HACKING CATEGORY
5G
AI
AitM framework
ANDROID
Apple ATTACK BiTM Bluetooth
BROWSER Browser Extension
Cache smuggling ClickFix techniques
Cloud CLUSTER Credit card skimmer Crypto Mining
CRYPTOCURRENCY CyberSpionage DLL DNS EDR EXPLOIT
Fraud
fraud and malvertising
HACKING
HACKING Tricks Hardware Hijack
technique HTML INJECT Inject malware iOS
LINUX
M365
M365 COPILOT
Malicious
Malicious package
MALWARE ML
Mobil NFC Payment
skimmer
Phishing
Proxyjacking
RANSOMWARE
SCRIPT
Skimmer SOFTWARE SPAM TCP/IP
THREATS TOOLS VBA macro VPN
VULNEREBILITY
WEB
WEBSCOKET
H WEB HACKING MOBIL SOFTWARE HARDWARE LAN OS AI MALWARE
| DATE | NAME | INFO | CATEGORY | SUBCATE |
| 09.12.23 | 5GHOUL | 5Ghoul : Unleashing Chaos on 5G Edge Devices | HACKING | 5G |
| 17.06.26 | Hijacking Vertex AI Model Uploads for Cross-Tenant RCE | Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE | HACKING | AI |
| 31.05.26 | LLMShare | LLMShare: how attackers are turning AI chatbot pages into malware delivery platforms | HACKING | AI |
| 30.05.26 | SymJack | SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents | HACKING | AI |
| 30.05.26 | TrustFall | TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot | HACKING | AI |
| 26.03.26 | Poisoned Typeface | Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares | HACKING | AI |
| 26.03.26 | ShadowPrompt | ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension | HACKING | AI |
| 01.03.26 | Log Poisoning in OpenClaw | It is important to be clear here: this is not a traditional remote code execution vulnerability. Instead, its an indirect prompt injection risk, where exploitation depends on context. | HACKING | AI |
| 16.01.26 | Reprompt | Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data | HACKING | AI |
| 07.01.26 | Prompt poaching | Prompt poaching runs rampant in extensions | HACKING | AI |
| 19.11.25 | Exploiting Agent-to-Agent Discovery via Prompt Injection | When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection | HACKING | AI |
| 06.11.25 | HackedGPT | HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage | HACKING | AI |
| 28.10.25 | OpenAI Atlas Omnibox Prompt Injection | OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks | HACKING | AI |
| 28.10.25 | ChatGPT Tainted Memories | “ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT | HACKING | AI |
| 08.10.25 | ASCII Smuggling | Ghosts in the Machine: ASCII Smuggling across Various LLMs | HACKING | AI |
| 08.10.25 | Disrupting malicious uses of AI | Disrupting malicious uses of AI: October 2025 | HACKING | AI |
| 05.10.25 | CometJacking | CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You | HACKING | AI |
| 20.09.25 | LLM-Enabled Malware | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware | HACKING | AI |
| 20.09.25 | ShadowLeak | ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent | HACKING | AI |
| 17.09.25 | Echoleak | Echoleak- Send a prompt , extract secret from Copilot AI!( CVE-2025-32711) | HACKING | AI |
| 12.09.25 | Open Repo | Oasis Security’s research team uncovered a vulnerability in Cursor, the popular AI Code Editor, that allows a maliciously crafted code repository to execute code as soon as it's opened using Cursor, no trust prompt. | HACKING | AI |
| 04.09.25 | Hexstrike-AI | Hexstrike-AI: When LLMs Meet Zero-Day Exploitation | HACKING | AI |
| 20.08.25 | Scamlexity | "Scamlexity" - a new era of scam complexity, supercharged by Agentic AI. Familiar tricks hit harder than ever, while new AI-born attack vectors break into reality. | HACKING | AI |
| 01.06.25 | Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos based on user prompts. | HACKING | AI |
| 22.02.25 | Deceptive Employment Scheme | A network from North Korea linked to the fraudulent IT worker scheme that was involved in the creation of personal documentation for fictitious job applicants, such as resumés, online job profiles and cover letters, as well as come up convincing responses to explain unusual behaviors like avoiding video calls, accessing corporate systems from unauthorized countries or working irregular hours. Some of the bogus job applications were then shared on LinkedIn. | HACKING | AI |
