2+ hour, 2+ min ago  (247+ words) A severe privilege escalation vulnerability in IPVanish VPN for macOS allows local attackers to execute arbitrary code as root, bypassing key security features like code signature checks. Discovered by SecureLayer7 researchers, the flaw (CVE-PENDING) scores 8.8 on CVSS, rated HIGH due to…...

2+ hour, 11+ min ago  (596+ words) Telegram has evolved from a simple messaging app to a central hub for cybercriminal activity. This shift has transformed the landscape of cybercrime, offering modern threat actors unprecedented opportunities for coordination, operation, and scalability. Over Cyfirma the years, Telegram has…...

5+ hour, 18+ min ago  (231+ words) Microsoft has exposed cunning phishing attacks exploiting OAuth 2.0s built-in redirection features in Microsoft Entra ID and Google Workspace. Attackers skip credential theft or vulnerability exploits, instead weaponizing trusted protocol redirects to slip malware past defenses. Adversaries register malicious apps in…...

6+ hour, 40+ min ago  (466+ words) A new and sophisticated threat in the infostealer landscape is emerging AuraStealer. This infostealer, which debuted in mid-2025, has been gaining traction quickly and now targets a large, ever-evolving command-and-control (C2) infrastructure. The AuraStealer malware primarily targets the theft on sensitive user…...

23+ hour, 11+ min ago  (420+ words) Unlike old-school phishing kits with fake clones, Starkiller acts as a sneaky middleman, proxying traffic to the real sites. This lets attackers steal not just passwords, but session cookies and tokens after victims complete multi-factor authentication (MFA). Even if MFA…...

1+ day, 3+ hour ago  (517+ words) A sophisticated phishing campaign, named GTFire, has been discovered exploiting legitimate Google services like Firebase and Google Translate to bypass security defenses and harvest user credentials. The GTFire scheme uses Google-owned infrastructure to host fake login pages and disguise malicious…...

1+ day, 3+ hour ago  (366+ words) Google Chrome's Secure Web and Networking Team has announced a major step toward building a quantum-safe internet. The browser will adopt a new cryptographic mechanism called Merkle Tree Certificates (MTCs), a project grounded in the Internet Engineering Task Force's (IETF)…...

1+ day, 3+ hour ago  (358+ words) Between February 22 and February 25, 2026, GreyNoise observed a significant wave of reconnaissance activity targeting SonicWall firewalls. A total of 84,142 scanning sessions were conducted, originating from over 4,000 unique IP addresses across 20 autonomous systems. The activity, which primarily focused on SSL VPN enumeration,…...

1+ day, 3+ hour ago  (509+ words) CYJAX recently uncovered a sophisticated phishing campaign, OCRFix, that leverages the popular ClickFix attack technique to evade detection and deploy multi-stage malware. The campaign initially masqueraded as a legitimate Tesseract OCR tool site, using a typosquatted domain to trick users…...

1+ day, 7+ hour ago  (479+ words) A once-trustworthy browser extension, QuickLens, which was a Google Lens wrapper, has been exploited to execute remote code, bypass security headers, and inject malicious scripts. This incident serves as a chilling reminder of the risks associated with browser extension security,…...