Malicious Chrome Extensions
A coordinated campaign of malicious Chrome extensions is actively targeting enterprise SaaS platforms-specifically HR and ERP systems such as Workday, NetSuite, and SAP SuccessFactors. This is not opportunistic malware. It is a deliberate identity takeover operation engineered to bypass modern security controls by exploiting the most trusted layer in the enterprise stack: the browser. With […]
Microsoft 365 credentials
A new phishing campaign is exploiting trusted cloud infrastructure-and it changes the threat model entirely. Attackers are abusing Google Cloud services to bypass traditional email security controls and steal Microsoft 365 credentials. Any organisation running Microsoft 365 is a potential target. This is not classic phishing. This is trusted cloud abuse. Phishing attacks no longer […]
vulnerability (CVE-2025-69258)
A critical vulnerability (CVE-2025-69258) has been disclosed in Trend Micro Apex Central for Windows, exposing on-premise deployments to remote code execution with SYSTEM privileges. This is not theoretical-this impacts the core security infrastructure of organisations. The Issue Tracked as CVE-2025-69258, CVSS 9.8 Root cause: unsafe DLL loading (LoadLibraryEX) Vulnerable process: MsgReceiver.exe Attack vector: crafted message […]
Stolen Data Against the Thief
Why Data Resilience Is the Next Frontier of AI Security For years, AI security focused on models: prompt injection, jailbreaks, poisoning during training, and inference-time manipulation. But a more dangerous shift is underway. AI systems are no longer being attacked through their code. They are being attacked through their data. Recent research demonstrates a new […]
Microsoft 365 credentials
A new phishing campaign is exploiting trusted cloud infrastructure-and it changes the threat model entirely. Attackers are abusing Google Cloud services to bypass traditional email security controls and steal Microsoft 365 credentials. Any organisation running Microsoft 365 is a potential target. This is not classic phishing. This is trusted cloud abuse. Phishing attacks no longer […]
Phishing Campaign Abuses Google Infrastructure
This is not spoofing. This is platform abuse. A newly identified phishing campaign marks a dangerous shift in how attackers exploit trust on the internet. Instead of impersonating Google through fake domains or lookalike emails, threat actors are now abusing legitimate Google infrastructure itself to conduct large-scale credential theft. Thousands of organizations worldwide have already […]
Shai Hulud Variant
A known malware strain has resurfaced-with purpose, planning, and continued investment. Security researchers have identified a new, heavily modified variant of the Shai Hulud malware, and this is not a recycled threat or a low-effort fork. The changes observed indicate active maintenance, deliberate obfuscation, and functional refinement by the original threat actors. Most critically, development […]
npm Packages Became Phishing Infrastructure
This was not a malware campaign. There were no trojans, no ransomware, no weaponized installers. Instead, attackers turned a trusted software supply chain platform into phishing infrastructure. A sustained campaign abused the npm ecosystem to harvest credentials, bypassing traditional malware delivery entirely. The primary targets were not developers, but sales and commercial teams inside organizations […]
Chrome extension breach
The Trust Wallet Chrome extension breach was not a failure of cryptography. It was not a blockchain exploit. It was not a smart contract bug. It was a software supply chain attack-and it succeeded precisely because it targeted the most trusted layer in the stack. Within hours, millions of dollars were drained from user wallets. […]
Parrot OS 7.0
Parrot OS 7.0 is not a routine Linux upgrade. It is a full system rewrite designed for the realities of modern security testing. For penetration testers, red teams, security consultants, and enterprise labs, this release marks a baseline shift in how offensive and defensive security environments are built and maintained. This is not about new […]