Cyber Due Diligence
Attackers Season Spam With a Touch of ‘Salt’
Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanism...
Security Concerns Shadow Vibe Coding Adoption
In a recent poll, readers shared how they're using vibe coding in AppDev (if they are at all). While some found success, others found t...
Medusa Ransomware Actors Exploit Critical Fortra GoAnywhere Flaw
Researchers say exploitation of CVE-2025-10035 requires a private key, and it's unclear how Storm-1175 threat actors pulled this off.
Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE
A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instan...
Cyberattackers Exploit Zimbra Zero-Day Via ICS
A threat actor purporting to be from the Libyan Navy's Office of Protocol targeted Brazil's military earlier this year using the rare t...
Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw
The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.
Chinese Gov’t Fronts Trick the West to Obtain Cyber Tech
Outwardly neutral Chinese institutions have been collaborating with Western orgs and researchers for the benefit of PRC state intellige...
Self-Propagating Malware Hits WhatsApp Users in Brazil
The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud fina...
Scattered Lapsus$ Hunters Returns With Salesforce Leak Site
After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce custo...