The maintainers of the Nx build system have warned users about a supply chain attack that allowed cybercriminals to release malicious versions of the popular npm package along with supporting plugins, designed to steal sensitive information. According to the advisory published on Wednesday, “Malicious versions of the Nx package, and certain auxiliary plugins, were uploaded […]
BruteForceAI, created by security researcher Mor David, is a modern penetration testing tool that combines large language models (LLMs) with browser automation to automatically detect login forms and perform advanced brute-force testing. By merging AI-powered form analysis, evasion strategies, and detailed logging, this framework makes credential-testing faster and more efficient, helping security professionals quickly uncover
BruteForceAI Tool Automates Login Page Detection and Smart Brute-Force Attacks Read More »
Spotify has officially launched a new in-app direct messaging feature called Messages, now available to both Free and Premium users aged 16 and above in select regions. The update went live on August 26, 2025, and is designed to make sharing music, podcasts, and audiobooks more seamless while encouraging social engagement inside the platform. How
Spotify Introduces Direct Messaging for Music Sharing, Security Risks Analyzed Read More »
A newly identified hacking cluster known as ShadowSilk has been linked to a wave of cyber intrusions aimed at government agencies in Central Asia and the Asia-Pacific (APAC) region. Rising Campaigns and Overlaps with Other Groups Group-IB reports that nearly 36 victims have been confirmed so far, with attackers primarily focused on stealing sensitive data.
ShadowSilk Targets 35 Organizations in Central Asia and APAC via Telegram Bots Read More »
A newly uncovered phishing operation called the ZipLine campaign is actively targeting U.S. manufacturing companies. The attackers disguise themselves as business partners and exploit supply chain importance to deliver a fileless, memory-resident malware known as MixShell. Unconventional Phishing Tactics Unlike traditional phishing methods, ZipLine reverses the workflow. Instead of sending the first email, threat actors
ZipLine Campaign Targets Manufacturing Firms with In-Memory MixShell Malware Read More »
A whistleblower report filed today accuses the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) of secretly replicating the nation’s entire Social Security dataset in an unsecured cloud environment. According to the disclosure, this action placed over 300 million Americans at risk of identity theft, financial fraud, and potential loss of Social
DOGE Accused of Uploading Social Security Data to Unsecured Cloud Read More »
A newly discovered ransomware family named Cephalus has emerged as a serious cyber threat, infiltrating organizations by exploiting compromised Remote Desktop Protocol (RDP) credentials that lack multi-factor authentication (MFA). The ransomware’s name comes from Greek mythology, referencing Cephalus, the son of Hermes, who accidentally killed his wife with an infallible javelin. This symbolism underscores the
New Cephalus Ransomware Uses RDP for Initial Access Read More »
Google has released an urgent security update for Chrome to fix a critical use-after-free (UAF) vulnerability (CVE-2025-9478) found in the ANGLE graphics library. This flaw could allow attackers to execute arbitrary code and potentially take over affected systems. The issue impacts Chrome versions earlier than 139.0.7258.154/.155 across Windows, macOS, and Linux. Discovery and Severity The
Critical Chrome Use After Free Vulnerability Enables Arbitrary Code Execution Read More »
A highly advanced cyber campaign has compromised corporate Salesforce environments by abusing OAuth tokens linked to the Salesloft Drift third-party application. The incident resulted in large-scale exposure of sensitive information across several organizations. The campaign, attributed to UNC6395, was active between August 8 and August 18, 2025, and showed a high level of operational security
Salesloft and Drift Breach Used to Steal OAuth Tokens from Salesforce Read More »
China-based Advanced Persistent Threat (APT) group Mustang Panda has established itself as one of the most sophisticated cyber espionage actors active in the global threat landscape. Active since at least 2014, the group has consistently expanded its operations and capabilities, targeting organizations in both government and non-government sectors. Global Targeting and Spear-Phishing Operations Mustang Panda
China-Based Threat Group Mustang Panda Tactics and Techniques Exposed Read More »