HACKING CATEGORY
5G  AI  AitM framework  ANDROID  Apple  ATTACK  BiTM  Bluetooth  BROWSER  Browser Extension  Cache smuggling  ClickFix techniques  Cloud  CLUSTER  Credit card skimmer  Crypto Mining  CRYPTOCURRENCY  CyberSpionage  DLL  DNS  EDR  EXPLOIT  Fraud  fraud and malvertising  HACKING  HACKING Tricks  Hardware  Hijack technique  HTML  INJECT  Inject malware  iOS  LINUX  M365  M365 COPILOT  Malicious  Malicious package  MALWARE  ML  Mobil  NFC  Payment skimmer  Phishing  Proxyjacking  RANSOMWARE  SCRIPT  Skimmer  SOFTWARE  SPAM  TCP/IP THREATS  TOOLS  VBA macro  VPN  VULNEREBILITY  WEB  WEBSCOKET


H  WEB  HACKING  MOBIL  SOFTWARE  HARDWARE  LAN  OS  AI  MALWARE


DATE NAME INFO CATEGORY SUBCATE
09.12.23 5GHOUL 5Ghoul : Unleashing Chaos on 5G Edge Devices HACKING 5G
17.06.26 Hijacking Vertex AI Model Uploads for Cross-Tenant RCE Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE HACKING AI
31.05.26 LLMShare LLMShare: how attackers are turning AI chatbot pages into malware delivery platforms HACKING AI
30.05.26 SymJack SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents HACKING AI
30.05.26 TrustFall TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot HACKING AI
26.03.26 Poisoned Typeface Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares HACKING AI
26.03.26 ShadowPrompt ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension HACKING AI
01.03.26 Log Poisoning in OpenClaw It is important to be clear here: this is not a traditional remote code execution vulnerability. Instead, its an indirect prompt injection risk, where exploitation depends on context.  HACKING AI
16.01.26 Reprompt Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data HACKING AI
07.01.26 Prompt poaching Prompt poaching runs rampant in extensions HACKING AI
19.11.25 Exploiting Agent-to-Agent Discovery via Prompt Injection When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection HACKING AI
06.11.25 HackedGPT HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage HACKING AI
28.10.25 OpenAI Atlas Omnibox Prompt Injection OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks HACKING AI
28.10.25 ChatGPT Tainted Memories “ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT HACKING AI
08.10.25 ASCII Smuggling Ghosts in the Machine: ASCII Smuggling across Various LLMs HACKING AI
08.10.25 Disrupting malicious uses of AI Disrupting malicious uses of AI: October 2025 HACKING AI
05.10.25 CometJacking CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You HACKING AI
20.09.25 LLM-Enabled Malware Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware HACKING AI
20.09.25 ShadowLeak ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent HACKING AI
17.09.25 Echoleak Echoleak- Send a prompt , extract secret from Copilot AI!( CVE-2025-32711) HACKING AI
12.09.25 Open Repo Oasis Security’s research team uncovered a vulnerability in Cursor, the popular AI Code Editor, that allows a maliciously crafted code repository to execute code as soon as it's opened using Cursor, no trust prompt.  HACKING AI
04.09.25 Hexstrike-AI Hexstrike-AI: When LLMs Meet Zero-Day Exploitation HACKING AI
20.08.25 Scamlexity "Scamlexity" - a new era of scam complexity, supercharged by Agentic AI. Familiar tricks hit harder than ever, while new AI-born attack vectors break into reality.  HACKING AI
01.06.25 Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos based on user prompts. HACKING AI
22.02.25 Deceptive Employment Scheme A network from North Korea linked to the fraudulent IT worker scheme that was involved in the creation of personal documentation for fictitious job applicants, such as resumés, online job profiles and cover letters, as well as come up convincing responses to explain unusual behaviors like avoiding video calls, accessing corporate systems from unauthorized countries or working irregular hours. Some of the bogus job applications were then shared on LinkedIn. HACKING AI
22.02.25 Sponsored Discontent A network likely of Chinese origin that was involved in the creation of social media content in English and long-form articles in Spanish that were critical of the United States, and subsequently published by Latin American news websites in Peru, Mexico, and Ecuador. HACKING AI
22.02.25 Romance-baiting Scam A network of accounts that was involved in the translation and generation of comments in Japanese, Chinese, and English for posting on social media platforms including Facebook, X and Instagram in connection with suspected Cambodia-origin romance and investment scams. HACKING AI
22.02.25 Iranian Influence Nexus  A network of five accounts that was involved in the generation of X posts and articles that were pro-Palestinian, pro-Hamas, and pro-Iran, and anti-Israel and anti-U.S., and shared on websites associated with an Iranian influence operations tracked as the International Union of Virtual Media (IUVM) and Storm-2035. HACKING AI
