Spotify this week unveiled a new Direct Messaging feature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and […]
The 5 Golden Rules of Safe AI Adoption
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of […]
New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly
Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero), or TASPEN, to deploy a […]
Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global Organizations
The Underground ransomware gang has been coordinating recurring attacks on enterprises throughout the globe in a worrying increase in cyber risks. They have demonstrated sophisticated […]
Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSS
Nagios has addressed a significant cross-site scripting (XSS) vulnerability in its enterprise monitoring platform Nagios XI that could allow remote attackers to execute arbitrary JavaScript […]
IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection
A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or […]
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These […]
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial […]
ShadowCaptcha Exploit: Massive WordPress Site Compromise Used to Execute Malicious Commands on Victims
A large-scale cybercrime conspiracy known as ShadowCaptcha was made public by cybersecurity researchers at Israel’s National Digital Agency. This campaign exploits the ClickFix technique, deploying […]
DOGE Allegedly Uploaded SSA’s Live Numident Database to Unsecured Cloud Server
The Government Accountability Project submitted a protected disclosure from Charles Borges—SSA’s Chief Data Officer—to the Office of Special Counsel and congressional oversight committees. Borges reports […]