More results...
AutoPentestX, an open-source automated penetration testing framework designed to streamline vulnerability assessment and security testing workflows on Linux systems. The toolkit consolidates multiple security testing capabilities into a unified platfor…
A critical vulnerability in Moltbook, the AI agent social network launched in late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for registered entities. The flaw impacts the platform’s claim…
In 2026, the perimeter is gone. Your users are everywhere, and the “castle and moat” security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools…
A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive, energy, and manufacturing. The flaw, tracked as CVE-2025-09…
A significant Metasploit Framework update (version 6.4.111) featuring seven new exploit modules that target critical vulnerabilities across widely deployed enterprise systems. This release demonstrates the increasing sophistication of attack chains lev…
TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s Nation…
A dangerous wave of attacks exploiting CVE-2025-54236, dubbed “SessionReaper,” in Magento e-commerce platforms. This vulnerability lets attackers bypass authentication by reusing invalid session tokens, paving the way for session hijacking …
A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services explo…
A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files from victims’ devices. Threat actors pose as dating apps to hook targe…
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxics…