top of page
ALL POSTS
Law Enforcement's Mass Surveillance Through Ad Data: The Webloc Tracking of 500 Million Devices
Key Findings Webloc, an ad-based geolocation surveillance system, tracks up to 500 million mobile devices globally without warrant requirements Law enforcement agencies in the U.S., Hungary, and El Salvador have deployed the tool, including ICE, DHS, and local police departments across multiple cities The system accesses device identifiers, location coordinates, and personal data harvested from mobile apps and digital advertising networks Israeli company Cobwebs Technologies
Apr 113 min read
FBI's iPhone Notification Loophole: How Deleted Signal Messages Aren't Really Deleted
Key Findings FBI successfully recovered deleted Signal messages from an iPhone using Apple's notification database Messages were extracted even after the Signal app was completely uninstalled from the device Only incoming messages could be recovered, not outgoing ones, confirming data came from notification storage The vulnerability affects any messaging app that displays preview notifications, including WhatsApp and Telegram Users can disable message previews in iPhone and a
Apr 112 min read
Adobe Reader Zero-Day Under Active Exploitation: Malicious PDFs Weaponized in the Wild
Key Findings Threat actors have been actively exploiting a previously unknown zero-day vulnerability in Adobe Reader since at least November 2025 Malicious PDF documents named with invoice-themed filenames use Russian language lures related to oil and gas industry issues to trick victims into opening them The exploit automatically executes obfuscated JavaScript upon opening to harvest sensitive data and receive additional malicious payloads The vulnerability allows execution
Apr 92 min read
Hack-for-Hire Spyware Campaign Targets Journalists Across MENA Region
Key Findings A coordinated hack-for-hire campaign targeting journalists and activists across the Middle East and North Africa has been active since at least 2022, with operations continuing into 2025 The campaign is attributed to Bitter, a threat actor with suspected ties to the Indian government, operating as a likely contracted espionage service Two Egyptian journalists and critics of their government, Mostafa Al-A'sar and Ahmed Eltantawy, were targeted with sophisticated s
Apr 93 min read
Flowise AI Agent Builder Faces Critical CVSS 10.0 RCE Vulnerability With 12,000+ Exposed Instances Under Active Exploitation
Key Findings CVE-2025-59528, a maximum-severity code injection vulnerability (CVSS 10.0), is being actively exploited against Flowise, an open-source AI platform The flaw allows remote code execution with only an API token required for exploitation Over 12,000 Flowise instances are exposed and vulnerable to attack Exploitation activity has been confirmed originating from a single Starlink IP address The vulnerability was patched in version 3.0.6 but remains unpatched on thous
Apr 72 min read
Fast-moving Storm-1175 exploits new vulnerabilities to breach networks and deploy Medusa
Key Findings China-based Storm-1175 executes rapid ransomware attacks, sometimes completing full intrusions within 24 hours The group exploits newly disclosed vulnerabilities before organizations can patch them, leveraging over 16 different flaws since 2023 Primary targets include healthcare, education, finance, and services sectors across the US, UK, and Australia Storm-1175 has weaponized zero-day exploits before public disclosure, demonstrating advanced capabilities The gr
Apr 73 min read
$285 Million Drift Hack: Inside the Six-Month North Korean Social Engineering Campaign
Key Findings North Korean state-sponsored hacking group UNC4736 orchestrated a six-month social engineering campaign against Drift, culminating in the theft of $285 million on April 1, 2026 The operation began in fall 2025 with actors posing as a quantitative trading firm, using in-person meetings at cryptocurrency conferences across multiple countries to build trust with Drift contributors UNC4736 is also tracked as AppleJeus, Citrine Sleet, Golden Chollima, and Gleaming Pis
Apr 53 min read
Qilin Ransomware Group Claims Hack of German Political Party Die Linke
Key Findings Qilin ransomware group claims to have breached Die Linke, Germany's left-wing political party, and posted the claim on its Tor data leak site on April 1, 2026 Die Linke discovered the attack on March 27 and confirmed the incident but has not verified whether data was actually stolen The party's membership database was not compromised and no member data was accessed Qilin has provided no proof of the breach despite making the claim Qilin is one of the most prolifi
Apr 52 min read
Crunchyroll Data Breach Impacts Nearly 1.2 Million Accounts
Key Findings Crunchyroll experienced a data breach in March 2026 affecting approximately 6.8 million users Attackers gained unauthorized access to the company's Zendesk support system Exposed data included names, login credentials, email addresses, IP addresses, geographic location data, and support ticket contents A subset of 1.2 million email addresses from a larger 2 million record dataset was later provided to Have I Been Pwned 1,195,684 breached accounts were confirmed i
Apr 42 min read
Drift's $285 Million Durable Nonce Hack: DPRK-Linked Social Engineering Attack Raises Questions About Protocol Security
Key Findings Drift Protocol, a Solana-based decentralized exchange, lost approximately $285 million on April 1, 2026 in a sophisticated social engineering attack Attackers exploited durable nonce mechanisms to obtain unauthorized multisig approvals and gain control of the Security Council administrative powers The attack involved multi-week preparation starting as early as March 23, 2026, with staged execution and pre-signed transactions Threat actors created a fictitious ass