22.02.25 Kimsuky and BlueNoroff A network of accounts operated by North Korean threat actors that was involved in gathering information related to cyber intrusion tools and cryptocurrency-related topics, and debugging code for Remote Desktop Protocol (RDP) brute-force attacks HACKING AI
22.02.25 Youth Initiative Covert Influence Operation A network of accounts that was involved in the creation of English-language articles for a website named "Empowering Ghana" and social media comments targeting the Ghana presidential election HACKING AI
22.02.25 Task Scam A network of accounts likely originating from Cambodia that was involved in the translation of comments between Urdu and English as part of a scam that lures unsuspecting people into jobs performing simple tasks (e.g., liking videos or writing reviews) in exchange for earning a non-existent commission, accessing which requires victims to part with their own money. HACKING AI
06.02.26 DKnife  Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework HACKING AitM framework
09.05.26 CallPhantom tricks Fake call logs, real payments: How CallPhantom tricks Android users HACKING ANDROID
04.05.24 AirBorne Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk HACKING Apple
06.12.23 Fake Lockdown Mode Fake Lockdown Mode: A post-exploitation tampering technique HACKING Apple
20.09.25 Large-Scale Attack  Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware HACKING ATTACK
21.12.24 cShell DDoS Bot Attack ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. The threat actor initially targeted poorly managed SSH services and ultimately installed a DDoS bot named cShell. cShell is developed in the Go language and is characterized by exploiting Linux tools called screen and hping3 to perform DDoS attacks.  HACKING ATTACK
09.08.24 Downgrade Attacks Windows Downdate: Downgrade Attacks Using Windows Updates HACKING Attack
01.06.25 Browser in the Middle (BiTM) An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. HACKING BiTM
18.01.26 WhisperPair Hijacking Bluetooth Accessories Using Google Fast Pair  HACKING Bluetooth
31.12.25 DarkSpectre DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers HACKING BROWSER
10.03.25 Polymorphic Extensions Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension HACKING Browser Extension
26.10.25 Cache smuggling Cache smuggling: When a picture isn’t a thousand words HACKING Cache smuggling
09.08.25 “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat HACKING ClickFix 
16.03.26 Evil evolution Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers  HACKING ClickFix techniques
24.09.25 SSRF to AWS Metadata Exposure SSRF to AWS Metadata Exposure: How Attackers Steal Cloud Credentials HACKING Cloud
20.05.25 Shadow Roles Shadow Roles: AWS Defaults Can Open the Door to Service Takeover HACKING CLOUD
11.02.26 LABYRINTH CHOLLIMA LABYRINTH CHOLLIMA Evolves into Three Adversaries HACKING CLUSTER
09.02.26 TeamPCP  Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape HACKING CLUSTER
09.02.26 Vortex Werewolf (SkyCloak) A new cluster is distributing malware via phishing. We demonstrate how the attack works through fake pages simulating file downloads from Telegram. HACKING CLUSTER
14.01.25 Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. HACKING credit card skimmer
28.11.24 Dozens of Machines Infected Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft HACKING Crypto Mining
24.08.25 DOM-based Extension Clickjacking DOM-based Extension Clickjacking: Your Password Manager Data at Risk HACKING CRYPTOCURRENCY
21.08.25 DOM-based Extension Clickjacking DOM-based Extension Clickjacking: Your Password Manager Data at Risk HACKING CRYPTOCURRENCY
04.04.25 ClickFix tactic From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic HACKING CRYPTOCURRENCY
02.04.25 CPU_HU: Fileless cryptominer CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims HACKING CRYPTOCURRENCY
09.07.24 Jenkins Script Console Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective HACKING CRYPTOCURRENCY
01.04.25 Earth Alux The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques HACKING CyberSpionage
01.01.24 Hijack Execution Flow: DLL Search Order Hijacking Adversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program.Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution.  HACKING DLL
28.05.24 DNSBomb DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.  HACKING DNS
20.03.26 The technology behind EDR killers ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers  HACKING EDR
27.02.25 360XSS 360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning HACKING EXPLOIT
22.03.24 z0Miner z0Miner Exploits Korean Web Servers to Attack WebLogic Server HACKING Exploit
14.09.23 Repo Jacking Repo Jacking: Exploiting the Dependency Supply Chain HACKING EXPLOIT
28.06.23 Process Mockingjay Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution HACKING EXPLOIT
