ALL POSTS

Key Findings Researchers have disclosed a new hardware vulnerability, codenamed "StackWarp", affecting AMD Zen 1 through Zen 5 processors. The flaw can be exploited to bypass AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) protections, allowing attackers to run malicious code within confidential virtual machines (CVMs). StackWarp targets a synchronization bug in the CPU's stack engine, a microarchitectural optimization responsible for accelerated sta

Key Findings Researchers from Google Project Zero have discovered a comprehensive "zero-click" exploit chain targeting the Google Pixel 9 smartphone. The exploit chain spans from remote code execution during media decoding to the ultimate compromise of the kernel. The vulnerabilities were patched in the security updates released on January 5, 2026. Background The pivotal shift in recent years lies in the propensity of "intelligent" smartphone features to preemptively analyze

Key Findings GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. GootLoader runs on an access-as-a-service model and has been known to deliver threats like SunCrypt, REvil, Kronos, and Cobalt Strike. The ZIP file is intentionally broken so many security and analysis tools can't open it, but Windows can, helping the malware avoid detectio

Key Findings: A new cybersecurity incident involving a dating website called WhiteDate has been reported. Instagram has experienced a data breach where user information, including passwords, was scraped and made publicly available. Troy Hunt is currently in Oslo, Norway. Background The WhiteDate Breach WhiteDate is a dating website that has experienced a security breach. Details of the breach, including the extent of the data exposed, are still being investigated. The inciden

Key Findings Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement issued an international wanted notice for the group's alleged Russian ringleader, Oleg Nefedov. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, impacting over 500 organizations worldwide and causing hundreds of millions of dollars in damage. The cybercrime group has infected over 329 victims, i

Key Findings: The update to zipdump.py Version 0.0.33 adds a new pseudo-field 'sha256' to calculate the SHA256 hash of the content (compressed or decompressed). The update to hash.py Version 0.0.14 is a bug fix version. Background zipdump.py is a tool used to extract and analyze the contents of ZIP files. The latest update adds a new feature that allows users to calculate the SHA256 hash of the compressed or decompressed content of a ZIP file. The hash.py tool is used to calc

Key Findings Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. The group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists. The accused individuals specialized in technical hacking, including credential theft and "has

Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands

Key Findings A vulnerability in the AWS Console supply chain, dubbed "CodeBreach," could have allowed attackers to seize control of critical AWS infrastructure. The flaw stemmed from a seemingly minor misconfiguration in a regular expression (regex) used to filter pull requests in AWS CodeBuild pipelines. The lack of "start ^ and end $ anchors" in the regex pattern enabled malicious actors to bypass the filter and trigger privileged builds. Wiz researchers were able to exploi

Key Findings OpenAI is launching a new $8 per month "ChatGPT Go" subscription tier, aimed at bridging the gap between free users and the $20 "Plus" tier. The most controversial aspect is the introduction of integrated advertising in both the free and Go tiers, a first for OpenAI. OpenAI is defending the ads as necessary to keep ChatGPT affordable and accessible, but privacy and cybersecurity experts are raising concerns. The company promises "answer independence" and user pri

Key Findings A new ransomware family called DeadLock was discovered in July 2025, distinguished by its innovative abuse of Polygon smart contracts to manage its command-and-control (C2) infrastructure. DeadLock embeds the proxy URL directly into the blockchain via a `setProxy` function, creating an immutable and resilient communication channel that is difficult for law enforcement to take down. This "EtherHiding" technique echoes methods previously observed with North Korean

Key Findings GootLoader malware is using a malformed ZIP archive with 500-1,000 concatenated ZIP files to evade detection The malicious ZIP file is designed to trigger parsing errors in many unarchiving tools, but can still be extracted by the default Windows unarchiver GootLoader employs "hashbusting" techniques by randomizing values in non-critical ZIP file fields to generate unique payloads for each victim The attack involves delivering the malicious ZIP as an XOR-encoded

Key Findings Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that impersonate HR and ERP platforms like Workday, NetSuite, and SuccessFactors. The extensions work together to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking. All five extensions have been removed from the Chrome Web Store, but are still available on third-party software download si

Key Findings A China-linked APT group, tracked as UAT-8837, has been targeting critical infrastructure sectors in North America since at least 2025. The threat actor has recently exploited a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS 9.0) to gain initial access to target networks. After obtaining a foothold, UAT-8837 deploys a range of open-source tools to harvest sensitive information, including credentials, security configurations, and Active Director

Key Findings NHIcon 2026 is a virtual conference organized by Aembit examining the technical, operational, and security challenges of agentic artificial intelligence systems in enterprise environments. The event features keynote addresses from industry leaders including Phil Venables, Misam Abbas, and Jason Clinton. The agenda includes over 20 practitioner-led sessions on topics like large language model evaluation, agent behavior, secrets management, and the OWASP Top 10 for

Key Findings AI-enhanced malware is making malware even more difficult to detect AI is used by adversaries to assess, adapt, and move faster than any cyber stack can keep up The industry is trapped in a futile chase, piling on detection tools and adding AI enhancements that still fail to close the foundational gap Enterprises now face an overwhelming flood of alerts, with many organizations reportedly beginning to limit the amount of data they ingest Background AppGuard has r

Key Findings BreachLock expands its Adversarial Exposure Validation (AEV) solution to support autonomous red teaming at the web application layer. BreachLock AEV's generative AI-powered engine can now emulate real-world attacker behavior and validate exploitable weaknesses in web applications. AEV goes beyond identifying theoretical risks and validates their real-world exploitability and business impact. The solution provides deep contextual insights to help security teams pr

Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network

Key Findings Microsoft, in collaboration with law enforcement authorities, has taken coordinated legal action to disrupt the cybercrime subscription service called RedVDS, which has allegedly fueled millions in fraud losses. RedVDS provided criminals with access to disposable virtual computers running unlicensed software, enabling them to operate anonymously and carry out various illicit activities, including phishing, business email compromise (BEC), and financial fraud. Sin

Key Findings HPE Networking has released critical software patches for vulnerabilities in its Instant On series of access points and routers. The flaws include a high-severity Denial-of-Service (DoS) vulnerability (CVE-2025-37166) that can crash devices, and an information exposure issue (CVE-2025-37165) that could leak network configuration details. The update also addresses legacy kernel-level vulnerabilities (CVE-2023-52340, CVE-2022-48839) that could lead to DoS and memor