CVE-2026-10126

creationtimestamp| type| source ---|---|--- 2026-05-30 08:16:21+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-10126 2026-05-30 19:34:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3sacepx62n 2026-05-30 20:00:42+00:00| seen|...

Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market

Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market By Boggavarapu R S S Srinivas Gupta and Ravishankar N C · March 12, 2026 Introduction In the evolving landscape of cybercrime, threat actors are constantly pursuing the "perfect" weapon: malwa...

CVE-2026-22819

creationtimestamp| type| source ---|---|--- 2026-01-13 03:49:39+00:00| published-proof-of-concept| https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g 2026-01-24 21:25:20+00:00| seen| https://gist.github.com/alon710/52873410611d79f78190bd047a0a9e39...

Proactively Detecting Threats: A Novel Approach Using LLMs

Enterprise security faces escalating threats from sophisticated malware, compounded by expanding digital operations. This paper presents the first systematic evaluation of large language models LLMs to proactively identify indicators of compromise IOCs from unstructured web-based threat...

ESET Threat Report H2 2025

This is the H2 2025 issue of the ESET Threat Report. It covers everything from AI malware to NFC threat trends. The threat statistics and trends presented in this report are based on global telemetry data from ESET...

Security by Design: Why Multi-Factor Authentication Matters More Than Ever

In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational - embedded into products and service...

EUVD-2025-79817

Malicious code in amusedkoidumbs npm...

CVE-2025-30402

creationtimestamp| type| source ---|---|--- 2025-07-11 19:03:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114836150017822027...

CVE-2024-8956

creationtimestamp| type| source ---|---|--- 2024-09-17 23:08:32+00:00| seen| https://t.me/cvedetector/5846 2024-09-17 23:58:54+00:00| seen| https://t.me/cvedetector/5858 2024-09-24 09:29:12+00:00| seen| https://t.me/CyberBulletin/876 2024-09-24 10:52:17+00:00| published-proof-of-concept|...

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence CTI remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...

Attacks, Vulnerabilities and Actors 13 to 19 May 2024

...

Cyber Horizon Annual Threat Report 2023

...

CVE-2024-23759

creationtimestamp| type| source ---|---|--- 2024-02-12 23:26:14+00:00| seen| https://t.me/ctinow/183490 2024-02-15 08:17:07+00:00| seen| https://t.me/ctinow/185327 2024-04-19 19:35:28+00:00| seen|...

CVE-2023-33202

creationtimestamp| type| source ---|---|--- 2024-01-25 15:26:17+00:00| seen| https://t.me/ctinow/173513...

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. We want to thank Mathias Kujala for working with the Velociraptor team to identify and rectify this issue. It has been fixed as of Version 0.7.0-4, released November 6, 2023. CVSS · HIGH ·...

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

Metasploit Weekly Wrap-Up

Pumpkin Spice Modules Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a new and improved library to interact wi...

A Critical Vulnerability in Openfire Admin Console Actively Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-32315 in Ignite Realtime Openfire, enabling unauthorized access to privileged pages. Attackers exploit this by bypassing authentication, prompting immediate updates for...

Join us for VeloCON 2023: Digging Deeper Together!

September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor...

Unmasking Decoy Dog Malware Toolkit Hiding in DNS Traffic

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Decoy Dog, a sophisticated malware toolkit uses DNS for C2 communication, evading detection with its wildcard-type behavior and encryption methods. Its origin remains mysterious, and the malwares...