Fake OSINT GitHub Repos Used to Spread PyStoreRAT Malware
Cybercriminals are abusing fake OSINT GitHub repos to distribute PyStoreRAT, a JavaScript-based RAT that delivers diverse malware modules through deceptive open-source tools.
Category: Privacy
Read More
CISA Report on Chinese Operations: BRICKSTORM Malware
The latest Cybersecurity and Infrastructure Security Agency (CISA) advisory reveals that PRC-linked hackers use a backdoor called BRICKSTORM to gain long-term access to VMware vSphere and Windows environments, affecting government and IT networks. This article unpacks the attack chain, impacted sectors and critical defensive steps organizations should take now.
Tor Adopts Counter Galois Onion Encryption to Reinforce Security
The Tor network is replacing its legacy relay encryption with Counter Galois Onion (CGO), a research-backed design that hardens Tor against tagging attacks, tampering and modern cryptanalytic threats. This analysis explains how Tor Galois onion encryption works, what changes for users and relay operators, and why it matters for long-term anonymity.
Germany calls on webmail providers to turn on 2FA by default
Germany’s cybersecurity agency BSI now urges webmail providers to enable 2FA by default instead of hiding strong authentication behind optional settings. The new guidance ties default two-factor authentication, passkeys, and robust recovery flows to stronger webmail security and greater digital sovereignty in Germany.
JPMorgan and Citi Face Data Exposure Fears After Major Breach
A cyberattack on real-estate finance vendor SitusAMC has raised the risk that documents tied to major banks, including JPMorgan and Citi, may have been exposed. This analysis explains what we know so far, how attackers leverage third-party providers, and what banks and customers should do next.
Google Workspace Email: Exact DKIM, SPF, and DMARC Settings
Set up Google Workspace the right way: one SPF with include:_spf.google.com, a 2048-bit DKIM key at google._domainkey, and a strict, report-ready DMARC policy with alignment. Start at p=none to discover stray senders, then ramp to quarantine and reject. Verification steps and copy-paste examples included.
GPT-5.1 Codex: Long-Horizon AI Agents Meet Enterprise Security
GPT-5.1 Codex-Max can now code independently for hours inside terminals, IDEs and Windows environments. That jump from helper to autonomous coding agent dramatically changes the threat model, turning AI-generated patches, permissions and pipelines into first-class security concerns.
Windows 10 ESU: KB5068781 fails with 0x800f0922 for some orgs
Some Windows 10 ESU devices fail to install the KB5068781 update, rolling back with error 0x800f0922. Microsoft now lists this as a known issue that affects subscription-activated ESU systems managed through the Microsoft 365 Admin Center. Track affected devices, verify ESU activation, and plan for a servicing fix.
Kraken Ransomware Targets Windows, Linux, and VMware ESXi
Kraken ransomware has quickly evolved into a cross-platform threat that can disrupt Windows, Linux, and VMware ESXi environments in a single campaign. By abusing SMB exposure, tunneling through Cloudflared, and using benchmark-driven encryption, the group focuses on high-value data, double extortion, and maximum downtime for large enterprises.
UK Unveils Cyber Resilience Bill, Tougher Rules for NHS, Water
The UK introduced a Cyber Security and Resilience Bill to harden essential services and their suppliers. Consequently, regulators expand scope, speed incident reporting, and push provable resilience across NHS, water, transport, and energy.
- 1
- 2