Cybersecurity researchers have uncovered a sophisticated evolution in phishing attacks that combines FileFix social engineering with cache smuggling techniques to bypass modern security defenses. This […]
Active Directory at Risk Due to Domain-Join Account Misconfigurations
Active Directory domain join accounts are systematically exposing enterprise environments to compromise, even when administrators follow Microsoft’s official guidance. A comprehensive security analysis reveals that […]
Atlas browser exploit lets attackers hijack ChatGPT memory
Days after cybersecurity analysts warned enterprises against installing OpenAI’s new Atlas browser, researchers have discovered a vulnerability that allows attackers to infect systems with malicious […]
Copilot diagrams could leak corporate emails via indirect prompt injection
Microsoft has patched an indirect prompt injection flaw in Microsoft 365 Copilot that could have allowed attackers to steal sensitive data using clickable Mermaid diagrams. […]
Anivia Stealer Peddled on Dark Web with UAC Bypass
A newly advertised information-stealing malware called Anivia Stealer has surfaced on the dark web, with threat actor ZeroTrace aggressively promoting the C++17-based infostealer as a […]
Is Your Google Workspace as Secure as You Think it is?
The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s […]
Zero-Click Exploit Targets MCP and Linked AI Agents to Stealthily Steal Data
Operant AI’s security research team has uncovered Shadow Escape, a dangerous zero-click attack that exploits the Model Context Protocol to steal sensitive data through AI […]
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services […]
BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods
The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining […]
New GhostGrab Android Malware Silently Steals Banking Login Details and Intercept SMS for OTPs
A sophisticated new Android malware family called GhostGrab is actively targeting mobile users with a dual-monetization strategy that combines covert cryptocurrency mining with comprehensive financial […]