30 articles
ShinyHunters breached Canvas LMS, stole 275 million students' data, took the ransom — and attacked again four days later. Here's who they are and why arrests haven't stopped them.
TeamPCP has compromised hundreds of open-source packages and stolen half a million credentials. But their OPSEC is leaking — and someone is already hunting them.
Microsoft patched 500+ vulnerabilities in five months. Linux ecosystems patched even more. So which is more secure? That's the wrong question — here's the metric that actually matters.
TeamPCP's Shai-Hulud is a TypeScript/Bun C2 framework targeting GitHub Actions CI/CD pipelines — it steals GitHub tokens, exfiltrates via a fake git domain, and has now been open-sourced for anyone to deploy.
Google GTIG's May 2026 report documents a turning point: state actors now use AI to write zero-day exploits, build self-navigating backdoors, and poison the AI supply chain itself.
France is migrating 2.5 million government PCs to Linux. Europe is building its own payment network to rival Visa and Mastercard. EuroStack aims to replace AWS and Azure. Here's what's happening, why it matters for security, and how realistic it is.
ESET uncovered CallPhantom — 28 Android apps with 7.3M downloads that sold fabricated call histories. A deep dive into the fraud mechanics, billing bypass, and how to protect yourself.
Meet the elite state-sponsored hacking groups that stole billions, blacked out cities, and infiltrated governments. Who they are, what they want, and how they operate in 2026.
AutoHotkey isn't just for productivity scripts — attackers use it as a stealthy malware loader. Learn how AHK-based campaigns work and how to detect them.
Anthropic built an AI that autonomously discovered a 27-year-old vulnerability in widely-used code. It can build working exploits from scratch. It's too dangerous to release publicly. Here's what that means for your bank, your government, your code — and the future of digital security.
ClickFix attacks trick users into running malicious code disguised as legitimate troubleshooting. Learn how these social engineering tactics work and how to defend against them.
80% of top MITRE ATT&CK techniques now focus on evasion and persistence. Attackers abandoned smash-and-grab for long-term parasitic operations in networks.
Discover why removing Google Advertising ID (GAID) from your Android device is crucial for privacy. Learn the simple steps to delete GAID and protect your data in 2026.
From 10 years to life in prison - real cybercrime convictions from Europe, USA, and Asia. DDoS, ransomware, and data theft aren't victimless crimes.
The Kimwolf botnet has compromised over 2 million devices worldwide by exploiting residential proxy networks and unsecured Android TV boxes. Here's what threat intelligence reveals about its infrastructure, tactics, and how to defend against it.
Anthropic just unveiled Claude Mythos Preview — an AI model too dangerous to release publicly, but powerful enough to find vulnerabilities that evaded detection for decades. Here's what it means and how to get involved.
A threat intelligence deep-dive into the world's most dangerous state-sponsored APT groups — their identities, motivations, campaigns, and tradecraft in 2026.
UEFI bootkits survive OS reinstalls, hide from every AV and EDR tool, and can bypass Secure Boot on fully-patched systems. Here's how they work and what you can do about it.
Xanthorox is an offline, modular AI attack platform with five specialized models — and it needs no cloud, no API, and leaves no traditional IoCs. Here's what defenders need to know.
Europol's OTF GRIMM has made 280 arrests in one year targeting criminal networks that outsource violence like a SaaS product. The model mirrors ransomware-as-a-service — and it's recruiting teenagers through Discord and encrypted apps.
ATT&CK v19 drops April 28 and splits Defense Evasion into two tactics. Here's what changes, why it matters for detection engineering, and what you need to do before the weekend.
The average time from vulnerability disclosure to active exploitation has collapsed from 756 days in 2018 to mere hours in 2025. Here's what that means for defenders.
For the first time, vulnerability exploitation is the #1 initial access vector — not phishing. Here's what the data says and how defenders must adapt.
A structured guide to modern Windows attack techniques — BYOVD EDR evasion, LOLBins, invisible character injection, ClickFix delivery, NTFS steganography, and C2 over trusted cloud services. How they work, how to detect them.
How to systematically map an organization's attack surface using open-source intelligence — domains, infrastructure, employees, leaked credentials, and exposed secrets.
Microsoft's Defender team uncovered a clever attacker technique: PHP webshells that stay completely dormant until activated by a secret HTTP cookie. Here's how it works — and how to catch it.
Salt Typhoon is the worst telecom breach in history. The Chinese APT stayed hidden for years inside AT&T, Verizon and T-Mobile. Here's the full attack chain, the tools they used, and the detection opportunities blue teams missed.
Global honeypot sensors logged over 218 million malicious events in January 2026. MSSQL attacks doubled, botnet infrastructure expanded 50%, and attackers pivoted away from RDP toward database targeting.
AI has transformed social engineering into an automated, scalable threat. Learn how attackers leverage AI-powered phishing, deepfakes, and voice cloning—and what defenders can do about it.
Cybersecurity threats heading into 2025: AI-powered attacks, ransomware trends, and quantum threats — with practical security measures for the holiday season and beyond.