CloudZ RAT exploits Microsoft Phone Link to intercept SMS and OTPs without infecting phones.
Active since January 2026, the attack enables credential theft and 2FA bypass via synced data.
Active since January 2026, the attack enables credential theft and 2FA bypass via synced data.
PAN-OS firewalls hit by active exploitation of CVE-2026-0300, enabling unauthenticated RCE with root access.
The unpatched flaw targets publicly exposed User-ID portals, affecting multiple versions.
The unpatched flaw targets publicly exposed User-ID portals, affecting multiple versions.
Rapid7 Research: MuddyWater Group Uses Chaos Ransomware to Mask Its Activity
Rapid7's research notes that the attackers execute all stages of the attack, including encryption and ransom demands, but the main goal is espionage, not money.
The research also mentions the incident in which the Qilin group attacked Asaf HaRofeh Hospital—a case that channel members know well.
Rapid7's research notes that the attackers execute all stages of the attack, including encryption and ransom demands, but the main goal is espionage, not money.
The research also mentions the incident in which the Qilin group attacked Asaf HaRofeh Hospital—a case that channel members know well.
Widespread GPS Disruption in Strait of Hormuz Still Unresolved
Maritime tracking data shows that the widespread disruption in the GPS system in the Strait of Hormuz, which began two days ago, has caused confusion for many commercial vessels.
In maritime tracking images, some vessels are displayed as moving on land.
Notably, this disruption has continued for the third consecutive day in the Persian Gulf and Strait of Hormuz region.
Maritime tracking data shows that the widespread disruption in the GPS system in the Strait of Hormuz, which began two days ago, has caused confusion for many commercial vessels.
In maritime tracking images, some vessels are displayed as moving on land.
Notably, this disruption has continued for the third consecutive day in the Persian Gulf and Strait of Hormuz region.
Hackers Use of AI "Claude" to Identify Industrial Targets in the Attack on Mexico's Water Facilities.
Hackers weaponized Anthropic's Claude AI & OpenAI's GPT to scout industrial targets in Jan 2026 attack on Mexico's Monterrey water utility.
Claude auto-ID'd a high-value vNode SCADA/IIoT mgmt interface & recommended password spraying.
Hackers weaponized Anthropic's Claude AI & OpenAI's GPT to scout industrial targets in Jan 2026 attack on Mexico's Monterrey water utility.
Claude auto-ID'd a high-value vNode SCADA/IIoT mgmt interface & recommended password spraying.
Ivanti Endpoint Manager Mobile flaw (CVE-2026-6973) is being exploited in limited attacks, enabling remote code execution with admin access.
CISA has added it to its KEV catalog, with federal agencies ordered to patch by May 10, 2026.
CISA has added it to its KEV catalog, with federal agencies ordered to patch by May 10, 2026.
PCPJack malware exploits 5 CVEs to spread across cloud systems.
Steals credentials from Docker, Kubernetes, AWS and more, exfiltrating via Telegram while moving laterally across networks.
Steals credentials from Docker, Kubernetes, AWS and more, exfiltrating via Telegram while moving laterally across networks.
PAN-OS flaw "CVE-2026-0300" exploited for unauthenticated RCE with root access.
Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29.
Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29.
Three PyPI packages uploaded July 16–22, 2025 delivered ZiChatBot malware on Windows and Linux.
The malware uses Zulip APIs as C2 and persists via registry and cron.
The malware uses Zulip APIs as C2 and persists via registry and cron.
12 vulnerabilities in the vm2 Node.js library enable sandbox escape and arbitrary code execution.
Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2.
Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2.
A Mirai-based botnet dubbed xlabs_v1 is exploiting exposed #Android Debug Bridge (ADB) services on port 5555 to hijack IoT devices.
It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers.
It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers.
84% of cyberattacks now blend in using legitimate tools, not malware, across 700,000 incidents, according to Bitdefender’s Cristian Iordache.
Up to 95% of access to risky tools is unnecessary, quietly expanding attack surfaces.
Up to 95% of access to risky tools is unnecessary, quietly expanding attack surfaces.
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants.
Needle crypto-stealer C2 analysis: API key embedded in plain text inside the Rust malware unlocked 1,932 victims and the operator's withdrawal config.
Handala hacking collective 'compromised' secure US navy phones, updated target bank for Resistance Axis
The most recent breach comes after leaks involving US military personnel, high-ranking authorities, and Israeli regime officials.
#TGITM @TheGhostITM
The most recent breach comes after leaks involving US military personnel, high-ranking authorities, and Israeli regime officials.
#TGITM @TheGhostITM
TCLBANKER, a previously undocumented Brazilian banking trojan, is targeting 59 banking, fintech, and #cryptocurrency platforms.
The malware spreads through #WhatsApp Web and Microsoft Outlook, using DLL side-loading, keylogging, and fake credential overlays to evade detection and steal banking credentials.
The malware spreads through #WhatsApp Web and Microsoft Outlook, using DLL side-loading, keylogging, and fake credential overlays to evade detection and steal banking credentials.