Security & IT News

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and

The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI

From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of

A hacker is selling a 340M OnlyFans user database allegedly built by matching old breach data and public profiles to real OnlyFans accounts.

Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs. For WIndows, Npcap is updated to version 1.88. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

Apple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes work, what they do, and how to switch them on.

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. "Drupal Core

This week, I m attending the SEC670[ 1 ] training ( Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control ). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis) because it addresses malware from the opposite: Instead of performing reverse engineering, you write malicious code! Always interesting to have another point of view. Many techniques used by threat actors are often discovered while reversing the malware code and are read in assembly. A perfect example are stack strings. This is a malware obfuscation technique where strings are constructed dynamically at runtime by assigning individual characters or bytes directly onto the stack, rather than storing them as contiguous string literals in the binary's static data sections. Read: they won t be detected by simple tools like strings or pestr . From an assembly code point of view, a stack string looks like this: sub esp, 16 ; Reserve 16 bytes (padded to hold our string) mov byte [esp + 0], 0x73 ; 's' mov byte [esp + 1], 0x61 ; 'a' mov byte [esp + 2], 0x6E ; 'n' mov byte [esp + 3], 0x73 ; 's' mov byte [esp + 4], 0x20 ; ' ' mov byte [esp + 5], 0x69 ; 'i' mov byte [esp + 6], 0x73 ; 's' mov byte [esp + 7], 0x63 ; 'c' mov byte [esp + 8], 0x00 ; '\0' null terminator mov eax, 4 ; sys_write mov ebx, 1 ; fd = stdout mov ecx, esp ; buf = stack string mov edx, 8 ; len = 8 int 0x80 The string sans isc will be printed on the console. But, how do you implement this in a high-level language like C? Here is an example: #include stdio.h #include string.h void plainTextExample(void) { // Will be stored in .rodata and easy to spot with strings tools const char* url = http://plain-malicious.com/ ; printf( Plain URL = %s\n , url); } void stackStringExample(void) { // Now we use a stack string. The script will be located in .text! char url[30]; url[0] = 0x68; // 'h' url[1] = 0x74; // 't' url[2] = 0x74; // 't' url[3] = 0x70; // 'p' url[4] = 0x3A; // ':' url[5] = 0x2F; // '/' url[6] = 0x2F; // '/' url[7] = 0x65; // 'e' url[8] = 0x6E; // 'n' url[9] = 0x63; // 'c' url[10] = 0x6F; // 'o' url[11] = 0x64; // 'd' url[12] = 0x65; // 'e' url[13] = 0x64; // 'd' url[14] = 0x2D; // '-' url[15] = 0x6D; // 'm' url[16] = 0x61; // 'a' url[17] = 0x6C; // 'l' url[18] = 0x69; // 'i' url[19] = 0x63; // 'c' url[20] = 0x69; // 'i' url[21] = 0x6F; // 'o' url[22] = 0x75; // 'u' url[23] = 0x73; // 's' url[24] = 0x2E; // '.' url[25] = 0x63; // 'c' url[26] = 0x6F; // 'o' url[27] = 0x6D; // 'm' url[28] = 0x2F; // '/' url[29] = 0x00; // '\0' printf( Obfuscated URL = %s\n , url); memset(url, 0, sizeof(url)); } int main(void) { plainTextExample(); stackStringExample(); ret

The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

FBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords.