Optimal Routing and Link Configuration for Covert Heterogeneous Wireless Networks in the Presence of a Friendly Jammer

In modern radio networks, nodes frequently access multiple communication interfaces such as WiFi, cellular, LoRa, and Zigbee. Optimal utilization of such heterogeneous networks HetNets at link and network levels is essential for ensuring efficient and secure communication. Some applications requi...

MAECO-Lite: Modular Ontology for Dynamic Malware Analysis

Capturing dynamic malware behavior in a practical but still semantically precise manner remains a significant challenge in cyber threat intelligence. While standards such as MAEC and STIX provide widely adopted vocabularies for describing malware artifacts and observations, they represent data wi...

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

Autonomous Adversary: Red-Teaming in the Age of LLM

Language Model Agents LMAs are emerging as a powerful primitive for augmenting red-team operations. They can support attack planning, adversary emulation, and the orchestration of multi-step activity such as lateral movement, a core enabling capability of advanced persistent threat APT campaigns...

Safeguarding Skies: Airport Cybersecurity in the Digital Age

The aviation industry faces significant vulnerabilities from both physical and cybersecurity threats, highlighting the urgent need for enhanced cybersecurity measures amid increasingly sophisticated attacks. This paper systematically reviews emerging threats at airports, analyzing real-world...

CVE-2026-24468 OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...

Threat Intelligence for Exposure Management: How TI Powers Smarter CTEM Programs

Your security team has access to more vulnerability data than ever before. Scanners produce thousands of findings each week. Threat feeds deliver a steady stream of indicators. Yet most organizations still struggle with the same fundamental problem: deciding what to fix first. The disconnect...

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

In this article 1. Storm-2755’s attack chain 2. Defending against Storm-2755 and AiTM campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Microsoft Incident Response – Detection and Response Team DART researchers observed an emerging, financially motivated...

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

In this article 1. Storm-2755’s attack chain 2. Defending against Storm-2755 and AiTM campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Microsoft Incident Response – Detection and Response Team DART researchers observed an emerging, financially motivated...

From the field to the report and back again: How incident responders can use the Year in Review

Every year, Cisco Talos publishes Year in Review, a comprehensive look at the previous year's threat landscape. It's drawn from an enormous volume of telemetry, such as endpoint detections, network traffic, email data, and boots-on-the-ground Cisco Talos Incident Response Talos IR engagements. As...

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actor...

The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR

The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR By Maulik Maheta and Henry Bernabe · March 23, 2026 Executive summary As organizations adopt an identity-first security posture, adversaries are increasingly exploiting the "identity fabric” using...

CLIOPATRA: Extracting Private Information from LLM Insights

As AI assistants become widely used, privacy-aware platforms like Anthropic's Clio have been introduced to generate insights from real-world AI use. Clio's privacy protections rely on layering multiple heuristic techniques together, including PII redaction, clustering, filtering, and LLM-based...

CVE-2026-30794

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android HTTP API client, TLS transport modules allows Adversary in the Middle AiTM. This vulnerability is associated with program files src/hbbshttp/httpclient.Rs and...

CVE-2026-30794

CVE-2026-30794 affects RustDesk Client (rustdesk-client) on Windows, macOS, Linux, iOS, and Android up to version 1.4.5. It arises from improper certificate validation in the HTTP API client and TLS transport modules, specifically involving TLS retry with danger_accept_invalid_certs(true). The is...

PT-2026-23459

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android HTTP API client, TLS transport modules allows Adversary in the Middle AiTM. This vulnerability is associated with program files src/hbbs http/http client.Rs and...

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

In this article 1. Operational overview of Tycoon2FA 2. Mitigation and protection guidance 3. Microsoft Defender detections Following its emergence in August 2023, Tycoon2FA rapidly became one of the most widespread phishing-as-a-service PhaaS platforms, enabling campaigns responsible for tens of...

CVE-2025-31648

Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local...