News

Microsoft stacks up 113 CVEs for January Patch Tuesday

Bys s January 20, 2026

Categories: X-ops

Tags: Patch Tuesday, Microsoft, Windows

News

Stealing user credentials with evilginx
Bys s March 28, 2025

A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope

Read More Stealing user credentials with evilginx
News

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Bys s November 21, 2025

Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First

Read More Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
News

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Bys s October 8, 2025

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. “Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company

Read More Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
News

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
Bys s April 10, 2025

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files…

Read More Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
News

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Bys s March 7, 2025

Microsoft has disclosed details of a large-scale malvertising campaign that’s estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker…

Read More Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
News

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
Bys s December 18, 2025

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since…

Read More China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

Similar Posts