3.07 million...

Fake DeepSeek Google Ads Deliver Malware: Technical Analysis & Mitigation

Malware Analysis

Fake DeepSeek Google Ads Deliver Malware: Technical Analysis & Mitigation

Cybercriminals are exploiting DeepSeek’s growing popularity by distributing malware through fake sponsored Google ads, according to a...

Grandoreiro Banking Trojan Resurfaces in Phishing Campaigns Targeting Latin America and Europe

APT-News

Grandoreiro Banking Trojan Resurfaces in Phishing Campaigns Targeting Latin America and Europe

The Grandoreiro banking trojan has reemerged in new phishing campaigns targeting users in Latin America and Europe,...

Critical SQL Injection Vulnerability in SEMCMS (CVE-2025-25686): Analysis and Mitigation

CVE News

Critical SQL Injection Vulnerability in SEMCMS (CVE-2025-25686): Analysis and Mitigation

A critical SQL injection vulnerability (CVE-2025-25686) has been identified in SEMCMS versions 5.0 and earlier, posing significant...

Critical RCE Vulnerability in TOTOLINK A800R Routers (CVE-2025-28138)

CVE News

Critical RCE Vulnerability in TOTOLINK A800R Routers (CVE-2025-28138)

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-28138, has been identified in TOTOLINK A800R routers...

HTCondor Authorization Bypass Vulnerability (CVE-2025-30093): Technical Analysis and Mitigation

CVE News

HTCondor Authorization Bypass Vulnerability (CVE-2025-30093): Technical Analysis and Mitigation

A critical authorization bypass vulnerability in HTCondor, tracked as CVE-2025-30093, has been disclosed, affecting multiple versions of...

Oracle Health Data Breach: Legacy Server Compromise Exposes Patient Records

Data Breach

Oracle Health Data Breach: Legacy Server Compromise Exposes Patient Records

A recent breach at Oracle Health has exposed sensitive patient data across multiple US hospitals, raising concerns...

OpenAI Raises Bug Bounty Rewards to $100,000 for Critical Vulnerabilities

Bug Bounties & Responsible Disclosure

OpenAI Raises Bug Bounty Rewards to $100,000 for Critical Vulnerabilities

OpenAI has significantly increased its maximum bug bounty payout from $20,000 to $100,000 for critical security vulnerabilities...

Sam’s Club Faces Potential Clop Ransomware Attack: Investigation Underway

Threat Intelligence

Sam’s Club Faces Potential Clop Ransomware Attack: Investigation Underway

Sam’s Club, the Walmart-owned retail warehouse chain, is currently investigating claims of a data breach linked to...

Analysis of the 13M Indian Bank User Data Breach and Related Cyber Threats

Data Breach

Analysis of the 13M Indian Bank User Data Breach and Related Cyber Threats

A recent alleged data breach has reportedly exposed the personal information of over 13 million Indian bank...

Europcar Data Breach Controversy: AI-Fabricated or Legitimate Threat?

Data Breach

Europcar Data Breach Controversy: AI-Fabricated or Legitimate Threat?

A recent claim of a 37GB Europcar data breach on the dark web has sparked debate among...

Phishing-as-a-Service Platform Morphing Meerkat Exploits DNS MX Records to Spoof 100+ Brands

Threat Intelligence

Phishing-as-a-Service Platform Morphing Meerkat Exploits DNS MX Records to Spoof 100+ Brands

A newly uncovered phishing-as-a-service (PhaaS) platform, named “Morphing Meerkat,” has been leveraging DNS mail exchange (MX) records...

Apache NotFound PluginPass Path Traversal Vulnerability (CVE-2024-54291): Analysis and Mitigation

CVE News

Apache NotFound PluginPass Path Traversal Vulnerability (CVE-2024-54291): Analysis and Mitigation

A newly disclosed path traversal vulnerability (CVE-2024-54291) in Apache’s NotFound PluginPass has been rated with a high...

Morphing Meerkat PhaaS Operation Leverages DNS-over-HTTPS for Evasion

Threat Intelligence

Morphing Meerkat PhaaS Operation Leverages DNS-over-HTTPS for Evasion

A newly identified phishing-as-a-service (PhaaS) operation, dubbed Morphing Meerkat by researchers, has adopted DNS-over-HTTPS (DoH) to bypass...

DeBackdoor: Detecting and Mitigating Backdoor Attacks in Deep Learning Models

Blue-Team
News
Security Tools & Research

DeBackdoor: Detecting and Mitigating Backdoor Attacks in Deep Learning Models

Deep learning models power critical systems like autonomous vehicles and medical diagnostics, but their reliance on complex...

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Malware Analysis

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Elastic Security Labs has uncovered a sophisticated malware campaign targeting Iraq’s telecommunications sector, utilizing a new malware...

Red-Team News

Ukraine’s State Railways Recover From Multilayer Cyberattack: Technical Analysis

Pro-Russian Hacktivists Target Belgian Government Websites in Retaliatory DDoS Campaign

Meta Warns of Actively Exploited FreeType Vulnerability (CVE-2025-27363) with High-Severity RCE Risk

Real-World Adversarial Misuse of Generative AI in Cyber Operations

NHS Vendor Advanced Fined £3M for Security Failures Leading to 2022 Ransomware Attack

Fake DeepSeek Google Ads Deliver Malware: Technical Analysis & Mitigation

Grandoreiro Banking Trojan Resurfaces in Phishing Campaigns Targeting Latin America and Europe

Critical SQL Injection Vulnerability in SEMCMS (CVE-2025-25686): Analysis and Mitigation

Critical RCE Vulnerability in TOTOLINK A800R Routers (CVE-2025-28138)

HTCondor Authorization Bypass Vulnerability (CVE-2025-30093): Technical Analysis and Mitigation

Oracle Health Data Breach: Legacy Server Compromise Exposes Patient Records

OpenAI Raises Bug Bounty Rewards to $100,000 for Critical Vulnerabilities

Sam’s Club Faces Potential Clop Ransomware Attack: Investigation Underway

Analysis of the 13M Indian Bank User Data Breach and Related Cyber Threats

Europcar Data Breach Controversy: AI-Fabricated or Legitimate Threat?

Phishing-as-a-Service Platform Morphing Meerkat Exploits DNS MX Records to Spoof 100+ Brands

Apache NotFound PluginPass Path Traversal Vulnerability (CVE-2024-54291): Analysis and Mitigation

DeBackdoor: Detecting and Mitigating Backdoor Attacks in Deep Learning Models

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

You may have missed

Trump’s TikTok Decision: National Security, Ownership, and April 5 Deadline

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks