A massive misconfigured database exposed billions of LinkedIn-related records, enabling attackers to refine phishing, impersonation, and identity-based attacks. This investigative report examines how the leak happened and why its long-tail impact will persist for years.
North Korean–linked attackers exploited a critical React2Shell vulnerability (CVE-2025-55182) to deploy a new smart-contract based RAT named EtherRAT. The malware uses Ethereum smart-contracts for C2 resolution, hides payloads through obfuscation, and employs multiple persistence mechanisms — a serious threat to Web3 and developer environments.
SAP has released fixes for three SAP critical vulnerabilities affecting Solution Manager, Commerce Cloud, and the jConnect SDK. These flaws enable remote code execution and unsafe deserialization, posing significant risk to enterprise systems. This article breaks down technical details and offers mitigation guidance.
Japanese organizations continue facing ransomware incidents that cause months of operational disruption. This investigative analysis explores how long-tail damage unfolds, why attackers target Japan’s supply chain ecosystem, and how companies can strengthen long-term resilience.
GrayBravo’s modular loader, CastleLoader, now powers four distinct threat clusters targeting logistics, travel, and enterprise users a clear sign of rapid MaaS expansion and rising risk for global organizations.
A critical Ivanti Endpoint Manager code execution flaw, tracked as CVE-2025-10573, allows unauthenticated attackers to plant malicious JavaScript in the EPM dashboard and hijack admin sessions. This article explains how the bug works, which versions are affected, and how to patch and harden EPM cores.
JSSmuggler uses JavaScript-based smuggling to hide and reassemble Windows malware at runtime, bypassing security tools and enabling advanced payload delivery. This analysis explains how it works and how defenders can counter it.
A newly observed Mirai variant, “Broadside,” is exploiting weakly protected IoT systems across global maritime logistics environments. Its rapid spread and operational impact highlight growing risks as critical shipping infrastructure becomes increasingly automated and interconnected.
LockBit 5.0’s infrastructure was exposed through leaked servers and misconfigured systems, giving investigators rare insight into its ransomware operations. This analysis breaks down what was uncovered and how defenders can respond.
Apple has issued a sweeping new round of cyber-threat notifications to users across 84 countries, signaling a global escalation in targeted spyware operations. This analysis explains what triggered the alerts, how attackers operate, and what high-risk users must do immediately.