Malicious MCP Server Steals Secrets From Applications & Dev Environments
A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.
Read More
Vampire Bot! BatShadow’s New Go Malware Targeting Job Hunters
BatShadow, a Vietnamese-linked threat actor, now uses Go-based malware dubbed “Vampire Bot” to target job seekers through fake recruiter lures. Victims open disguised files that trigger a multi-stage PowerShell chain delivering the payload, enabling system surveillance, exfiltration, and remote execution under attacker control.
Vincent.ai Exploit Shows Rising Cyber Risks in Legal Tech
A phishing vulnerability in vLex’s Vincent.ai exposed lawyers and law firms to AI-driven cyberattacks. Attackers manipulated the legal research tool to embed malicious links into AI-generated responses, creating a new avenue for targeted phishing in the legal sector.
Microsoft Teams Location Updates: What It Means for Privacy
Teams will auto-detect work location via corporate Wi-Fi with user consent. Learn what ships, how it works, and how to set policy and privacy guardrails.
AI-Generated Retail Soundtracks Threaten Belgian Music Revenue
Belgian chains such as Brico and Carrefour are increasingly playing AI-generated, royalty-free music in their stores to cut licensing costs. This shift could slash 25–28 % of public performance income for local artists, warn rights organizations. Here’s how the technology works, the risks it raises, and what defenses stakeholders must consider.
Asahi’s Systems Down After Qilin Cyberattack, Recovery Underway
Japanese brewing giant Asahi has fallen victim to a Qilin ransomware attack that reportedly stole 27 GB of corporate and employee data. Operations remain partially disrupted, with supply chain strain visible across Japan. The attack underscores ransomware’s growing focus on consumer-goods manufacturers and double-extortion tactics.
How EtherHiding Lets Hackers Hide Malware on BSC & Ethereum
North Korea–linked hackers now embed JavaScript malware in blockchain smart contracts via EtherHiding. This stealthy method turns public blockchains into resilient drop zones. The multi-stage campaign includes JADESNOW and InvisibleFerret backdoors, demanding new defense strategies.
TEE.Fail Targets DDR5 , Exposing Keys from Secure Enclaves
TEE.Fail uses a DDR5 interposer to undermine enclave confidentiality on Intel TDX and AMD SEV-SNP. Because memory encryption lacks strong integrity here, defenders should rethink secrets, strengthen attestation, and tighten physical controls.
Exploited VMware Vulnerabilities Used by Chinese-Linked Hackers
Chinese-linked threat actors are actively exploiting VMware vulnerabilities to gain persistent access to enterprise networks, underscoring the growing risk facing virtualized infrastructure environments.
Inside Switzerland’s Quantum-Ready Satellite Strategy for Defence
Quantum encryption promises stronger security, yet it also strains satellite hardware, bandwidth and mission design. Switzerland’s Armed Forces now redesign their space architecture to handle quantum-era threats, “harvest-now, decrypt-later” campaigns and the limits of legacy spacecraft.