ALL POSTS

Key Findings The UK's National Cyber Security Centre (NCSC) has issued an alert regarding the persistent targeting of UK organizations by Russia-linked hacktivist groups. These groups, such as NoName057(16), are carrying out Distributed Denial of Service (DDoS) attacks to disrupt networks, take websites offline, and disable services. The attacks are ideologically motivated, reflecting an evolution in the threat landscape that now increasingly targets operational technology (O

Key Findings 224% return on investment (ROI) over three years $3.8 million net present value (NPV) based on quantified benefits versus costs >25% reduction in overall risk of security breaches Zero breaches reported by interviewed organizations after deploying Airlock Digital Significant operational efficiencies with reduced administrative overhead Background As cyberattacks continue to grow in scale and sophistication, more organizations are turning to application control an

Key Findings Telegram-based illicit marketplace Tudou Guarantee has stopped transactions in its public groups after handling over $12 billion in transactions. Tudou Guarantee grew after the closure of the Huione Guarantee marketplace, with many sellers offering stolen data, money laundering services, and scam infrastructure. The shutdown of Tudou Guarantee is linked to the collapse of the Prince Group and the arrest of its chairman, Chen Zhi, in connection with a vast investm

Key Findings One Identity announces a major upgrade to its Identity Manager platform, version 10.0, introducing security-driven capabilities for risk-based governance, identity threat detection and response (ITDR), and AI-assisted insights. The new release aims to help organizations better anticipate, contain, and manage identity-driven attacks across their complex IT ecosystems. Key features include enhanced risk management integrations, automated ITDR playbooks, a modern br

Key Findings Nicholas Moore, 24, from Tennessee, pleaded guilty to repeatedly hacking the U.S. Supreme Court's electronic filing system. He used stolen credentials to access the Supreme Court's filing system, an AmeriCorps account, and a veteran's VA MyHealthEVet account. Over 25 days, he posted screenshots and personal data from his victims on his Instagram account, @ihackedthegovernment, exposing names and sensitive information publicly. Moore could serve up to one year in

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt

Key Findings Researchers have disclosed a new hardware vulnerability, codenamed "StackWarp", affecting AMD Zen 1 through Zen 5 processors. The flaw can be exploited to bypass AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) protections, allowing attackers to run malicious code within confidential virtual machines (CVMs). StackWarp targets a synchronization bug in the CPU's stack engine, a microarchitectural optimization responsible for accelerated sta

Key Findings Researchers from Google Project Zero have discovered a comprehensive "zero-click" exploit chain targeting the Google Pixel 9 smartphone. The exploit chain spans from remote code execution during media decoding to the ultimate compromise of the kernel. The vulnerabilities were patched in the security updates released on January 5, 2026. Background The pivotal shift in recent years lies in the propensity of "intelligent" smartphone features to preemptively analyze

Key Findings GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. GootLoader runs on an access-as-a-service model and has been known to deliver threats like SunCrypt, REvil, Kronos, and Cobalt Strike. The ZIP file is intentionally broken so many security and analysis tools can't open it, but Windows can, helping the malware avoid detectio

Key Findings: A new cybersecurity incident involving a dating website called WhiteDate has been reported. Instagram has experienced a data breach where user information, including passwords, was scraped and made publicly available. Troy Hunt is currently in Oslo, Norway. Background The WhiteDate Breach WhiteDate is a dating website that has experienced a security breach. Details of the breach, including the extent of the data exposed, are still being investigated. The inciden

Key Findings Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement issued an international wanted notice for the group's alleged Russian ringleader, Oleg Nefedov. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, impacting over 500 organizations worldwide and causing hundreds of millions of dollars in damage. The cybercrime group has infected over 329 victims, i

Key Findings: The update to zipdump.py Version 0.0.33 adds a new pseudo-field 'sha256' to calculate the SHA256 hash of the content (compressed or decompressed). The update to hash.py Version 0.0.14 is a bug fix version. Background zipdump.py is a tool used to extract and analyze the contents of ZIP files. The latest update adds a new feature that allows users to calculate the SHA256 hash of the compressed or decompressed content of a ZIP file. The hash.py tool is used to calc

Key Findings Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. The group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists. The accused individuals specialized in technical hacking, including credential theft and "has

Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands

Key Findings A vulnerability in the AWS Console supply chain, dubbed "CodeBreach," could have allowed attackers to seize control of critical AWS infrastructure. The flaw stemmed from a seemingly minor misconfiguration in a regular expression (regex) used to filter pull requests in AWS CodeBuild pipelines. The lack of "start ^ and end $ anchors" in the regex pattern enabled malicious actors to bypass the filter and trigger privileged builds. Wiz researchers were able to exploi

Key Findings OpenAI is launching a new $8 per month "ChatGPT Go" subscription tier, aimed at bridging the gap between free users and the $20 "Plus" tier. The most controversial aspect is the introduction of integrated advertising in both the free and Go tiers, a first for OpenAI. OpenAI is defending the ads as necessary to keep ChatGPT affordable and accessible, but privacy and cybersecurity experts are raising concerns. The company promises "answer independence" and user pri

Key Findings A new ransomware family called DeadLock was discovered in July 2025, distinguished by its innovative abuse of Polygon smart contracts to manage its command-and-control (C2) infrastructure. DeadLock embeds the proxy URL directly into the blockchain via a `setProxy` function, creating an immutable and resilient communication channel that is difficult for law enforcement to take down. This "EtherHiding" technique echoes methods previously observed with North Korean

Key Findings GootLoader malware is using a malformed ZIP archive with 500-1,000 concatenated ZIP files to evade detection The malicious ZIP file is designed to trigger parsing errors in many unarchiving tools, but can still be extracted by the default Windows unarchiver GootLoader employs "hashbusting" techniques by randomizing values in non-critical ZIP file fields to generate unique payloads for each victim The attack involves delivering the malicious ZIP as an XOR-encoded

Key Findings Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that impersonate HR and ERP platforms like Workday, NetSuite, and SuccessFactors. The extensions work together to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking. All five extensions have been removed from the Chrome Web Store, but are still available on third-party software download si