24.07.23 drIBAN Uncovering drIBAN fraud operations. Chapter 3: Exploring the drIBAN web inject kit HACKING fraud 
20.05.26 Trapdoor funnels malvertising into ad fraud HUMAN’s Satori Threat Intelligence and Research Team has identified and has disrupted an ad fraud and malvertising operation dubbed Trapdoor. The operation encompasses 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains that together form a multi-stage fraud pipeline HACKING fraud and malvertising
25.04.26 PhantomRPC PhantomRPC: A new privilege escalation technique in Windows RPC HACKING HACKING
25.03.26 Supply Chain Attack in litellm 1.82.8 on PyPI A compromised release steals credentials and spreads to Kubernetes clusters. First reported to PyPI by FutureSearch.  HACKING HACKING
09.03.26 Pixel Perfect Pixel Perfect: Sold Extension Injects Code Through Pixel HACKING HACKING
06.11.23 Agonizing Serpens The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property. HACKING Hacking
11.12.24 Windows UI Automation Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation HACKING HACKING Tricks
03.06.24 Cox modems hack Hacking Millions of Modems (and Investigating Who Hacked My Modem) HACKING Hardware
01.06.24 Pumpkin Eclipse Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).  HACKING Hardware
05.09.24 Revival Hijack Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk HACKING hijack technique
15.08.24 ArtiPACKED ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts HACKING hijack technique
27.05.24 HTML Smuggling HTML smuggling is an innovative attack technique, which abuses HTML5 and JavaScript features to inject or extract data across network boundaries.  HACKING HTML
27.03.25 UI/UX changes Over 150K websites hit by full-page hijack linking to Chinese gambling sites HACKING INJECT
28.05.24 Server Side Credit Card Skimmer Lodged in Obscure Plugin Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from a WooCommerce online store.  HACKING inject malware
11.04.24 Trick Developers Detected in an Open Source Supply Chain Attack In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub's search functionality, and using meticulously crafted repositories to distribute malware.  HACKING inject malware
18.01.24 iShutdown  A lightweight method to detect potential iOS malware HACKING iOS
05.04.26 Cookie-controlled PHP webshells Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments HACKING LINUX
03.06.26 FlagLeft FlagLeft: We Found A Forgotten Flag That Turned Microsoft 365 Apps Into a Silent Account Takeover Pipeline for Billions of Users HACKING M365
25.03.26 Microsoft 365 Token Attack Infrastructure Riding the Rails: Threat Actors Abuse Railway.com PaaS as Microsoft 365 Token Attack Infrastructure HACKING M365
21.06.26 SearchLeak SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon HACKING M365 COPILOT
23.04.26 Checkmarx KICS images Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions HACKING Malicious
20.02.26 AgreeToSteal AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials HACKING Malicious 
11.06.26 NPM Ignore Scripts Best NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages HACKING Malicious package
06.06.26 TanStack Supply Chain Attack On 11 May 2026, the threat actor group TeamPCP compromised 42 TanStack npm packages by chaining three GitHub Actions vulnerabilities to hijack the project's legitimate CI/CD pipeline. The attackers then published 84 malicious package versions carrying valid SLSA Build Level 3 provenance attestations, making them indistinguishable from legitimate releases by standard verification methods. HACKING Malicious package
08.04.26 Python-Based Backdoor and Changes in Distribution Techniques Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) HACKING MALWARE
08.04.26 Handala Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment HACKING MALWARE
08.04.26 DPRK Malware Modularity DPRK Malware Modularity: Diversity and Functional Specialization HACKING MALWARE
10.03.26 GhostClaw GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything HACKING MALWARE
13.12.25 EtherHiding Hiding Web2 Malicious Code in Web3 Smart Contracts HACKING MALWARE
15.11.25 Remote Wipe Tactics Targeting Android Devices The Genians Security Center (GSC) has identified new attack activity linked to the KONNI APT campaign, which is known to be associated with the Kimsuky or APT37 groups.  HACKING MALWARE
03.11.25 Tap-and-Steal Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices HACKING Malware
26.10.25 EtherHiding Hiding Web2 Malicious Code in Web3 Smart Contracts HACKING Malware
20.03.25 Auto Dealership Supply Chain Attack Over 100 auto dealerships were being abused compliments of a supply chain attack of a shared video service unique to dealerships.  HACKING MALWARE
05.09.24 Macropack Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads HACKING Malware
30.08.24 Malicious npm Packages North Korea Still Attacking Developers via npm HACKING Malware
14.06.24 Sleepy Pickle Part 2 Exploiting ML models with pickle file attacks: Part 2 HACKING ML
