Invisible Threats: Source Code Exfiltration in Google Antigravity – FireTail Blog
TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source code By...
known
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 04, 2026...
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
Ravie LakshmananMar 03, 2026Malware / Phishing The threat activity cluster known as SloppyLemming has been attributed to a fresh set...
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
Ravie LakshmananFeb 27, 2026Malware / Surveillance The North Korean threat actor known as ScarCruft has been attributed to a fresh...
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 26, 2026 U.S. Cybersecurity and...
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
Ravie LakshmananFeb 25, 2026Social Engineering / Cloud Security The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been...
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 25,...
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift...
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Ravie LakshmananFeb 23, 2026Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm,...
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet...
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 21, 2026 U.S. Cybersecurity and...
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine...
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 19, 2026 U.S....
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 14,...
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In...