Attackers are spreading a blockchain-based backdoor via Hugging Face by exploiting a critical vulnerability in developer environments. This analysis explains how the attack works and what organizations must do to defend against it.

The Nexcorium Mirai variant is exploiting TBK DVR vulnerabilities to hijack IoT devices and build a large-scale DDoS botnet. This analysis explains how the attack works and what organizations must do to defend against

OpenAI’s GPT-5.4 Cyber Defense Program is expanding AI-powered cybersecurity capabilities to verified defenders worldwide. This analysis explains how it works and what it means for organizations.

Iranian MOIS hackers are using multiple fake personas to conduct espionage, phishing, and psychological operations. This analysis explains how the campaign works and what organizations must do to defend against it.

SideWinder hackers are using fake Chrome PDF viewers and cloned Zimbra portals to steal credentials and conduct espionage. This analysis explains how the attack works and what organizations must do to defend against it.

Cybercriminals exploited French fintech and banking systems using stolen credentials, exposing over 1.2 million accounts. This analysis explains how the attack works and what organizations must do to defend against it.

Attackers used 109 fake GitHub repositories to distribute SmartLoader and StealC malware in a supply chain attack. This analysis explains how the campaign works and what organizations must do to defend against it.

A Cisco firewall breach involving CVE-2025-20333 and FIRESTARTER malware shows how attackers can survive patching and regain network access.

ADT confirmed a cyber intrusion involving customer and prospective customer data, including names, phone numbers, addresses, dates of birth, and partial SSNs or tax IDs in some cases. This analysis explains the breach risk, possible identity-based attack path, business impact, detection strategies, penetration testing lessons, and protection measures organizations should take now.

PhantomRPC is a newly disclosed Windows RPC vulnerability that can allow local privilege escalation to SYSTEM-level access. This analysis explains how the flaw works, why no CVE has been assigned, how attackers may abuse RPC impersonation, and what organizations should do to reduce exposure through monitoring, hardening, and penetration testing.

Vibing.exe, a Microsoft Store-delivered AI productivity app, allegedly collected screenshots, audio, clipboard content, and application context before sending data to a remote Azure endpoint. This analysis explains the endpoint security risks, token exposure concerns, business impact, detection strategies, penetration testing lessons, and protection measures organizations should take now.

A fake CAPTCHA scam is abusing international SMS messages, IRSF tactics, and traffic distribution systems to generate telecom fraud and route users into crypto scams. This analysis explains how the campaign works, why Keitaro TDS abuse matters, what risks organizations face, and how security teams can improve detection, prevention, incident response, and penetration testing coverage.