14.06.24 Sleepy Pickle Part 1 Exploiting ML models with pickle file attacks: Part 1 HACKING ML
07.03.24 Quishing QR codes have had a great run in the past few years, diffusing into almost every aspect of our lives, from looking at restaurant menus and paying for products or services online and offline to accessing websites with greater ease. While the positives of QR codes are clearly visible, both from a business and user perspective, their usage has some pitfalls.  HACKING Mobil
20.11.24 Ghost Tap Ghost Tap: New cash-out tactic with NFC Relay HACKING NFC
26.03.26 WebRTC skimmer bypasses Sansec discovered a payment skimmer that uses WebRTC DataChannels to receive its payload and exfiltrate stolen data, bypassing CSP and HTTP-based security tools.  HACKING payment skimmer
23.11.25 MFA downgrade MFA downgrade: How attackers are getting around phishing-resistant authentication HACKING Phishing
15.11.25 Quantum Redirect Quantum Redirect: Offense by Vibes HACKING PHISHING
15.11.25 Quantum Route Redirect Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack HACKING PHISHING
29.03.25 Browser-in-the-Browser (BitB) phishing technique A browser-in-the-browser (BitB) attack is a new phishing technique that simulates a login window with a spoofed domain within a parent browser window to steal credentials. HACKING PHISHING
21.08.24 pwish  Be careful what you pwish for – Phishing in PWA applications HACKING PHISHING
27.05.24 Transparent Phishing and HTML Smuggling Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling HACKING Phishing
26.12.23 RTF template injection  Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors  HACKING Phishing
24.12.23 Insta-Phish-A-Gram Following Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another flavor of ‘infringement’ phishing. In this case, the targets, still under the umbrella of Meta, are Instagram users HACKING Phishing
08.12.23 Ongoing attacks Star Blizzard increases sophistication and evasion in ongoing attacks HACKING Phishing
01.10.23 ZeroFont phishing technique ZeroFont phishing technique HACKING Phishing
01.07.23 Proxyjacking Proxyjacking: The Latest Cybercriminal Side Hustle HACKING Proxyjacking
08.04.26 Qilin EDR killer infection chain Endpoint detection and response (EDR) tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. HACKING RANSOMWARE
03.06.26 1-Click GitHub Token Stealing via a VSCode Bug Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones.  HACKING SCRIPT
03.10.23 Silent Skimmer Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA HACKING Skimmer
29.04.25 UyghurEdit++ Tool Uyghur Language Software Hijacked to Deliver Malware HACKING SOFTWARE
13.11.25 A dual strategy: legal action and new legislation to fight scammers That text message you got about a 'stuck package' from USPS or an 'unpaid road toll'? It’s not just spam. It’s the calling card of a sophisticated, global scam that has swindled victims out of millions of dollars.  HACKING SPAM
15.04.25 Double-Edged Email Attack Pick your Poison - A Double-Edged Email Attack HACKING SPAM
03.01.24 SMTP Smuggling In the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks HACKING SPAM
28.11.23 PERFORM NTLM FORCED AUTHENTICATION ATTACKS ABUSING MICROSOFT ACCESS “LINKED TABLE” FEATURE TO PERFORM NTLM FORCED AUTHENTICATION ATTACKS HACKING TCP/IP HACK
03.10.23 Authenticated Origin Pulls (mTLS) When visitors request content from your domain, Cloudflare first attempts to serve content from the cache. If this attempt fails, Cloudflare sends a request — or an origin pull — back to your origin web server to get the content.  HACKING TCP/IP HACK
04.07.23 HTML Smuggling HTML Smuggling: The Hidden Threat in Your Inbox HACKING TCP/IP HACK
21.08.25 Scattered Spider Scattered Spider: A Threat Profile HACKING THREATS
25.03.26 HwAudKiller  From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill HACKING TOOL
02.11.23 Kopeechka How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime HACKING Tool
24.04.26 AdaptixC2 AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks HACKING TOOLS
05.06.24 Excel File Deploys FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. HACKING VBA macro
10.05.24 Tunnelcrack TunnelCrack is a combination of two widespread security vulnerabilities in VPNs. An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel.  HACKING VPN
10.05.24 TunnelVision A local network VPN leaking technique that affects all routing-based VPNs HACKING VPN
03.01.26 MongoDB Unauthenticated Attacker Sensitive Memory Leak The Situation: A major vulnerability allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. No login is required.  HACKING VULNEREBILITY
05.02.25 CVE-2025-0411 CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks HACKING VULNEREBILITY
15.11.25 MCP Hijacking MCP Hijacking of Cursor’s New Browser HACKING WEB
05.04.26 RoadK1ll RoadK1ll: A WebSocket Based Pivoting Implant  HACKING WEBSCOKET