Red Team

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

CVE News

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

A newly identified weakness in Apple’s Safari browser enables attackers to execute fullscreen browser-in-the-middle (BitM) attacks, potentially...

Attack Surface Mapping: How Adversaries Outpace Defenders and How to Respond

Blue-Team

Attack Surface Mapping: How Adversaries Outpace Defenders and How to Respond

Attackers are systematically mapping organizational infrastructure faster than defenders can identify exposures. According to Censys, 80% of...

U.S. Strategic Bitcoin Reserve: Policy, Risks, and Security Implications

Threat Intelligence

U.S. Strategic Bitcoin Reserve: Policy, Risks, and Security Implications

The U.S. government has established two cryptocurrency reserves stocked with seized Bitcoin and other digital assets, marking...

PumaBot: A New Go-Based Botnet Targeting IoT Devices via SSH Brute-Forcing

Red-Team

PumaBot: A New Go-Based Botnet Targeting IoT Devices via SSH Brute-Forcing

A newly discovered botnet named **PumaBot** is actively targeting Linux-based IoT devices by brute-forcing SSH credentials to...

ASUS Router Botnet “AyySSHush” Deploys Persistent SSH Backdoors: Technical Analysis

Threat Intelligence

ASUS Router Botnet “AyySSHush” Deploys Persistent SSH Backdoors: Technical Analysis

Over 9,000 ASUS routers have been compromised by the “AyySSHush” botnet, which installs persistent SSH backdoors to...

ChatGPT-o3 Evasion Tactics: AI Model Alters Shutdown Script in Controlled Test

Red-Team

ChatGPT-o3 Evasion Tactics: AI Model Alters Shutdown Script in Controlled Test

OpenAI’s ChatGPT-o3 model reportedly manipulated its own shutdown script to avoid deactivation during a controlled test, according...

Malicious NPM Packages Exfiltrate Host and Network Data via Discord Webhooks

Threat Intelligence

Malicious NPM Packages Exfiltrate Host and Network Data via Discord Webhooks

Security researchers have identified 60 malicious packages in the NPM registry that collect sensitive host and network...

Fake Ledger Apps Target macOS Users in Seed Phrase Theft Campaign

Threat Intelligence

Fake Ledger Apps Target macOS Users in Seed Phrase Theft Campaign

Cybercriminals are distributing counterfeit Ledger Live applications to macOS users, deploying malware designed to steal cryptocurrency wallet...

Signal’s DRM-Based Workaround to Block Microsoft Recall Screenshots on Windows 11

Red-Team

Signal’s DRM-Based Workaround to Block Microsoft Recall Screenshots on Windows 11

Signal has rolled out an update to its Windows 11 app that prevents Microsoft’s AI-powered Recall feature...

3AM Ransomware: Social Engineering Tactics and Technical Defenses

Threat Intelligence

3AM Ransomware: Social Engineering Tactics and Technical Defenses

A new wave of highly targeted 3AM ransomware attacks is leveraging email bombing and spoofed IT support...

Malicious Chrome Extensions Impersonating VPNs and AI Tools Steal User Data

Threat Intelligence

Malicious Chrome Extensions Impersonating VPNs and AI Tools Steal User Data

A recent campaign involving over 100 malicious Google Chrome extensions has been discovered impersonating legitimate tools such...

Service Desk Security: Mitigating Social Engineering and MFA Bypass Attacks

Blue-Team

Service Desk Security: Mitigating Social Engineering and MFA Bypass Attacks

Service desks have become a prime target for cybercriminals, with high-profile attacks on organizations like MGM Resorts...

Anatomy of a Council Ransomware Attack: Tactics, Impact, and Defense Strategies

Threat Intelligence

Anatomy of a Council Ransomware Attack: Tactics, Impact, and Defense Strategies

The recent ransomware attack on a UK local council, as investigated by the BBC, represents one of...

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Red-Team

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

The Tor Project has introduced Oniux, a new command-line tool designed to route any Linux application’s network...

Android 16’s Advanced Protection: Technical Analysis of Device-Level Security Enhancements

Blue-Team

Android 16’s Advanced Protection: Technical Analysis of Device-Level Security Enhancements

Google has expanded its Advanced Protection Program (APP) in Android 16 with new device-level security measures designed...

Scaling Red Team Operations with Adversarial Exposure Validation (AEV)

Red-Team

Scaling Red Team Operations with Adversarial Exposure Validation (AEV)

Red teams play a critical role in identifying security gaps that traditional defenses often miss. However, their...

ClickFix Attacks Expand to Linux: Tactics, Payloads, and Mitigation Strategies

APT-News

ClickFix Attacks Expand to Linux: Tactics, Payloads, and Mitigation Strategies

A new wave of ClickFix attacks has emerged, now targeting Linux systems alongside Windows, marking a significant...

Moldovan Arrest Tied to DoppelPaymer Ransomware: Implications for Threat Actors

Threat Intelligence

Moldovan Arrest Tied to DoppelPaymer Ransomware: Implications for Threat Actors

Moldovan authorities have detained a 45-year-old individual linked to the DoppelPaymer ransomware group, which targeted Dutch organizations...

Bluetooth 6.1 Enhances Privacy with Randomized RPA Timing: Technical Analysis

News

Bluetooth 6.1 Enhances Privacy with Randomized RPA Timing: Technical Analysis

The Bluetooth Special Interest Group (SIG) has released Bluetooth Core Specification 6.1, introducing significant privacy and efficiency...

Key Lessons from Take Command Summit 2025: Proactive Cybersecurity Defense Strategies

News

Key Lessons from Take Command Summit 2025: Proactive Cybersecurity Defense Strategies

The Take Command Summit 2025, hosted by Rapid7, provided critical insights into modern cybersecurity challenges, focusing on...

Posts pagination

Previous 1 2 3 4 5 6 7 8 … 15 Next

Red Team

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

Attack Surface Mapping: How Adversaries Outpace Defenders and How to Respond

U.S. Strategic Bitcoin Reserve: Policy, Risks, and Security Implications

PumaBot: A New Go-Based Botnet Targeting IoT Devices via SSH Brute-Forcing

ASUS Router Botnet “AyySSHush” Deploys Persistent SSH Backdoors: Technical Analysis

ChatGPT-o3 Evasion Tactics: AI Model Alters Shutdown Script in Controlled Test

Malicious NPM Packages Exfiltrate Host and Network Data via Discord Webhooks

Fake Ledger Apps Target macOS Users in Seed Phrase Theft Campaign

Signal’s DRM-Based Workaround to Block Microsoft Recall Screenshots on Windows 11

Malicious Chrome Extensions Impersonating VPNs and AI Tools Steal User Data

Service Desk Security: Mitigating Social Engineering and MFA Bypass Attacks

Anatomy of a Council Ransomware Attack: Tactics, Impact, and Defense Strategies

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Android 16’s Advanced Protection: Technical Analysis of Device-Level Security Enhancements

Scaling Red Team Operations with Adversarial Exposure Validation (AEV)

ClickFix Attacks Expand to Linux: Tactics, Payloads, and Mitigation Strategies

Moldovan Arrest Tied to DoppelPaymer Ransomware: Implications for Threat Actors

Bluetooth 6.1 Enhances Privacy with Randomized RPA Timing: Technical Analysis

Key Lessons from Take Command Summit 2025: Proactive Cybersecurity Defense Strategies

You may have missed

Google Play Store to Implement Battery Performance Policy for Android Apps

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis