An exposed attack server led Lexfo to three Microsoft 365 phishing operations using Evilginx and device code abuse to capture ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...
GhostLock (CVE-2026-43499) is a 15-year-old Linux kernel vulnerability that allows attackers to gain root privileges.
A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. "The ...
New data suggests a cyber espionage group is laying the groundwork for attacks against major industries. The "React2Shell" vulnerability is already almost a few months old, but it's far from over. An ...
From technical compromise to AI-driven attacks, cyber criminals increasingly see software developers as prime targets, creating systemic risks CISOs must address. Threats against corporate software ...
December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the “React2Shell” ...
This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell. It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181. [+] ...
It used to be that you could almost count on weekly news of another cybersecurity exploit enabled by misconfigured cloud storage buckets, but a new threat landscape report points to new cloud threats.