LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.
Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.
A new attack variant against Cisco Secure Firewall ASA/FTD can force unexpected reloads, dropping VPNs and disrupting edge traffic. Reduce exposure, apply fixed releases, and harden management access. Validate HA under load and stream telemetry off-box to preserve evidence while you monitor for recurrence.
API rate limiting protects capacity and user experience. This guide shows how to ship it correctly on NGINX: define limit_req zones, tune burst/nodelay, add per-IP and per-token limits, return proper 429s with Retry-After, and combine limit_conn for connection abuse. You’ll get production-ready snippets and a safe rollout plan.
Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.
Seven fresh techniques let attackers leak ChatGPT data through everyday workflows: poisoned search, “q=” one-click links, allowlisted ad redirects, conversation injection, markdown hiding, and memory poisoning. Because exposure rides on normal browsing and memory behavior, prevention requires policy plus proof: sanitize URLs, block bing.com/ck/a, disable Saved Memory for high-risk roles, and validate controls continuously with OWASP LLM Top 10 and MITRE ATLAS as your benchmarks.
Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.
Criminal crews deploy legitimate RMM tools inside carriers and brokers, then hijack booking and dispatch to steal real freight. This body explains how access lands, which artifacts reveal the intrusion, and what controls stop RMM-driven cargo theft without breaking logistics operations or delaying shipments.
TruffleNet validates stolen AWS keys, profiles accounts, and abuses Amazon SES to run high-leverage BEC. Therefore, clamp down on access keys, isolate SES to a low-trust account, and alert on first-seen identity actions. Consequently, you deny validation, break pivots, and stop invoice fraud before it lands.
Business email compromise drains budgets with executive spoofing and invoice fraud. This practical Microsoft 365 guide shows nine rules that actually stop BEC: tuned anti-phish and impersonation, Safe Links and Safe Attachments, SPF/DKIM/DMARC, phishing-resistant MFA with Conditional Access, external sender tags, mailbox hygiene, attack simulation, and a short incident playbook.