| 22.02.25 | Sponsored Discontent | A network likely of Chinese origin that was involved in the creation of social media content in English and long-form articles in Spanish that were critical of the United States, and subsequently published by Latin American news websites in Peru, Mexico, and Ecuador. | HACKING | AI |
| 22.02.25 | Romance-baiting Scam | A network of accounts that was involved in the translation and generation of comments in Japanese, Chinese, and English for posting on social media platforms including Facebook, X and Instagram in connection with suspected Cambodia-origin romance and investment scams. | HACKING | AI |
| 22.02.25 | Iranian Influence Nexus | A network of five accounts that was involved in the generation of X posts and articles that were pro-Palestinian, pro-Hamas, and pro-Iran, and anti-Israel and anti-U.S., and shared on websites associated with an Iranian influence operations tracked as the International Union of Virtual Media (IUVM) and Storm-2035. | HACKING | AI |
| 22.02.25 | Kimsuky and BlueNoroff | A network of accounts operated by North Korean threat actors that was involved in gathering information related to cyber intrusion tools and cryptocurrency-related topics, and debugging code for Remote Desktop Protocol (RDP) brute-force attacks | HACKING | AI |
| 22.02.25 | Youth Initiative Covert Influence Operation | A network of accounts that was involved in the creation of English-language articles for a website named "Empowering Ghana" and social media comments targeting the Ghana presidential election | HACKING | AI |
| 22.02.25 | Task Scam | A network of accounts likely originating from Cambodia that was involved in the translation of comments between Urdu and English as part of a scam that lures unsuspecting people into jobs performing simple tasks (e.g., liking videos or writing reviews) in exchange for earning a non-existent commission, accessing which requires victims to part with their own money. | HACKING | AI |
| 06.02.26 | DKnife | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework | HACKING | AitM framework |
| 09.05.26 | CallPhantom tricks | Fake call logs, real payments: How CallPhantom tricks Android users | HACKING | ANDROID |
| 04.05.24 | AirBorne | Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk | HACKING | Apple |
| 06.12.23 | Fake Lockdown Mode | Fake Lockdown Mode: A post-exploitation tampering technique | HACKING | Apple |
| 20.09.25 | Large-Scale Attack | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware | HACKING | ATTACK |
| 21.12.24 | cShell DDoS Bot Attack | ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. The threat actor initially targeted poorly managed SSH services and ultimately installed a DDoS bot named cShell. cShell is developed in the Go language and is characterized by exploiting Linux tools called screen and hping3 to perform DDoS attacks. | HACKING | ATTACK |
| 09.08.24 | Downgrade Attacks | Windows Downdate: Downgrade Attacks Using Windows Updates | HACKING | Attack |
| 01.06.25 | Browser in the Middle (BiTM) | An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. | HACKING | BiTM |
| 18.01.26 | WhisperPair | Hijacking Bluetooth Accessories Using Google Fast Pair | HACKING | Bluetooth |
| 31.12.25 | DarkSpectre | DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers | HACKING | BROWSER |
| 10.03.25 | Polymorphic Extensions | Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension | HACKING | Browser Extension |
| 26.10.25 | Cache smuggling | Cache smuggling: When a picture isn’t a thousand words | HACKING | Cache smuggling |
| 09.08.25 | “CAPTCHAgeddon” | Unmasking the Viral Evolution of the ClickFix Browser-Based Threat | HACKING | ClickFix |
| 16.03.26 | Evil evolution | Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers | HACKING | ClickFix techniques |
| 24.09.25 | SSRF to AWS Metadata Exposure | SSRF to AWS Metadata Exposure: How Attackers Steal Cloud Credentials | HACKING | Cloud |
| 20.05.25 | Shadow Roles | Shadow Roles: AWS Defaults Can Open the Door to Service Takeover | HACKING | CLOUD |
| 11.02.26 | LABYRINTH CHOLLIMA | LABYRINTH CHOLLIMA Evolves into Three Adversaries | HACKING | CLUSTER |
| 09.02.26 | TeamPCP | Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape | HACKING | CLUSTER |
