Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lu...
Manufacturing
20 articles
Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover at...
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
ZDI-26-058: AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploi...
ZDI-26-056: Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the abili...
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices.
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-...
Researchers Uncover 454,000+ Malicious Open Source Packages
Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
ZDI-26-049: Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. User interaction is required to ...
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
PurpleBravo’s Targeting of the IT Software Supply Chain
Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like BeaverTail.
Global Agencies Release New Guidance to Secure Industrial Networks
CISA, NCSC and the FBI have released a new security guide to enhance protection for OT environments
Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion
While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data
Cyber Threat Actors Ramp Up Attacks on Industrial Environments
Hacktivists and cybercriminals have intensified their efforts to exploit vulnerabilities in industrial systems, according to a Cyble report
CodeBuild Flaw Put AWS Console Supply Chain At Risk
A critical AWS CodeBuild misconfiguration has exposed core repositories to potential attack
New ransomware tactics to watch out for in 2026
Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker ...
Detect Go’s silent arithmetic bugs with go-panikint
Go’s arithmetic operations on standard integer types are silent by default, meaning overflows “wrap around” without panicking. This behavior has hidden an en...
Palestine Action: Operations and Global Network
Explores Palestine Action’s post-designation global network, tactics, and targets, and evaluates key physical risks and mitigations for organizations.