A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. […]
New npm supply-chain attack self-spreads to steal auth tokens Read More »
Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage “Caller-as-a-Service” operations like a professional sales team. […]
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process Read More »
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters Read More »
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims. “SystemBC establishes SOCKS5 network
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation Read More »
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. “Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,” according
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Read More »
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. […]
Microsoft traces Universal Print issues to Graph API code change Read More »
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. […]
New GoGra malware for Linux uses Microsoft Graph API for comms Read More »
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. […]
Microsoft releases emergency patches for critical ASP.NET flaw Read More »
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. “The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated,” ESET security researcher Lukáš Štefanko
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs Read More »
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. The root cause of slow MTTR is almost never “not enough analysts.” It is almost always the same structural problem:
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time Read More »