This is a section for all my blogs.
What happened: A new wave of Sha1‑Hulud supply‑chain attacks trojanized hundreds of npm packages (uploaded Nov 21–23, 2025) to run malicious code during the preinstall […]
Microsoft confirmed a timing bug in Windows 11 24H2 cumulative updates (since July 2025) that prevents key XAML packages from registering quickly enough after update/install. […]
Researchers at the University of Vienna demonstrated a powerful account‑enumeration technique against WhatsApp that allowed them to check hundreds of millions of phone numbers per […]
Sneaky2FA’s adoption of the browser‑in‑the‑browser (BitB) trick marks a meaningful escalation in phishing sophistication. The kit already automated real‑time MFA relay (AitM) and SVG‑based UI […]
SecurityScorecard’s STRIKE team has uncovered Operation WrtHug, a large‑scale campaign that has seized tens of thousands of end‑of‑life ASUS WRT routers worldwide by chaining several […]
A new campaign dubbed ShadowRay 2.0 is weaponizing exposed Ray clusters to build a self‑propagating cryptomining botnet and more. Researchers at Oligo attribute the activity […]
Phishing kits have always been the low‑effort, high‑reward tool of choice for attackers. Tycoon 2FA proves they’ve reached a new level of industrialization: turnkey, automated, […]
Google released an out‑of‑band Chrome 142 update to patch a high‑severity V8 engine vulnerability (CVE‑2025‑13223) that’s been exploited in the wild. The issue is a […]
The Finger protocol — a relic from the early internet used to query user info on remote hosts — has quietly reappeared in modern malware […]
Fortinet has confirmed active exploitation of a critical vulnerability in FortiWeb web application firewall appliances that allows unauthenticated attackers to gain administrative access. Tracked as […]
Copyright © 2026 | WordPress Theme by MH Themes