The most recent content from our members.
It looks like you're new here. Sign in or register to get started.
Observed in the wild A publicly available GitHub repository, RedSun, demonstrates a proof‑of‑concept issue affecting how Microsoft Defender handles cloud‑flagged malicious files. Under certain conditions, Defender may rewrite a detected file back to its original location, creating a path to overwrite protected system…
Observed in the wild A publicly available GitHub repository, UnDefend, demonstrates a proof‑of‑concept denial‑of‑service condition against Microsoft Defender by intentionally disrupting its ability to update and function correctly. While published as research rather than a campaign, Huntress has reported observing UnDefend…
Observed in the wild Elastic Security Labs identified a targeted social‑engineering campaign using the legitimate Obsidian note‑taking application to compromise individuals in the financial and cryptocurrency sectors. Victims were approached via LinkedIn and Telegram, persuaded to access a shared Obsidian vault, which…
Observed in the wild ANY.RUN researchers identified an active phishing campaign abusing legitimate Google Cloud Storage domains to impersonate Google Drive. The campaign targeted business users, particularly those handling bids, invoices and shared documents, harvesting credentials and delivering the Remcos remote access…
Observed in the wild Cisco Talos reported a sustained increase in phishing emails abusing n8n automation webhooks from October 2025 to March 2026, impacting enterprise email users. Campaigns impersonated trusted services to deliver malware or silently fingerprint recipients. Email volumes containing n8n webhook URLs rose…
Observed in the wild A malicious VS Code extension impersonating “Material Icon Theme” (v5.29.1) was discovered in late November 2025. Its Mach-O binary contains a user-path string identical in style to GlassWorm samples, a distinctive technical overlap. This finding comes amid a confirmed resurgence of GlassWorm activity,…
On 7 April, a security researcher at Expmon detected a sophisticated zero day exploit targeting Adobe Reader, delivered via malicious PDF files and confirmed to work against the latest patched versions of the application. The PDFs automatically execute obfuscated JavaScript on open, abusing privileged Acrobat APIs to…
On 2 April, researchers at Abnormal disclosed a targeted phishing campaign leveraging a previously undocumented phishing‑as‑a‑service (PhaaS) platform, dubbed "VENOM", to compromise Microsoft 365 credentials, primarily targeting C‑suite and senior executives by name across multiple industries, from November 2025 to March…
On 3 April, a security researcher released an exploit proof of concept (PoC) for an undisclosed Windows local privilege escalation vulnerability, dubbed BlueHammer, allegedly due to frustration with Microsoft’s Security Response Centre. The vulnerability is a race condition due to the interaction between Microsoft…
On 7 April, Darktrace published a report on a recent attack involving Chaos malware targeting their honeypot environment. Historically, Chaos malware spread across routers via SSH bruteforcing and known CVEs, and then incorporated infected devices into a DDoS botnet. In this attack, the malware was instead observed…
Microsoft Entra Backup and Recovery is a new built-in solution (currently in public preview) that automatically backs up critical Microsoft Entra ID (Azure Active Directory) objects and allows administrators to restore them to a previous good state after accidental changes or security incidents. It captures daily snapshots…
What Cisco Talos’ 2025 Year in Review tells us about modern cyber risk and what organisations should do next The Cisco Talos 2025 Year in Review makes one thing abundantly clear: cyber attackers are no longer winning because they are more sophisticated, they are winning because they are faster. Across vulnerabilities,…
I recently experimented with Microsoft's new Windows 365 for Agents service by building an AI agent to tackle a real-world task, and the results were eye-opening. Within minutes, the platform automatically provisioned two Cloud PCs running Windows 365 to execute my agent’s workflow. Even more impressively, I was able to…