PowMix targets Czech workforce since Dec 2025 using jittered C2 and ZIP phishing, enabling stealthy remote access and ...

Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant ...

CERT-UA links the AgingFly credential-stealing campaign to phishing, browser theft, and modular remote access.

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

TL;DR  Introduction   In my previous blog post, I wrote about finding your path into DFIR; how to get started, where to focus ...

Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.

Attackers are exploiting trust in Adobe’s brand to deliver covert remote access, using a fake Acrobat Reader download page to install ConnectWise ScreenConnect through a fileless, memory-heavy attack ...

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Microsoft warns of rising Teams attacks abusing external chats to impersonate IT staff, gain remote access, and steal ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...