Subscribe
Sign in
Home
Threat Intelligence
AI Research
Darknet and Hacking Forums
Data Breaches
Latest
Top
JadePuffer Shows Ransomware Is Becoming a Workflow
The useful signal is not that an AI agent used exotic tradecraft. It is that ordinary exposure, secrets, and weak segmentation were enough for an…
Jul 7
•
Tom
The Email Auth Was Green. The Image Still Carried Malware.
A valid SPF, DKIM, and DMARC result did not stop a Windows executable from riding inside an inline PNG. The control gap is content inspection, not…
Jul 6
•
Tom
The Threat Stack Is Starting To Converge
PolinRider shows developer trust under pressure, Bad Epoll puts patch cadence back on the board, and JadePuffer shows why ransomware automation now…
Jul 5
•
Tom
Avalon Turns Ransomware Into A Framework Problem
The new Avalon reporting is not just about CrownX encryption. It shows how credential theft, remote access, recovery pressure, and ransomware can be…
Jul 4
•
Tom
Anubis Shows Why Ransomware Detection Has To Follow Legitimate Access
The latest Citrix Bleed 2 reporting is less about one edge flaw than a familiar chain: valid sessions, RMM tools, credential access, cloud transfer, and…
Jul 3
•
Tom
PolinRider Makes The Package Registry A Developer Compromise Surface
Socket's latest findings show a North Korealinked campaign spreading hidden loaders across open source ecosystems, with Git history and developer…
Jul 2
•
Tom
Argos Fraud Shows The Retail ATO Problem Has Left The Browser
Leaked credentials, online accounts, and Click & Collect turn account takeover into a storefloor control failure.
Jul 1
•
Tom
June 2026
Nissan's PeopleSoft Breach Turns HR Data Into the Blast Radius
A zeroday campaign against Oracle PeopleSoft is now a workforce identity problem for Nissan employees across the Americas.
Jun 30
•
Tom
The npm Stealer Hid Where Developers Rarely Look
Hijacked packages abused VS Code tasks instead of the usual install hooks. That shift matters because it targets developer trust, not only package…
Jun 29
•
Tom
March 2026
The Install Command Was the Attack: How “InstallFix” Is Weaponizing Claude Code’s Popularity
Attackers built pixel-perfect clones of Claude Code’s installation page and bought their way to the top of Google Search. The install command you copied…
Mar 11
•
Tom
February 2026
APT37's "Ruby Jumper" Uses USB Drives to Breach Networks That Were Never Online
North Korea's elite hacking group built a five-tool malware framework specifically engineered to cross the one boundary the internet can't reach — the…
Feb 27
•
Tom
$4 Million, 8 Zero-Days, One Traitor: How a Defense Contractor Sold America's Cyber Weapons to Russia
Peter Williams didn't hack anything. He didn't need to. He already had the keys — and he auctioned them off to the highest bidder wearing a Russian…
Feb 26
•
Tom
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts