Google filed a lawsuit in New York to disrupt “Lighthouse,” a phishing-as-a-service network behind large-scale smishing. Consequently, the case seeks injunctions, domain seizures, and damages. For defenders, the move creates detection windows as operators pivot infrastructure so tighten filters, accelerate takedowns, and harden fraud telemetry now.
A massive misconfigured database exposed billions of LinkedIn-related records, enabling attackers to refine phishing, impersonation, and identity-based attacks. This investigative report examines how the leak happened and why its long-tail impact will persist for years.
Security researchers uncovered 30 high-risk vulnerabilities across major AI ecosystems, exposing how malicious actors can manipulate models, poison training pipelines, and escalate attacks through AI-integrated applications. The discovery highlights urgent gaps in current AI-security frameworks.
The JackFix attack marks the latest evolution of the ClickFix technique. By luring victims through fake adult sites into a full-screen Windows update screen, encoding Run-dialog commands, gating its payload URL, and dropping multiple infostealers through an obfuscated PowerShell script, JackFix sidesteps many earlier ClickFix mitigations and forces defenders to rethink how they handle browser-driven social engineering.
A Redis vulnerability (CVE-2025-23345) active for 13 years exposes servers to remote code execution. Rated CVSS 10.0, it affects millions of instances.
Australia’s eSafety Commissioner may classify GitHub as a social network and ban kids under 16 from using it. Officials argue GitHub’s social features resemble TikTok and Discord, but critics say the move could block young coders from learning and accessing open-source tools
Researchers tracked 1,330 suspicious domains impersonating 23 luxury brands ahead of peak shopping. Prepare for activation waves with monitoring, takedowns, and buyer guidance.
Apple has expanded its bug bounty program to reward researchers up to $2 million for zero-click exploit chains. Bonuses for Lockdown Mode bypasses and beta findings may push payouts even higher.
Qilin ransomware now combines a Linux payload with a BYOVD (Bring-Your-Own-Vulnerable-Driver) exploit, enabling affiliates to bypass endpoint controls and compromise virtualised and Windows environments. This briefing explains the attack chain, detection challenges, and immediate defensive steps security teams must apply.
SilentButDeadly is an open-source Windows tool that neutralizes EDR and AV visibility by cutting their cloud communications with Windows Filtering Platform filters instead of killing the agents. This article unpacks how SilentButDeadly discovers security processes, applies process-specific network blocks, disrupts services, and what defenders should monitor to detect and withstand similar EDR neutralization techniques.