News

February’s Patch Tuesday assumes battle stations

Bys s February 13, 2026

Just 58 CVEs to spar with in February, but plenty are already under attack

Categories: Threat Research, X-ops

Tags: Patch Tuesday, Microsoft, Windows

News

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Bys s March 21, 2025

Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. “Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents,” the company said. “This suggests

Read More Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
News

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
Bys s April 17, 2025

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a…

Read More Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
News

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
Bys s June 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when

Read More TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
News

SEC and SolarWinds Seek Settlement in Securities Fraud Case
Bys s July 3, 2025

Hunton Andrews Kurth writes: In a surprising development in the US Securities and Exchange Commission’s (“SEC’s”) ongoing securities fraud case against SolarWinds Corp. (“SolarWinds”) and its former chief information security officer (“CISO”), Timothy Brown, all three parties have petitioned the judge for a stay pending final settlement. Until the SEC’s four commissioners can vote to…

Read More SEC and SolarWinds Seek Settlement in Securities Fraud Case
News

More than 100 British government personnel exposed by Ministry of Defence data leak
Bys s July 18, 2025

More details continue to emerge about the Ministry of Defence data breach in 2022 that put thousands of Afghani people seeking relocation assistance and their family members at serious risk of Taliban reprisals. The breach occurred when an MoD employee mistakenly emailed a dataset with information on applicants to the Afghan Relocations and Assistance Policy…

Read More More than 100 British government personnel exposed by Ministry of Defence data leak
News

iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks
Bys s September 24, 2025

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here. TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers…

Read More iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

Similar Posts