One of the Russian government’s most elite hacking groups has adopted an attack, known as Clickfix, to compromise devices belonging to sensitive organizations in Ukraine, the latter country’s CERT ...
The federal government is warning users of home and small office routers to secure their devices as Russia state hackers ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...
In other news, a DHS database was hacked, Adobe is releasing patches twice a month, and Canada has disrupted ransomware operations.
A comprehensive Sudanese study has revealed that 93.2% of Sudanese support peace negotiations, a finding that participants described as “digital evidence refuting claims used to justify the ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
Citrix NetScaler received patches for another memory leak vulnerability similar to CitrixBleed, as well as memory overflow, file read and denial-of-service issues ...
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...