Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...

I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

Threat Actors Using AWS WorkMail in Phishing Campaigns

Introduction At Rapid7, we track a wide range of threats targeting cloud environments, where a frequent objective is hijacking victim infrastructure to host phishing or spam campaigns. Beyond the obvious security risks, this approach allows threat actors to offload their operational costs onto th...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CTT-Citrix-RCE-v1.0---Convergent-Time-Theory-Enhanced-Exploit...

Real-World Adversarial Attacks on RF-Based Drone Detectors

Radio frequency RF based systems are increasingly used to detect drones by analyzing their RF signal patterns, converting them into spectrogram images which are processed by object detection models. Existing RF attacks against image based models alter digital features, making over-the-air OTA...

Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming

Generative AI is reshaping offensive cybersecurity by enabling autonomous red team agents that can plan, execute, and adapt during penetration tests. However, existing approaches face trade-offs between generality and specialization, and practical deployments reveal challenges such as...

EUVD-2005-1498

Malware in sbrugna...

EUVD-2006-0845

Malware in sbrugna...

EUVD-2011-1933

Malware in sbrugna...

Automatic Red Teaming LLM-Based Agents with Model Context Protocol Tools

The remarkable capability of large language models LLMs has led to the wide application of LLM-based agents in various domains. To standardize interactions between LLM-based agents and their environments, model context protocol MCP tools have become the de facto standard and are now widely...

GHSA-8R4J-24QV-FMQ9 Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

Summary Using idlelib.calltip.Calltip.fetchtip, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.Calltip.fetchtip function in reduce method The...

From Cracks to Crooks: YouTube As a Vector for Malware Distribution

With billions of users and an immense volume of daily uploads, YouTube has become an attractive target for cybercriminals aiming to leverage its vast audience. The platform's openness and trustworthiness provide an ideal environment for deceptive campaigns that can operate under the radar of...

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package nam...

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control C2 channel. "'Fast flux' is a technique used to...

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker aka Monstrous Mantis, FIN7, FIN8, and Ruthless Mantis ex-REvil. "Ragnar Loader plays a key role in keeping access to...

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike...

Android malware FakeCall intercepts your calls to the bank

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The...

New Linux Malware ‘Perfctl’ Targets Millions by Mimicking System Files

New Linux malware 'Perfctl' is targeting millions worldwide, mimicking system files to evade detection. This sophisticated malware compromises…...