Summary Researchers from Resecurity’s HUNTER team discovered a publicly accessible ASP.NET Core configuration file (appsettings.json) that exposed Azure Active Directory credentials (ClientId and ClientSecret). With those secrets, attackers can use…
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Summary An AI-driven offensive research pipeline, built by two independent Israeli security researchers, automatically generates proof-of-concept exploit code from CVE advisories, code patches…
Jaguar Land Rover Shuts Down in Scramble to Secure ‘Cyber Incident’ Summary Jaguar Land Rover (JLR) shut down parts of its IT systems after a cyber incident that began on…
Hackers Are Sophisticated & Impatient — That Can Be Good Summary Ensar Seker argues that modern ransomware groups behave like professional SaaS businesses: organised, efficient and goal-oriented. They are sophisticated…
NIST Enhances Security Controls for Improved Patching Summary The US National Institute of Standards and Technology (NIST) released version 5.2.0 of its Security and Privacy Control catalog to help organisations…
WordPress Woes Continue Amid ClickFix, TDS Threats Summary Recent reports detail widespread campaigns abusing vulnerable or malicious WordPress plugins to hijack site traffic and funnel visitors to malware, tech-support scams…
Zscaler, Palo Alto Networks Breached via Salesloft Drift Summary A widespread supply-chain compromise of the Salesloft Drift marketing SaaS has led to downstream breaches affecting hundreds of customers, including security…
WhatsApp, Apple warn of highly targeted attacks with zero-day vulnerability Summary WhatsApp has patched a zero-day vulnerability (CVE-2025-55177) that it says allowed “incomplete authorisation of linked device synchronisation messages.” The…
Moscow reportedly hires hackers who breached city’s school system Summary Moscow city officials have reportedly employed three or four young hackers who had previously breached the Moscow Electronic School (MES),…
Amazon Stymies APT29 Credential Theft Campaign Summary Amazon’s threat intelligence team uncovered and disrupted a watering‑hole credential‑theft campaign run by APT29 (also known as Midnight Blizzard/Cozy Bear) that redirected victims…
