Threat

Defense Contractor Employee Sentenced for Selling 8 Zero Days to Russian Broker

A former employee of U.S. defense contractor L3Harris has been sentenced to more than seven years in federal prison after admitting to selling eight highly sensitive zero-day exploits to a Russian exploit brokerage firm in exchange for millions in cryptocurrency. Peter Williams, 39, an Australian national, pleaded guilty in October 2025 to two counts of […]

Defense Contractor Employee Sentenced for Selling 8 Zero Days to Russian Broker Read More »

SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution

SolarWinds has issued urgent security updates to resolve four critical vulnerabilities in its Serv-U file transfer platform. If exploited, these flaws could allow attackers to execute arbitrary code with root level privileges, creating severe security exposure for affected systems. All four vulnerabilities carry a CVSS score of 9.1, placing them in the critical severity category.

SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution Read More »

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The United States Cybersecurity and Infrastructure Security Agency has officially added a newly revealed security flaw in FileZen to its Known Exploited Vulnerabilities (KEV) catalog after confirming that threat actors are actively abusing the issue in real world attacks. The vulnerability, identified as CVE-2026-25108, carries a CVSS v4 severity rating of 8.7 and involves an operating

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability Read More »

RoguePilot Vulnerability in GitHub Codespaces Allowed GitHub Copilot to Expose GITHUB_TOKEN

A now patched security flaw in GitHub Codespaces could have allowed attackers to hijack repositories by abusing Copilot through a malicious GitHub issue. The vulnerability, discovered by Orca Security, was named RoguePilot and responsibly disclosed to Microsoft. How the Attack Worked The weakness stemmed from how Codespaces integrates Copilot into developer workflows. When a user launches a

RoguePilot Vulnerability in GitHub Codespaces Allowed GitHub Copilot to Expose GITHUB_TOKEN Read More »

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware

A Russia aligned cyber threat group has been linked to a targeted social engineering campaign against a European financial institution, marking a potential expansion beyond its usual Ukraine focused operations. The activity has been attributed to UAC-0050, also known as DaVinci Group. Threat intelligence firm BlueVoyant tracks the cluster under the name Mercenary Akula. The attack reportedly targeted

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware Read More »

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea aligned threat collective Lazarus Group, also tracked under alternative names such as Diamond Sleet and Pompilus, has been linked to fresh ransomware activity impacting organizations in the Middle East and the United States healthcare sector. According to research published by the Symantec and Carbon Black Threat Hunter Team, part of Broadcom, the group leveraged

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks Read More »

UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors

The threat cluster known as UnsolicitedBooker has expanded its targeting footprint, moving from earlier operations in Saudi Arabia to telecommunications providers in Kyrgyzstan and Tajikistan. Security researchers report that the campaign involves two custom backdoors, LuciDoor and MarsSnake, deployed through carefully crafted phishing operations. According to findings released by Positive Technologies, the attackers relied on uncommon

UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors Read More »

Anthropic Claims Chinese AI Firms Used 16 Million Claude Queries to Replicate Its Model

Artificial intelligence firm Anthropic has revealed that three China based AI companies allegedly conducted large scale extraction campaigns targeting its Claude language model. According to the company, the activity involved millions of automated interactions designed to replicate Claude’s advanced capabilities. The organizations named in the disclosure include DeepSeek, Moonshot AI, and MiniMax. Anthropic claims the coordinated campaigns violated its terms

Anthropic Claims Chinese AI Firms Used 16 Million Claude Queries to Replicate Its Model Read More »

APT28 Targeted European Organizations with Webhook Based Macro Malware

A state sponsored cyber espionage group known as APT28 has been linked to a fresh cyber campaign directed at selected entities across Western and Central Europe. The operation, identified by the threat intelligence unit LAB52 of S2 Grupo, remained active from September 2025 through January 2026. Researchers have named the activity Operation MacroMaze, highlighting its structured yet deceptively simple

APT28 Targeted European Organizations with Webhook Based Macro Malware Read More »

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited

The U.S. Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency, has issued an urgent alert regarding two recently patched vulnerabilities affecting Roundcube Webmail. The agency confirmed that both flaws are now being actively exploited in real world attacks and has directed federal agencies to apply patches within three weeks. Roundcube has served as the default

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited Read More »