Claude Extension Zero-Day

Zero-Click, Zero Effort, Maximum Trouble A vulnerability in a Claude browser extension enabled a zero-click attack scenario, allowing malicious content to execute without user interaction. The flaw could be exploited to access sensitive data or perform actions within the extension’s permissions. Researchers highlighted the risks associated with overly permissive browser extensions and insufficient validation of […]

Read More

TikTok Accounts Under Siege

MiTM Phishing Targets TikTok Business Accounts A new adversary-in-the-middle (MiTM) phishing campaign is targeting TikTok business accounts to bypass multi-factor authentication and steal credentials. Attackers use sophisticated proxy-based techniques to intercept login sessions in real time, allowing them to capture session cookies and gain account access. The campaign is particularly concerning due to its effectiveness […]

Read More

iPhones Not So Untouchable After All

TA446 Deploys Leaked DarkSword iOS Spyware The threat group TA446 has been observed deploying a leaked version of the DarkSword iOS spyware toolkit in targeted campaigns. Originally developed for surveillance purposes, the tool enables data exfiltration, device monitoring, and remote control capabilities. Its leak has lowered the barrier to entry for cybercriminals, increasing the risk […]

Read More

Citrix NetScaler Under Active Recon

NetScaler in the Spotlight: Attackers Circle Like Sharks Threat actors are actively scanning the internet for vulnerable Citrix NetScaler instances following recent disclosures of security flaws. Researchers observed widespread reconnaissance activity targeting exposed endpoints, suggesting attackers are preparing for exploitation at scale. While no confirmed mass exploitation has yet been reported, the level of scanning […]

Read More

Apple Issues Security Updates for Older Devices

Apple patches older devices because attackers do not care how old your iPhone is Apple released security updates for older iPhone, iPad and macOS Sonoma devices after a WebKit flaw, CVE-2023-43010, was found to have been used in the Coruna exploit kit. The company backported the fix to legacy supported versions so users on older […]

Read More

OAuth Trap EDR Killer

ThreatsDay Bulletin: OAuth Trap, EDR Killer and More The ThreatsDay bulletin pulled together a range of notable developments, including OAuth token theft, Signal and WhatsApp account hijacking, Zombie ZIP archive evasion, cloud weaknesses, malware delivered through Microsoft Teams, AI-platform compromise and botnet activity. One highlighted technique, Zombie ZIP (CVE-2026-0866), uses malformed ZIP headers to evade […]

Read More

Veeam Patches 7 Critical Backup Vulnerabilities

If your backups are vulnerable, things get awkward quickly Veeam released fixes for seven critical vulnerabilities in Backup & Replication, including several remote code execution flaws with CVSS scores as high as 9.9. The issues affect version 12 builds prior to 12.3.2.4465, with additional fixes included in version 13.0.1.2067. Some bugs allow authenticated domain users […]

Read More

Storm-2561 Spreads Trojan VPN

Fake VPNs: because regular phishing apparently wasn’t enough Microsoft detailed a campaign by Storm-2561 that used SEO poisoning and fake software sites to push trojanised VPN clients. Victims searching for legitimate enterprise VPN tools were redirected to malicious ZIP files and MSI installers, in some cases hosted via GitHub, that masqueraded as trusted products. The […]

Read More

GlassWorm Supply-Chain Attack

GlassWorm Supply-Chain Attack Abuses Open VSX Extensions A new phase of the GlassWorm campaign abused 72 malicious Open VSX extensions and affected 151 GitHub repositories, targeting developers through software supply-chain channels. Researchers said the attackers escalated their tactics by abusing extensionPack and extensionDependencies, allowing seemingly harmless extensions to later pull in malicious ones after trust […]

Read More