CTRL Toolkit: Not the Shortcut You Want A campaign distributing the Russian-linked CTRL toolkit has been identified, using deceptive delivery methods such as phishing or malicious downloads. The toolkit enables attackers to maintain persistence, execute commands, and exfiltrate data from compromised systems. Its modular design allows flexible deployment depending on attacker objectives. Researchers note increasing […]
Oracle Issues Patch (And You Should Probably Install It) Oracle has released a critical patch addressing CVE-2026-21992, a severe vulnerability affecting its software products. The flaw could allow attackers to execute arbitrary code or compromise systems if left unpatched. Oracle’s update is part of its regular Critical Patch Update cycle, which includes fixes for multiple […]
Zero-Click, Zero Effort, Maximum Trouble A vulnerability in a Claude browser extension enabled a zero-click attack scenario, allowing malicious content to execute without user interaction. The flaw could be exploited to access sensitive data or perform actions within the extension’s permissions. Researchers highlighted the risks associated with overly permissive browser extensions and insufficient validation of […]
MiTM Phishing Targets TikTok Business Accounts A new adversary-in-the-middle (MiTM) phishing campaign is targeting TikTok business accounts to bypass multi-factor authentication and steal credentials. Attackers use sophisticated proxy-based techniques to intercept login sessions in real time, allowing them to capture session cookies and gain account access. The campaign is particularly concerning due to its effectiveness […]
TA446 Deploys Leaked DarkSword iOS Spyware The threat group TA446 has been observed deploying a leaked version of the DarkSword iOS spyware toolkit in targeted campaigns. Originally developed for surveillance purposes, the tool enables data exfiltration, device monitoring, and remote control capabilities. Its leak has lowered the barrier to entry for cybercriminals, increasing the risk […]
NetScaler in the Spotlight: Attackers Circle Like Sharks Threat actors are actively scanning the internet for vulnerable Citrix NetScaler instances following recent disclosures of security flaws. Researchers observed widespread reconnaissance activity targeting exposed endpoints, suggesting attackers are preparing for exploitation at scale. While no confirmed mass exploitation has yet been reported, the level of scanning […]
Key Changes Guide – Willow vs Danzell Understand what’s changing from Willow to Danzell, what could now cause an automatic fail, and what your organisation needs to do before the new question set goes live. Download the guide to learn: When Danzell goes live and how the Willow grace period works for CE Basic and […]
Apple patches older devices because attackers do not care how old your iPhone is Apple released security updates for older iPhone, iPad and macOS Sonoma devices after a WebKit flaw, CVE-2023-43010, was found to have been used in the Coruna exploit kit. The company backported the fix to legacy supported versions so users on older […]
ThreatsDay Bulletin: OAuth Trap, EDR Killer and More The ThreatsDay bulletin pulled together a range of notable developments, including OAuth token theft, Signal and WhatsApp account hijacking, Zombie ZIP archive evasion, cloud weaknesses, malware delivered through Microsoft Teams, AI-platform compromise and botnet activity. One highlighted technique, Zombie ZIP (CVE-2026-0866), uses malformed ZIP headers to evade […]
