Ubisoft’s Rainbow Six Siege servers were compromised today via the MongoBleed (CVE‑2025‑14847) vulnerability, igniting a cascade … MongoBleed (CVE‑2025‑14847): Inside the Ubisoft Breach & How to Defend Your DatabasesRead more
MITRE ATT&CK
Phantom Shuttle: Malicious Chrome VPN Extensions Unmasked
Security researchers have uncovered two Chrome extensions—both named “Phantom Shuttle (幻影穿梭)”—that masquerade as VPN or network … Phantom Shuttle: Malicious Chrome VPN Extensions UnmaskedRead more
MacSync Stealer: What You Must Know About Notarized Malware
MacSync Stealer is back—and it’s stealthier than before. Recent analysis shows a new variant abusing Apple’s … MacSync Stealer: What You Must Know About Notarized MalwareRead more
When MFA Is Abused: OAuth Device Phishing Explained
Modern phishing attacks no longer need stolen passwords—or even multifactor authentication (MFA) bypasses—to succeed. Instead, attackers … When MFA Is Abused: OAuth Device Phishing ExplainedRead more
Insider Threat Recruitment: How Cybercriminals Turn Employees Into Attack Vectors
In 2024, cybercrime tactics took a dangerous turn: instead of breaking in, attackers started logging in. … Insider Threat Recruitment: How Cybercriminals Turn Employees Into Attack VectorsRead more
GhostPairing Attack: Silent WhatsApp Compromise
The GhostPairing Attack is a newly observed cyber campaign that silently hijacks WhatsApp accounts—without passwords, SIM … GhostPairing Attack: Silent WhatsApp CompromiseRead more
Gentlemen Ransomware: Inside the 2025 Double‑Extortion Threat Targeting
Ransomware activity surged across 2025, with research noting a 126% year‑over‑year increase in the first quarter—a … Gentlemen Ransomware: Inside the 2025 Double‑Extortion Threat TargetingRead more