Key TakeawaysSophisticated TTPs: The Evasive Panda APT utilizes advanced techniques, including DNS poisoning and adversary-in-the-middle (AitM) attacks.Geographic focus: The campaign has primarily targeted victims in…

Key TakeawaysDeceptive distribution: The WebRAT malware is being distributed through GitHub repositories disguised as PoC exploits for high-severity flaws.Targeted audience: Focus shifted from gamers to…

Key TakeawaysAntitrust penalty: Italy's competition authority fined Apple €98.6 million for abusing its dominant market position through the App Tracking Transparency framework.Double consent: The investigation…

Key Takeaways Service paralysis: A suspected DDoS attack disrupted La Poste's websites and mobile apps, causing significant delays in parcel delivery days before Christmas. Banking…

Key Takeaways Operation disruption: The Department of Justice seized a database containing stolen user credentials used to facilitate unauthorized bank account takeovers. Preventative action: This…

Key Takeaways Deceptive VPN service: Two extensions, active since 2017, masquerade as a legitimate VPN service, tricking users into paying for a subscription. Traffic interception:…

Key Takeaways Widespread disruption: 1,000 computer systems were compromised in a Romanian Water Agency attack, forcing a return to communication via radio and telephone. Living…

Key Takeaways Vendor-related breach: A server managed by Red Hat, a third-party vendor developing a customer management system for Nissan, was accessed by hackers. Affected…

Windscribe Anonymous Account: Login uses a 32-character hash, no email, username, or password required. Privacy-focused design: Reduces personal data storage, avoids password reuse, supports random…

Vlad Korsunsky – Tenable HoldingsVlad Korsunsky has been named Chief Technology Officer and Managing Director of Tenable Israel, where he will guide the company’s technology…

Key Takeaways High impact: The NPM package lotusbail, downloaded over 56,000 times, functions as a malicious backdoor that steals WhatsApp credentials, messages, and contact lists.…

NordVPN & Saily Finds Loyalty Accounts Theft: Thousands of airline and hotel loyalty accounts sold cheaply on dark web forums. Airlines & Hotels Targeted: American,…

NordVPN OpenWrt Routers: Headless VPN package launched in December 2025 for full-network router-level VPN protection. OpenWrt Router Support: Uses NordLynx protocol, managed via JSON configuration…

Key Takeaways Legitimate tool misuse: Nezha, a legitimate open-source server monitoring tool, is used as a full-featured RAT for post-exploitation activities. Full system control: Its…

Key Takeaways Polygraph examination: Acting CISA Director Madhu Gottumukkala reportedly did not pass a polygraph examination scheduled to grant him access to sensitive intelligence. Staff…

EU Chat Control 2.0 Update: Going Dark/ProtectEU aims to access encrypted data, potentially including VPN services. Data Retention Plans: EU seeks broader metadata rules covering…

Privacy Impact: UK Children’s Wellbeing Bill mandates client-side scanning, potentially banning end-to-end encryption and open-source operating systems. VPN and Age Checks: Bill restricts VPNs for…

What GotaTun Is: Rust-based WireGuard implementation, forked from BoringTun, focused on Mullvad's performance, reliability, and privacy features. Why It Was Needed: wireguard-go caused over 85%…

Festive Limited-Time Offer: Trust.Zone offers 2-year plan plus 1 year free, limited to 1,000 activations Discounted Add-On Features: Its add-ons include dedicated IPs, extra devices,…

Cybersecurity activity intensified across law enforcement, enterprises, and cloud environments. Authorities advanced ransomware prosecutions with arrests and cross-border extraditions while major data exposures and fraud…