OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta’s Red Team, which reported the denial-of-service bug and named it, published the
Category Added in a WPeMatico Campaign
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an “unprecedented” four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron,
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late.
The intel feed behind that counter
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors using
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
“Any user who ran the project ended up with a four-stage payload aligned with OTTERCOOKIE: a browser credential and crypto wallet stealer, a file stealer, a
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants
Google has to ship it in the next major release, Android 18, and by 1 August 2027 at
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?
Now the focus shifts to the trusted
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man
His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall at Yerevan’s Zvartnots airport, held up a phone with a photo of him off his VKontakte page, and walked him into a side
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft laid out two of the delivery chains on Thursday. Its Defender Experts team, the
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage
Russian cybersecurity company Kaspersky, which uncovered the activity in February 2026, said it was aimed at government and diplomatic entities in
