A newly disclosed vulnerability in SonicWall’s Connect Tunnel Windows Client could allow malicious actors to trigger denial-of-service (DoS) attacks or corrupt files, according to a […]
TheWizards Deploy ‘Spellbinder Hacking Tool’ for Global Adversary-in-the-Middle Attack
ESET researchers have uncovered sophisticated attack techniques employed by a China-aligned threat actor dubbed “TheWizards,” which has been actively targeting entities across Asia and the […]
Cato Networks macOS Client Vulnerability Enables Low-Privilege Code Execution
A critical vulnerability in Cato Networks’ widely used macOS VPN client has been disclosed, enabling attackers with limited access to gain full control over affected […]
DARPA Highlights Critical Infrastructure Security Challenges
Leaders at federal research organizations DARPA, ARPA-I, and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025. The original article […]
Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. […]
![[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqbZf4bsDp6ei3fmQ8swm7GB5XoRrhZSFE7ZNhRLFO49KlmdgpIDCZWMSv7rydpEShIrNb9crnH5p6mFZbURzO5HC9I4RlzJazBBw5aHOTmI38sqiZIWPldRqut4bTgegipjOk5VgktVOwCKF_ncLeBX-pMTO_GMVMfbzZbf8eAj21V04y_NiOaSApGkM/s1600/webinar-play.jpg)
[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats
How Many Gaps Are Hiding in Your Identity System? It’s not just about logins anymore. Today’s attackers don’t need to “hack” in—they can trick their […]
Over 90% of Cybersecurity Leaders Worldwide Report Cloud-Targeted Cyberattacks
A groundbreaking report from Rubrik Zero Labs, titled The State of Data Security: A Distributed Crisis, reveals a staggering reality for global IT and cybersecurity […]
Ruby on Rails Vulnerability Allows CSRF Protection Bypass
A critical vulnerability in Ruby on Rails’ Cross-Site Request Forgery (CSRF) protection mechanism has been identified, affecting all versions since the 2022/2023 “fix” and persisting […]
HPE adds ‘digital circuit breaker’ to protect GreenLake customers
HPE has introduced new security features for its Aruba Networking and GreenLake platforms to enhance cloud and network security in hybrid IT environments. The updates, […]
New WordPress Malware Disguised as Anti-Malware Plugin Takes Full Control of Websites
The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that masquerades as a legitimate plugin, often named ‘WP-antymalwary-bot.php.’ First detected on […]