Threat

Citrix NetScaler Faces Active Reconnaissance for CVE-2026-3055 High-Severity Memory Overread Vulnerability

A newly disclosed high-risk vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway is already drawing attention from threat actors, with security firms reporting active reconnaissance activity targeting exposed systems. Critical Memory Overread Vulnerability Identified The flaw, tracked as CVE-2026-3055, has been assigned a CVSS score of 9.3, highlighting its severity. This issue stems from improper input […]

Citrix NetScaler Faces Active Reconnaissance for CVE-2026-3055 High-Severity Memory Overread Vulnerability Read More »

CISA Adds CVE-2025-53521 to KEV List Following Active Exploitation of F5 BIG-IP APM

The U.S. cybersecurity authority, Cybersecurity and Infrastructure Security Agency (CISA), has officially added a high-severity vulnerability affecting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog after confirming real-world attacks. Critical Vulnerability Escalates to Remote Code Execution The flaw, tracked as CVE-2025-53521, carries a CVSS v4 score of 9.3 and allows attackers to

CISA Adds CVE-2025-53521 to KEV List Following Active Exploitation of F5 BIG-IP APM Read More »

TeamPCP Distributes Malicious Telnyx Packages on PyPI, Conceals Data Stealer Inside WAV Files

A new software supply chain attack has been uncovered involving TeamPCP, the same threat group previously linked to compromises of Trivy, KICS, and litellm. This time, the attackers targeted the widely used Telnyx Python package by uploading malicious versions to the Python Package Index (PyPI). Malicious Versions Disguised as Legitimate Updates Security researchers revealed that

TeamPCP Distributes Malicious Telnyx Packages on PyPI, Conceals Data Stealer Inside WAV Files Read More »

AitM Phishing Attack Targets TikTok Business Accounts by Bypassing Cloudflare Turnstile Security

Cybersecurity researchers have uncovered a sophisticated phishing campaign designed to compromise TikTok for Business accounts using advanced adversary-in-the-middle (AitM) techniques. The operation, identified by Push Security, highlights how attackers are evolving their tactics to bypass modern security defenses. Business Accounts Become High-Value Targets Accounts linked to social media platforms are increasingly attractive to cybercriminals. Once compromised,

AitM Phishing Attack Targets TikTok Business Accounts by Bypassing Cloudflare Turnstile Security Read More »

LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace

Russian authorities have arrested the alleged administrator of the LeakBase cybercrime forum, a platform known for trading stolen personal and corporate data, state media reported. Details of the Arrest According to TASS and MVD Media, the suspect, a resident of Taganrog, was detained for creating and managing a criminal website that allowed stolen databases to be bought and sold since

LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace Read More »

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data

Cybersecurity researchers have uncovered a sophisticated malware campaign dubbed GlassWorm, which delivers a multi-stage attack framework designed to steal credentials, exfiltrate cryptocurrency data, and install a remote access trojan (RAT) disguised as a Google Docs Offline extension. Multi-Stage Attack Mechanism According to Aikido Security, GlassWorm begins by infiltrating systems through compromised packages across npm, PyPI,

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data Read More »

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign has been identified targeting users searching for tax-related documents, leading to the deployment of remote access malware and advanced security evasion tools. The campaign, active since early 2026, was analyzed by Huntress, revealing how attackers are abusing online advertisements to distribute malicious software disguised as legitimate tax resources. Malicious Ads Target Tax-Related

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR Read More »

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials

Security researchers have reported that the cloud-native cybercriminal group TeamPCP has expanded its supply chain operations by targeting Checkmarx GitHub Actions workflows. This latest activity follows their notorious compromise of the Trivy vulnerability scanner and associated GitHub Actions. The compromised workflows include: How the Attack Works According to cloud security firm Sysdig, the attackers used a

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials Read More »

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers

Cybersecurity experts have identified a newly discovered malware strain named Speagle, which manipulates the features and infrastructure of a legitimate document security tool, Cobra DocGuard, to carry out covert data theft operations. According to a recent report by Symantec and Carbon Black researchers, the malware quietly collects sensitive data from infected systems and transfers it

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers Read More »

54 EDR Killers Leverage BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new cybersecurity analysis has revealed that dozens of endpoint detection and response (EDR) killer tools are actively exploiting trusted system components to disable security protections. Researchers have identified 54 such tools leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique by abusing at least 35 signed but vulnerable drivers. According to ESET, these tools

54 EDR Killers Leverage BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security Read More »