Login Subscribe

Vulnerabilities & Exploits

APT TA423 Watering‑Hole Injects ScanBox Keylogger into News Sites

A Chinese‑based threat group identified as APT TA423 has been running a watering‑hole campaign that compromises high‑traffic news websites frequented by professionals in targeted industries. The attackers inject the ScanBox reconnaissance framework—a lightweight keylogger and credential‑harvesting tool—into the pages of these sites. When a

CISA Flags Surge of Public Attack Tools Lowering Threat Actor Barriers

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that catalogs dozens of freely available tools that have already been weaponized in real‑world incidents. These include ransomware kits, credential‑dumping utilities, exploit frameworks, and post‑exploitation modules that are now hosted on public repositories, underground forums, and even

Amaranth‑Dragon weaponizes CVE‑2025‑8088 against SE Asia enterprises

Checkpoint researchers have confirmed that the state‑aligned threat group Amaranth‑Dragon has added the newly disclosed CVE‑2025‑8088 remote code execution flaw to its espionage arsenal. The group now deploys a multi‑stage payload that first exploits the vulnerability to gain initial code execution on vulnerable servers, then

Shadow Campaigns Exploit Zero‑Days to Hijack Global Critical Infrastructure

Shadow Campaigns Exploit Zero‑Days to Hijack Global Critical Infrastructure

Unit 42 tracked the Shadow Campaigns group leveraging a blend of publicly known flaws and undisclosed zero‑day exploits to breach critical infrastructure across multiple continents. The attackers began with credential‑theft, moved laterally using privilege‑escalation techniques, and deployed remote code execution payloads to secure footholds and establish long‑

VMware vDefend Brings AI‑Powered Zero‑Trust Lateral Controls to Private Clouds

VMware vDefend Brings AI‑Powered Zero‑Trust Lateral Controls to Private Clouds

VMware has introduced vDefend, a zero‑trust module embedded in its private‑cloud stack that enforces granular, policy‑driven controls on east‑west traffic. The solution uses AI/ML analytics to continuously profile workloads, spot deviations from normal behavior, and trigger automated containment actions without human intervention. By integrating directly

CrowdStrike Wins Gartner Customers’ Choice for EASM – A Defender’s Edge

CrowdStrike Wins Gartner Customers’ Choice for EASM – A Defender’s Edge

CrowdStrike was named the sole winner of Gartner’s 2025 Customers’ Choice award in the External Attack Surface Management (EASM) category. The honor reflects a broad vote from security professionals who evaluated platforms on real‑world performance, ease of use, and the ability to surface unknown assets and exposures across

CISA Flags Open‑Source Tool Abuse Fueling Modern Intrusions

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory showing that adversaries are increasingly turning to publicly available open‑source utilities—such as Nmap, PowerShell scripts, and credential‑dumping tools—to map networks, exploit known vulnerabilities, and embed back‑doors. By leveraging these freely accessible resources, threat actors can