GrayBravo’s modular loader, CastleLoader, now powers four distinct threat clusters targeting logistics, travel, and enterprise users a clear sign of rapid MaaS expansion and rising risk for global organizations.
A chilling evolution: Storm-0249 has shifted from selling access to enabling full-blown ransomware campaigns. Their new combination of ClickFix social-engineering, fileless PowerShell and DLL sideloading dramatically increases stealth and persistence across enterprise environments.
A critical Ivanti Endpoint Manager code execution flaw, tracked as CVE-2025-10573, allows unauthenticated attackers to plant malicious JavaScript in the EPM dashboard and hijack admin sessions. This article explains how the bug works, which versions are affected, and how to patch and harden EPM cores.
A misconfiguration in Cursor’s integration with AWS Bedrock allows non-admin users or attackers with minimal access to raise spending caps and drain cloud budgets rapidly. Here’s what happened, why it matters, and how to secure your AI-cloud environment.
JSSmuggler uses JavaScript-based smuggling to hide and reassemble Windows malware at runtime, bypassing security tools and enabling advanced payload delivery. This analysis explains how it works and how defenders can counter it.
Two Ukrainian nationals were arrested in Poland while carrying advanced hacking equipment capable of probing sensitive wireless networks. Their actions raised concerns about espionage operations targeting critical infrastructure, prompting a wider investigation into cross-border surveillance activities.
A newly observed Mirai variant, “Broadside,” is exploiting weakly protected IoT systems across global maritime logistics environments. Its rapid spread and operational impact highlight growing risks as critical shipping infrastructure becomes increasingly automated and interconnected.
AWS’s agentic-AI initiative promises rapid enterprise modernization, but it also broadens cyber-attack surfaces dramatically. Autonomous agents bridging legacy systems and cloud infrastructure demand rigorous security, governance, and threat modeling before adoption.
LockBit 5.0’s infrastructure was exposed through leaked servers and misconfigured systems, giving investigators rare insight into its ransomware operations. This analysis breaks down what was uncovered and how defenders can respond.
Apple has issued a sweeping new round of cyber-threat notifications to users across 84 countries, signaling a global escalation in targeted spyware operations. This analysis explains what triggered the alerts, how attackers operate, and what high-risk users must do immediately.