| 09.02.26 | Vortex Werewolf (SkyCloak) | A new cluster is distributing malware via phishing. We demonstrate how the attack works through fake pages simulating file downloads from Telegram. | HACKING | CLUSTER |
| 14.01.25 | Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection | Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. | HACKING | credit card skimmer |
| 28.11.24 | Dozens of Machines Infected | Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft | HACKING | Crypto Mining |
| 24.08.25 | DOM-based Extension Clickjacking | DOM-based Extension Clickjacking: Your Password Manager Data at Risk | HACKING | CRYPTOCURRENCY |
| 21.08.25 | DOM-based Extension Clickjacking | DOM-based Extension Clickjacking: Your Password Manager Data at Risk | HACKING | CRYPTOCURRENCY |
| 04.04.25 | ClickFix tactic | From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic | HACKING | CRYPTOCURRENCY |
| 02.04.25 | CPU_HU: Fileless cryptominer | CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims | HACKING | CRYPTOCURRENCY |
| 09.07.24 | Jenkins Script Console | Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective | HACKING | CRYPTOCURRENCY |
| 01.04.25 | Earth Alux | The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques | HACKING | CyberSpionage |
| 01.01.24 | Hijack Execution Flow: DLL Search Order Hijacking | Adversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program.Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution. | HACKING | DLL |
| 28.05.24 | DNSBomb | DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses. | HACKING | DNS |
| 20.03.26 | The technology behind EDR killers | ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers | HACKING | EDR |
| 27.02.25 | 360XSS | 360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning | HACKING | EXPLOIT |
| 22.03.24 | z0Miner | z0Miner Exploits Korean Web Servers to Attack WebLogic Server | HACKING | Exploit |
| 14.09.23 | Repo Jacking | Repo Jacking: Exploiting the Dependency Supply Chain | HACKING | EXPLOIT |
| 28.06.23 | Process Mockingjay | Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution | HACKING | EXPLOIT |
| 24.07.23 | drIBAN | Uncovering drIBAN fraud operations. Chapter 3: Exploring the drIBAN web inject kit | HACKING | fraud |
| 20.05.26 | Trapdoor funnels malvertising into ad fraud | HUMAN’s Satori Threat Intelligence and Research Team has identified and has disrupted an ad fraud and malvertising operation dubbed Trapdoor. The operation encompasses 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains that together form a multi-stage fraud pipeline | HACKING | fraud and malvertising |
| 25.04.26 | PhantomRPC | PhantomRPC: A new privilege escalation technique in Windows RPC | HACKING | HACKING |
| 25.03.26 | Supply Chain Attack in litellm 1.82.8 on PyPI | A compromised release steals credentials and spreads to Kubernetes clusters. First reported to PyPI by FutureSearch. | HACKING | HACKING |
| 09.03.26 | Pixel Perfect | Pixel Perfect: Sold Extension Injects Code Through Pixel | HACKING | HACKING |
| 06.11.23 | Agonizing Serpens | The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property. | HACKING | Hacking |
| 11.12.24 | Windows UI Automation | Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | HACKING | HACKING Tricks |
| 03.06.24 | Cox modems hack | Hacking Millions of Modems (and Investigating Who Hacked My Modem) | HACKING | Hardware |
| 01.06.24 | Pumpkin Eclipse | Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). | HACKING | Hardware |
| 05.09.24 | Revival Hijack | Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk | HACKING | hijack technique |
| 15.08.24 | ArtiPACKED | ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts | HACKING | hijack technique |
| 27.05.24 | HTML Smuggling | HTML smuggling is an innovative attack technique, which abuses HTML5 and JavaScript features to inject or extract data across network boundaries. | HACKING | HTML |
| 27.03.25 | UI/UX changes | Over 150K websites hit by full-page hijack linking to Chinese gambling sites | HACKING | INJECT |
| 28.05.24 | Server Side Credit Card Skimmer Lodged in Obscure Plugin | Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from a WooCommerce online store. | HACKING | inject malware |
| 11.04.24 | Trick Developers Detected in an Open Source Supply Chain Attack | In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub's search functionality, and using meticulously crafted repositories to distribute malware. | HACKING | inject malware |
| 18.01.24 | iShutdown | A lightweight method to detect potential iOS malware | HACKING | iOS |
| 05.04.26 | Cookie-controlled PHP webshells | Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments | HACKING | LINUX |
| 03.06.26 | FlagLeft | FlagLeft: We Found A Forgotten Flag That Turned Microsoft 365 Apps Into a Silent Account Takeover Pipeline for Billions of Users | HACKING | M365 |
| 25.03.26 | Microsoft 365 Token Attack Infrastructure | Riding the Rails: Threat Actors Abuse Railway.com PaaS as Microsoft 365 Token Attack Infrastructure | HACKING | M365 |
| 21.06.26 | SearchLeak | SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon | HACKING | M365 COPILOT |
| 23.04.26 | Checkmarx KICS images | Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions | HACKING | Malicious |
| 20.02.26 | AgreeToSteal | AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials | HACKING | Malicious |
| 11.06.26 | NPM Ignore Scripts Best | NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages | HACKING | Malicious package |
| 06.06.26 | TanStack Supply Chain Attack | On 11 May 2026, the threat actor group TeamPCP compromised 42 TanStack npm packages by chaining three GitHub Actions vulnerabilities to hijack the project's legitimate CI/CD pipeline. The attackers then published 84 malicious package versions carrying valid SLSA Build Level 3 provenance attestations, making them indistinguishable from legitimate releases by standard verification methods. | HACKING | Malicious package |
| 08.04.26 | Python-Based Backdoor and Changes in Distribution Techniques | Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) | HACKING | MALWARE |
| 08.04.26 | Handala | Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment | HACKING | MALWARE |
| 08.04.26 | DPRK Malware Modularity | DPRK Malware Modularity: Diversity and Functional Specialization | HACKING | MALWARE |
| 10.03.26 | GhostClaw | GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything | HACKING | MALWARE |
| 13.12.25 | EtherHiding | Hiding Web2 Malicious Code in Web3 Smart Contracts | HACKING | MALWARE |
| 15.11.25 | Remote Wipe Tactics Targeting Android Devices | The Genians Security Center (GSC) has identified new attack activity linked to the KONNI APT campaign, which is known to be associated with the Kimsuky or APT37 groups. | HACKING | MALWARE |
| 03.11.25 | Tap-and-Steal | Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices | HACKING | Malware |
| 26.10.25 | EtherHiding | Hiding Web2 Malicious Code in Web3 Smart Contracts | HACKING | Malware |
| 20.03.25 | Auto Dealership Supply Chain Attack | Over 100 auto dealerships were being abused compliments of a supply chain attack of a shared video service unique to dealerships. | HACKING | MALWARE |
| 05.09.24 | Macropack | Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads | HACKING | Malware |
| 30.08.24 | Malicious npm Packages | North Korea Still Attacking Developers via npm | HACKING | Malware |
| 14.06.24 | Sleepy Pickle Part 2 | Exploiting ML models with pickle file attacks: Part 2 | HACKING | ML |
| 14.06.24 | Sleepy Pickle Part 1 | Exploiting ML models with pickle file attacks: Part 1 | HACKING | ML |
| 07.03.24 | Quishing | QR codes have had a great run in the past few years, diffusing into almost every aspect of our lives, from looking at restaurant menus and paying for products or services online and offline to accessing websites with greater ease. While the positives of QR codes are clearly visible, both from a business and user perspective, their usage has some pitfalls. | HACKING | Mobil |
| 20.11.24 | Ghost Tap | Ghost Tap: New cash-out tactic with NFC Relay | HACKING | NFC |
| 26.03.26 | WebRTC skimmer bypasses | Sansec discovered a payment skimmer that uses WebRTC DataChannels to receive its payload and exfiltrate stolen data, bypassing CSP and HTTP-based security tools. | HACKING | payment skimmer |
| 23.11.25 | MFA downgrade | MFA downgrade: How attackers are getting around phishing-resistant authentication | HACKING | Phishing |
| 15.11.25 | Quantum Redirect | Quantum Redirect: Offense by Vibes | HACKING | PHISHING |