Apr 33 min read
Massive CVE-2025-55182 Exploit Campaign Compromises 766 Next.js Servers in Credential Theft Attack
Key Findings At least 766 Next.js hosts across multiple geographic regions and cloud providers compromised through CVE-2025-55182 exploitation Threat cluster UAT-10608 attributed to the campaign by Cisco Talos Critical vulnerability (CVSS 10.0) in React Server Components and Next.js App Router enables remote code execution NEXUS Listener framework deployed post-compromise to harvest and exfiltrate credentials via web-based GUI Stolen data includes database credentials, SSH ke
Apr 32 min read
ShinyHunters Claims Theft of 3M+ Cisco Records in Latest Breach Threat
Key Findings ShinyHunters has issued a final warning to Cisco with an April 3, 2026 deadline before publicly leaking over 3 million alleged stolen records The group claims access through three separate breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts Stolen data includes personally identifiable information, GitHub repositories, AWS storage buckets, and internal corporate data Screenshots provided by the group show access to AWS organizational dashboards an
Apr 22 min read
WhatsApp Warns 200 Users of Fake iOS App with Government Spyware Linked to Italian Vendor
Key Findings WhatsApp alerted approximately 200 users, primarily in Italy, who were tricked into installing a counterfeit iOS app containing spyware The fake app was created by Asigint, an Italian subsidiary of spyware company SIO Spa All affected users have been logged out and advised to uninstall the malicious app and download the official version WhatsApp is pursuing legal action against Asigint to stop further malicious activity The attack relied on social engineering tac
Apr 22 min read
Anthropic Leaks 512,000 Lines of Claude Source Code in Security Blunder
Key Findings Anthropic leaked approximately 512,000 lines of Claude Code source code through a misconfigured npm source map file on March 31, 2026 The leak was discovered within hours by an intern at Solayer Labs and rapidly mirrored across the internet Claude Code generates $2.5 billion annually, representing a significant portion of Anthropic's $19 billion total revenue The exposed code reveals proprietary solutions including a three-layer memory system designed to prevent
Apr 13 min read
# Critical Supply Chain Attack: Axios npm Account Compromised to Distribute Cross-Platform RAT Malware
Key Findings Attackers compromised the npm account of Axios maintainer Jason Saayman and published malicious versions 1.14.1 and 0.30.4 containing a hidden RAT malware dependency The malicious versions injected "plain-crypto-js@4.2.1" as a fake dependency that deploys cross-platform remote access trojans targeting Windows, macOS, and Linux Both poisoned versions were published within 39 minutes on March 31, 2026, bypassing GitHub Actions CI/CD verification through compromised
Mar 313 min read
Lockheed Martin's 375TB Data Breach: Massive Trove Listed on Dark Web Market for $600M
Key Findings A dark web marketplace called Threat Market is listing 375 terabytes of alleged Lockheed Martin data for $600 million, with an alternative $374 million price tag The data was allegedly provided by a group claiming to be "APT IRAN" starting March 26, 2026 A separate Iran-linked group called Handala Hack Team claimed around the same time to have accessed personal data of Lockheed Martin engineers and employees No verification of the breach has been confirmed by Loc
Mar 312 min read
Citrix NetScaler CVE-2026-3055 Under Active Attack: Sensitive Data Exposure Risk
Key Findings CVE-2026-3055 is a critical vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway affecting memory through an insufficient input validation flaw Attackers are actively probing the vulnerability via honeypot detection and fingerprinting authentication methods Only affects systems configured as a SAML Identity Provider, though this is a common enterprise configuration No public exploits exist yet, but in-the-wild exploitation is considered imminent Organizat
Mar 292 min read
Lloyds Group to Compensate 450,000 Customers Following Data App Glitch
Key Findings Software defect during routine overnight app update on 12 March exposed financial data for 447,936 customers across Lloyds, Halifax, and Bank of Scotland Privacy barriers between accounts failed for several hours, allowing customers to see strangers' transactions or have their own data exposed Over 114,000 users clicked on rogue transactions and may have viewed sensitive information including National Insurance numbers, payment references, and account details Dat
Mar 293 min read
European Commission Data Breach: ShinyHunters Claims 350GB Hack of AWS Cloud Infrastructure
Key Findings ShinyHunters claims to have breached European Commission systems and stolen over 350GB of data Alleged data includes mail server dumps, databases, confidential documents, and contracts The European Commission confirmed detecting a cyberattack on March 24 affecting cloud infrastructure hosting Europa.eu websites Internal systems were not compromised according to the Commission's investigation AWS denies any security incident occurred within its cloud environment N
Mar 283 min read
Iranian Hackers Claim Breach of FBI Director Kash Patel's Personal Email Account
Key Findings Iranian government-linked hacking group Handala claimed Friday to have compromised FBI Director Kash Patel's personal email account and released the data publicly The FBI confirmed awareness of the targeting but stated no government information was compromised and the exposed data is historical in nature Handala framed the breach as retaliation for U.S. seizure of its domains and a $10 million State Department reward for information on group members Leaked docume
Mar 273 min read
bottom of page
