A new tool named RealBlindingEDR disables security agents by exploiting Windows process privileges. It allows attackers to blind endpoint detection systems and execute malware without alerts, raising serious concerns among enterprise defenders.
LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.
EvilAI operators are hiding malware in legitimate-looking AI tools that appear functional and signed, enabling reconnaissance, browser data exfiltration, and encrypted C2 communication across global targets.
Parrot OS 7.0 delivers a stability-focused update for security professionals, refining penetration testing tools, system performance, and privacy features while maintaining a practical, research-driven Linux environment.
Researchers developed a $50 memory interposer, dubbed “Battering RAM,” that can bypass Intel SGX and AMD SEV-SNP confidential computing protections by manipulating memory paths.
Manufacturers face the most dangerous cyber landscape in their industry’s history. Attackers now target OT systems, supply chains and intellectual property with unprecedented sophistication, creating widespread operational and financial impact.
A malicious npm package named “@acitons/artifact” impersonates @actions/artifact, hijacks GitHub Actions tokens via postinstall scripts, and attempts to publish artifacts as GitHub showcasing a precise software supply chain attack.
SIM farms expose how weak KYC and SMS OTP let fraud scale. Raids seized SIM boxes and tens of thousands of cards. Here’s how carriers and brands can actually fix it.
Signal has stated it may quit the European market if the EU forces apps to scan private messages under Chat Control, citing encryption and privacy concerns.
macOS now attracts serious attention from nation-state and criminal actors, especially credential stealers. A new public dataset, Malet, and a static analysis tool, Katalina, give defenders large-scale visibility into Mach-O malware traits. Teams can use them to tune EDR, test vendor claims, and finally treat Mac fleets as first-class citizens.