attackers

Security Blogs

Defenders fall behind, as AI rewrites the rules of a data breach

AndyC 26 May 2026

For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon...

Developer Workstations Are Now Part of the Software Supply Chain

AndyC 19 May 2026

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the...

Mac Users Warned Over Fake Claude Install Instructions

AndyC 12 May 2026

Mac users searching for Claude could be one copied command away from handing attackers a way into their machines. BleepingComputer...

Vendor News

ShinyHunters Extorts Universities in New Instructure Canvas Hack

AndyC 9 May 2026

ShinyHunters-linked attackers defaced Canvas portals, disrupting finals week access and exposing SaaS security risks for schools. The post ShinyHunters Extorts...

Google Update: Android Flaw Could Put Billions of Devices at Risk

AndyC 6 May 2026

A newly patched Android flaw could allow nearby attackers to execute code without a tap, click, or user warning. Google...

Relying on LLMs is nearly impossible when AI vendors keep changing things

Fake Party Invites and the Rise of Social Phishing Attacks

AndyC 4 May 2026

Attackers are now impersonating invitation services to trick people into clicking malicious links and sharing sensitive information. These phishing attempts...

Manhattan DA Bragg Pushes Meta to Put a Stop to Immigration Scams

What Makes Credential Stuffing Difficult to Detect?

AndyC 21 April 2026

Credential stuffing is a cyberattack where attackers use stolen usernames and passwords, often obtained from data breaches or bought on...

Attackers target unpatched ShowDoc servers via CVE-2025-0520

AndyC 15 April 2026

Attackers target unpatched ShowDoc servers via CVE-2025-0520 Pierluigi Paganini April 14, 2026 A critical RCE flaw, tracked as CVE-2025-0520, in...

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

AndyC 10 April 2026

Image: Generated via Google’s Nano Banana Attackers have been exploiting a zero-day vulnerability in Adobe Acrobat Reader for months, using...

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

AndyC 8 April 2026

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution Pierluigi Paganini April 07, 2026 Attackers are exploiting a critical...

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

AndyC 7 April 2026

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed Pierluigi Paganini April 06, 2026 Over 14,000 F5...

Drift Loses 5 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

AndyC 4 April 2026

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that...

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

AndyC 2 April 2026

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s...

Security Blogs

Attackers hijack Axios npm account to spread RAT malware

AndyC 1 April 2026

Attackers hijack Axios npm account to spread RAT malware Pierluigi Paganini March 31, 2026 Threat actors hijacked the npm account...

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

AndyC 30 March 2026

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data Pierluigi Paganini March 29, 2026 Attackers are actively...

attackers

Defenders fall behind, as AI rewrites the rules of a data breach

Developer Workstations Are Now Part of the Software Supply Chain

Mac Users Warned Over Fake Claude Install Instructions

ShinyHunters Extorts Universities in New Instructure Canvas Hack

Google Update: Android Flaw Could Put Billions of Devices at Risk

What Makes Credential Stuffing Difficult to Detect?

Attackers target unpatched ShowDoc servers via CVE-2025-0520

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

Attackers hijack Axios npm account to spread RAT malware

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

This month in security with Tony Anscombe – May 2026 edition

ESET APT Activity Report Q4 2025–Q1 2026

What to consider before asking an AI chatbot for health advice

BTMOB: A stealthy RAT burrowing deep into Android devices

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Donate Bitcoin to this address

Donate Ethereum to this address

Pointing a Cursor at evading detection

The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed