Cybersecurity

Evilginx, a tool based on the legitimate (and widely used) open-source nginx web server, can be used to steal usernames, passwords, and session tokens,...

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after...

On March 6th, Searchlight Cyber published a blog revealing details about a new deserialization vulnerability in Sitecore . Sitecore calls itself a "Digital Experience...

In episode 43 of The AI Fix, our hosts discover a robot that isn’t terrifying, a...

Full Transcript The dark web is full of mystery. Some of it’s just made up though. Chris Monteiro wanted to see...

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as...

It's time to fly! 🇬🇧 🇮🇸 🇮🇪 That's two new flags (or if you're on Windows and can't see flag emojis, that's two new...

Over the years the industry has tied itself in knots in its attempts at augmenting (or upgrading) the password, using all sorts of confusing...

Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in...

At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What’s intriguing about this malware is how...

In September, Cisco published an advisory noting two vulnerabilities : CVE-2024-20439: Cisco Smart Licensing Utility Static Credential Vulnerability CVE-2024-20440: Cisco Smart Licensing Utility Information Disclosure Vulnerability These...

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to...