| 15.11.25 | Quantum Route Redirect | Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack | HACKING | PHISHING |
| 29.03.25 | Browser-in-the-Browser (BitB) phishing technique | A browser-in-the-browser (BitB) attack is a new phishing technique that simulates a login window with a spoofed domain within a parent browser window to steal credentials. | HACKING | PHISHING |
| 21.08.24 | pwish | Be careful what you pwish for – Phishing in PWA applications | HACKING | PHISHING |
| 27.05.24 | Transparent Phishing and HTML Smuggling | Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling | HACKING | Phishing |
| 26.12.23 | RTF template injection | Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors | HACKING | Phishing |
| 24.12.23 | Insta-Phish-A-Gram | Following Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another flavor of ‘infringement’ phishing. In this case, the targets, still under the umbrella of Meta, are Instagram users | HACKING | Phishing |
| 08.12.23 | Ongoing attacks | Star Blizzard increases sophistication and evasion in ongoing attacks | HACKING | Phishing |
| 01.10.23 | ZeroFont phishing technique | ZeroFont phishing technique | HACKING | Phishing |
| 01.07.23 | Proxyjacking | Proxyjacking: The Latest Cybercriminal Side Hustle | HACKING | Proxyjacking |
| 08.04.26 | Qilin EDR killer infection chain | Endpoint detection and response (EDR) tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. | HACKING | RANSOMWARE |
| 03.06.26 | 1-Click GitHub Token Stealing via a VSCode Bug | Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones. | HACKING | SCRIPT |
| 03.10.23 | Silent Skimmer | Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA | HACKING | Skimmer |
| 29.04.25 | UyghurEdit++ Tool | Uyghur Language Software Hijacked to Deliver Malware | HACKING | SOFTWARE |
| 13.11.25 | A dual strategy: legal action and new legislation to fight scammers | That text message you got about a 'stuck package' from USPS or an 'unpaid road toll'? It’s not just spam. It’s the calling card of a sophisticated, global scam that has swindled victims out of millions of dollars. | HACKING | SPAM |
| 15.04.25 | Double-Edged Email Attack | Pick your Poison - A Double-Edged Email Attack | HACKING | SPAM |
| 03.01.24 | SMTP Smuggling | In the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks | HACKING | SPAM |
| 28.11.23 | PERFORM NTLM FORCED AUTHENTICATION ATTACKS | ABUSING MICROSOFT ACCESS “LINKED TABLE” FEATURE TO PERFORM NTLM FORCED AUTHENTICATION ATTACKS | HACKING | TCP/IP HACK |
| 03.10.23 | Authenticated Origin Pulls (mTLS) | When visitors request content from your domain, Cloudflare first attempts to serve content from the cache. If this attempt fails, Cloudflare sends a request — or an origin pull — back to your origin web server to get the content. | HACKING | TCP/IP HACK |
| 04.07.23 | HTML Smuggling | HTML Smuggling: The Hidden Threat in Your Inbox | HACKING | TCP/IP HACK |
| 21.08.25 | Scattered Spider | Scattered Spider: A Threat Profile | HACKING | THREATS |
| 25.03.26 | HwAudKiller | From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill | HACKING | TOOL |
| 02.11.23 | Kopeechka | How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime | HACKING | Tool |
| 24.04.26 | AdaptixC2 | AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks | HACKING | TOOLS |
| 05.06.24 | Excel File Deploys | FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. | HACKING | VBA macro |
| 10.05.24 | Tunnelcrack | TunnelCrack is a combination of two widespread security vulnerabilities in VPNs. An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel. | HACKING | VPN |
| 10.05.24 | TunnelVision | A local network VPN leaking technique that affects all routing-based VPNs | HACKING | VPN |
| 03.01.26 | MongoDB Unauthenticated Attacker Sensitive Memory Leak | The Situation: A major vulnerability allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. No login is required. | HACKING | VULNEREBILITY |
| 05.02.25 | CVE-2025-0411 | CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | HACKING | VULNEREBILITY |
| 15.11.25 | MCP Hijacking | MCP Hijacking of Cursor’s New Browser | HACKING | WEB |
| 05.04.26 | RoadK1ll | RoadK1ll: A WebSocket Based Pivoting Implant | HACKING | WEBSCOKET |