TP-Link Fixes Bug That Lets Hackers Take Over Routers Without a Password
Image: User Pascal/Unsplash TP-Link just patched a flaw that let attackers push rogue firmware onto your router without a password....
attackers
How SMBs Can Proactively Strengthen Cybersecurity
Cyber attackers increasingly target SMBs because they are often the easiest path into larger supply chains. As cyberattacks are...
Attackers exploit FortiGate devices to access sensitive network information
Attackers exploit FortiGate devices to access sensitive network information Pierluigi Paganini March 10, 2026 Attackers are exploiting FortiGate devices to...
Escape raises $18M Series A to replace legacy scanners with AI agent-driven discovery, pentesting, and remediation
Attackers move in hours. Most security teams are still running weekly scans. Today we are proud to announce our...
Beware of fake OpenClaw installers, even if Bing points you to GitHub
Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver...
Invisible Threats: Source Code Exfiltration in Google Antigravity – FireTail Blog
TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source code By...
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to...
The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest
TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects...
Stopping real-world attacks: Lessons for business leaders from the 2026 cyber frontline
The 2026 Sophos Active Adversary Report offers an evidence‑based look at how today’s attackers operate in real environments, drawing on...
Dynamic Objects in Active Directory: The Stealthy Threat
Active Directory’s “dynamic objects” feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so...
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of...
Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident
An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning...
.png?width=3196&height=457&name=Affirm-CTA-02%20(1).png "Context-Based Attestation: A Practical Approach to High-Confidence Identity Verification")
Context-Based Attestation: A Practical Approach to High-Confidence Identity Verification
From hiring and onboarding fraud to service desk social engineering, attackers increasingly exploit identity workflows with stolen identities, forged...
CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover
A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files...
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more Pierluigi Paganini February 16, 2026 A...
