New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer...

A Real-Time Approach to Autonomous CAN Bus Reverse Engineering

This paper introduces a real-time method for reverse engineering a vehicle's CAN bus without prior knowledge of the vehicle or its CAN system. By comparing inertial measurement and CAN data during significant vehicle events, the method accurately identified the CAN channels associated with the...

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

Djena_Bertrand

Description This the writeup on the challenges we solved duri...

The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses...

Static Design to Adaptive Control: How Artificial Intelligence Improves Modern Material Handling Equipment Systems

AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering...

Assessing Spear-Phishing Website Generation in Large Language Model Coding Agents

Large Language Models are expanding beyond being a tool humans use and into independent agents that can observe an environment, reason about solutions to problems, make changes that impact those environments, and understand how their actions impacted their environment. One of the most common...

PT-2026-7972

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

CVE-2025-8668

CVE-2025-8668 describes an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in E-Kalite Turboard software. The issue permits Reflected XSS via input that is not properly sanitized during page generation. Affected timeframe: Turboard from 2025.07 through 11022026. Th...

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised...

Man tricked hundreds of women into handing over Snapchat security codes

Fresh off a breathless Super Bowl Sunday, we're less thrilled to bring you this week's Weirdo Wednesday. Two stories caught our eye, both involving men who crossed clear lines and invaded women's privacy online. Last week, 27-year-old Kyle Svara of Oswego, Illinois admitted to hacking women's...

ZOLL ePCR IOS Mobile Application

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information PHI or device telemetry. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

Ilevia EVE X1 Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

CVE-2025-36033

CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...

IBM Engineering Lifecycle Management - Global Configuration Management 跨站脚本漏洞

IBM Engineering Lifecycle Management - Global Configuration Management is a configuration management software provided by IBM Corporation. Versions 7.0.3 to 7.0.3 Interim Fix 017 and 7.1.0 to 7.1.0 Interim Fix 004 of IBM Engineering Lifecycle Management - Global Configuration Management contain...