ALL POSTS

Key Findings Halo Security, a leading provider of external attack surface management and penetration testing services, has achieved SOC 2 Type II compliance after a multi-month audit by Insight Assurance. SOC 2 Type II certification validates that Halo Security's security controls not only are properly designed but also operate effectively and consistently over time. The extended audit period assessed Halo Security's operational effectiveness, consistency, continuous monitori

Key Findings A public proof-of-concept (PoC) exploit has been released for a critical vulnerability in the Android operating system. The vulnerability allows malicious applications to escalate their privileges and gain access to sensitive permissions without the user's knowledge or consent. The vulnerability affects both the main Android OS as well as the WearOS platform, putting a wide range of Android devices at risk. The exploit has been confirmed to work on multiple Andro

Background Citizen Lab, a research organization at the University of Toronto, conducted an investigation into the use of Cellebrite phone-cracking technology by the Jordanian government against domestic activists and human rights defenders. The incidents occurred between late 2023 and mid-2025, during a time of protests in support of Palestinians. The cases involved a political activist, student organizer, activist/researcher, and human rights defender, three of whom had iPho

VoidLink Malware Puts Cloud Systems on High Alert With Custom Built Attacks Summary Key Points: VoidLink is a highly adaptable threat targeting cloud environments Discovered by Check Point Research in January 2026 and reported by Hackread.com This Chinese-developed framework is designed to infiltrate critical business infrastructure Background VoidLink is a malware that has been putting cloud environments on high alert. It was first brought to light by Check Point Research on

Key Findings A critical Remote Code Execution (RCE) vulnerability with a CVSS score of 9.8 has been discovered in the Laravel Reverb framework. The vulnerability, which allows unauthenticated attackers to execute arbitrary code, affects an estimated 7 million websites and applications that use the Laravel Reverb framework. The vulnerability is caused by insecure deserialization of user-supplied data, which can lead to remote code execution. Successful exploitation of this vul

Key Findings Arctic Wolf observed a new cluster of automated malicious activity targeting Fortinet FortiGate firewalls since January 15, 2026. The attacks involve the creation of generic user accounts for persistence, configuration changes granting VPN access to those accounts, and exfiltration of firewall configurations. This activity shares similarities with a December 2025 campaign that exploited critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and C

Key Findings Researchers at watchTowr Labs have discovered a critical vulnerability in SmarterMail, tracked as WT-2026-0001, that allows unauthenticated attackers to hijack administrative accounts and achieve full Remote Code Execution (RCE). The vulnerability lies within the force-reset-password API endpoint, which fails to implement proper security checks for system administrators. Attackers can simply send a JSON request with IsSysAdmin set to true, the target username, an

Key Findings Cisco patched a critical zero-day remote code execution (RCE) flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), that is actively being exploited in attacks. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The bug affects Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. Cisco is aware of attempted exploitat

Key Findings 64% of third-party applications access sensitive data without legitimate business justification, up from 51% last year - a 25% year-over-year spike. Malicious web activity across critical public-sector infrastructure surged dramatically, with government websites seeing a rise from 2% to 12.9%, and 1 in 7 Education websites now showing active compromise, quadrupling year-over-year. Widely used third-party tools like Google Tag Manager (8%), Shopify (5%), and Faceb

Key Findings VoidLink is a sophisticated Linux malware framework, built largely by a single developer with assistance from an artificial intelligence (AI) model. The malware reached over 88,000 lines of code in a short timeframe, showcasing the efficiency enabled by AI-driven development. Operational security failures by the developer exposed development artifacts, providing clear evidence that VoidLink was produced predominantly through AI-driven processes. VoidLink includes

Key Findings GitLab has released urgent security updates to address several high-severity vulnerabilities, including a critical two-factor authentication (2FA) bypass flaw and multiple denial-of-service (DoS) issues. The 2FA bypass vulnerability (CVE-2026-0723) could allow an attacker to bypass the authentication mechanism designed to protect accounts, potentially leading to account takeovers. The DoS vulnerabilities affect various GitLab components, including the Jira Connec

Key Findings Attackers are impersonating LastPass in an active phishing campaign that aims to steal users' master passwords. The phishing emails claim there is urgent LastPass maintenance and urge users to back up their password vaults within 24 hours. The malicious emails use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims. The phishing links lead to an Amazon S3–hosted page that redirects to a fake LastPass site design

Key Findings North Korean threat actors associated with the "Contagious Interview" campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The attack involves instructing targets to clone a repository on GitHub, GitLab, or Bitbucket, and launch the project in VS Code as part of a supposed job assessment. The malicious VS Code task configuration files are used to execute payloads, incl

Key Findings The UK's National Cyber Security Centre (NCSC) has issued an alert regarding the persistent targeting of UK organizations by Russia-linked hacktivist groups. These groups, such as NoName057(16), are carrying out Distributed Denial of Service (DDoS) attacks to disrupt networks, take websites offline, and disable services. The attacks are ideologically motivated, reflecting an evolution in the threat landscape that now increasingly targets operational technology (O

Key Findings 224% return on investment (ROI) over three years $3.8 million net present value (NPV) based on quantified benefits versus costs >25% reduction in overall risk of security breaches Zero breaches reported by interviewed organizations after deploying Airlock Digital Significant operational efficiencies with reduced administrative overhead Background As cyberattacks continue to grow in scale and sophistication, more organizations are turning to application control an

Key Findings Telegram-based illicit marketplace Tudou Guarantee has stopped transactions in its public groups after handling over $12 billion in transactions. Tudou Guarantee grew after the closure of the Huione Guarantee marketplace, with many sellers offering stolen data, money laundering services, and scam infrastructure. The shutdown of Tudou Guarantee is linked to the collapse of the Prince Group and the arrest of its chairman, Chen Zhi, in connection with a vast investm

Key Findings One Identity announces a major upgrade to its Identity Manager platform, version 10.0, introducing security-driven capabilities for risk-based governance, identity threat detection and response (ITDR), and AI-assisted insights. The new release aims to help organizations better anticipate, contain, and manage identity-driven attacks across their complex IT ecosystems. Key features include enhanced risk management integrations, automated ITDR playbooks, a modern br

Key Findings Nicholas Moore, 24, from Tennessee, pleaded guilty to repeatedly hacking the U.S. Supreme Court's electronic filing system. He used stolen credentials to access the Supreme Court's filing system, an AmeriCorps account, and a veteran's VA MyHealthEVet account. Over 25 days, he posted screenshots and personal data from his victims on his Instagram account, @ihackedthegovernment, exposing names and sensitive information publicly. Moore could serve up to one year in

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt