Wynn Resorts confirms employee data breach after extortion threat
Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang's data leak site.
US sanctions Russian exploit broker for buying cyber tools stolen from defense contractor
1Campaign platform helps malicious Google ads evade detection
A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers.
Phishing operation with links to Russia, Armenia compromised Western cargo companies, researchers find
Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
The U.S. Treasury announced it was imposing sanctions against a Russian broker of zero-day exploits, its founder and two affiliates, citing a threat to U.S. national security. Another affiliated zero-day broker in the United Arab Emirates was also sanctioned.
CarGurus data breach exposes information of 12.4 million accounts
The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform.
Android Deep Dive: Implicit Intents
Hacktive Security - Advanced Cyber Security Services
Android Deep Dive: Deep and App Linking
Hacktive Security - Advanced Cyber Security Services
Android Deserialization Deep Dive
Hacktive Security - Advanced Cyber Security Services
CVE-2025-25362: Old Vulnerabilities, New Victims – Breaking LLM Prompts with SSTI
Hacktive Security - Advanced Cyber Security Services
Lessons from a Blue Team failure
Hacktive Security - Advanced Cyber Security Services
🇮🇹 Conosciamo Edoardo Ottavianelli – Penetration Tester
Hacktive Security - Advanced Cyber Security Services
CVE-2025-47943: Stored XSS in Gogs via PDF
Hacktive Security - Advanced Cyber Security Services
Introduction to OPSEC (Part 2)
Hacktive Security - Advanced Cyber Security Services
Ghostwire: a clear, lightweight Docker toolkit for Web, networking, and Active Directory.
Hacktive Security - Advanced Cyber Security Services
CVE-2025-67511: Tricking a Security AI Agent Into Pwning Itself
Hacktive Security - Advanced Cyber Security Services
US ‘committed’ to fighting transnational gangs behind Southeast Asian scam compounds: FBI
Microsoft adds Copilot data controls to all storage locations
Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location.
Sandworm_Mode: il “worm” della supply chain NPM
Un attacco che riprende la logica Shai-Hulud, ma sposta l’asticella sul toolchain moderno Una recente analisi dei ricercatori di Socket, un’azienda specializzata in sicurezza informatica, ha svelato una nuova campagna d’attacco alla supply chain dello sviluppo software colpendo NPM, l’ecosistema dove risiedono migliaia di librerie Javascript largamente usate dai programmatori di tutto il mondo. L’attacco …
Crypto platform Step Finance shutting down after $40 million theft
Reddit fined $20 million by UK for not effectively checking users’ ages
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align.
UK fines Reddit $19 million for using children’s data unlawfully
The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards.
NightBeacon: Rapid Deployment of AI Capabilities
What NightBeacon Is NightBeacon is Binary Defense’s AI-powered threat analysis platform built to take real-world security inputs—logs, files, and emails—and turn them into clear, explainable risk signals that analysts can act on fast. Less than 24 hours later, the detection techniques described in that research were live in production inside NightBeacon, Binary Defense’s AI-powered threat analysis platform. This post breaks down exactly how that happened, focusing on the architecture, the detection logic, and the implementation details that allowed new threat research to become operational almost immediately.
Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals
UAE claims it stopped ‘terrorist’ ransomware attack
PromptSpy e l’ingresso della GenAI nel malware per Android
PromptSpy è la prima minaccia Android a integrare l’AI generativa nel proprio flusso di attacco, impiegando direttamente il modello durante l’esecuzione del malware sul dispositivo della vittima e introducendo capacità di adattamento dinamico finora assenti negli strumenti tradizionali basati su script statici
Critical SolarWinds Serv-U flaws offer root access to servers
SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers.
ShinyHunters extortion gang claims Odido breach affecting millions
The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems.
North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East
North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East