Latest
- Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. [...]
- ZionSiphon malware designed to sabotage water treatment systems
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]
- ZionSiphon malware designed to sabotage water treatment systems
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]
- NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
- NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
- Intel refreshes non-Ultra Core CPUs with new silicon for the first time
For the first time in a while, the benefits of new Intel tech will trickle down.
- Intel refreshes non-Ultra Core CPUs with new silicon for the first time
For the first time in a while, the benefits of new Intel tech will trickle down.
- OpenAI starts offering a biology-tuned LLM
GPT-Rosalind is an LLM trained on biology workflows, available in closed access.
- OpenAI starts offering a biology-tuned LLM
GPT-Rosalind is an LLM trained on biology workflows, available in closed access.
- RedSun: How Windows Defender's Remediation Became a SYSTEM File Write
  submitted by   <a href="https://www.reddit.com/user/TakesThisSeriously"> /u/TakesThisSeriously </a> <br/> <span><a href="https://nefariousplan.com/posts/redsun-windows-defender-system-write">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/…
- RedSun: How Windows Defender's Remediation Became a SYSTEM File Write
submitted by /u/TakesThisSeriously [link] [comments]
- World Leaks: RDP Access Leads to Custom Exfiltration and Personalized Extortion
<!-- SC_OFF --><div class="md"><p>Two day intrusion. RDP brute force with a company specific wordlist, Cobalt Strike, and a custom Rust exfiltration platform (RustyRocket) that connected to over 6,900 unique Cloudflare IPs over 443 to pull data from every reachable host over SMB.</p> <p…
- World Leaks: RDP Access Leads to Custom Exfiltration and Personalized Extortion
Two day intrusion. RDP brute force with a company specific wordlist, Cobalt Strike, and a custom Rust exfiltration platform (RustyRocket) that connected to over 6,900 unique Cloudflare IPs over 443 to pull data from every reachable host over SMB. Recovered the operator README documenting three operating modes and a companion pivoting proxy for segmented networks. Personalized extortion notes addressed by name to each employee with separate templates for leadership and staff. Writeup includes scr…
- As they got close to the Moon, Artemis II astronauts were eager to land
"If you had given us the keys to the lander, we would have taken it down."
- As they got close to the Moon, Artemis II astronauts were eager to land
"If you had given us the keys to the lander, we would have taken it down."
- Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure
New tool builds on deepset’s Haystack toward a “decentralized open source AI ecosystem.”
- Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure
New tool builds on deepset’s Haystack toward a “decentralized open source AI ecosystem.”
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. [...]
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. [...]
- HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
<!-- SC_OFF --><div class="md"><p><a href="/u/albinowax">u/albinowax</a> ’s work on request smuggling has always inspired me. I’ve followed his research, watched his talks at DEFCON and BlackHat, and spent time experimenting with his labs and tooling.</p> <p>Coming from…
- HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
u/albinowax ’s work on request smuggling has always inspired me. I’ve followed his research, watched his talks at DEFCON and BlackHat, and spent time experimenting with his labs and tooling. Coming from a web security background, I’ve explored vulnerabilities both from a black-box and white-box perspective — understanding not just how to exploit them, but also the exact lines of code responsible for issues like SQLi, XSS, and broken access control. Request smuggling, however, always felt differe…
- Dark Matter May Be Made of Black Holes From Another Universe
A model of the cyclic universe suggests that dark matter could be a population of black holes predating the Big Bang.
- Dark Matter May Be Made of Black Holes From Another Universe
A model of the cyclic universe suggests that dark matter could be a population of black holes predating the Big Bang.
- North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
- North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
- Ad firms settle with Trump FTC over claims they boycotted conservative media
FTC aims to stamp out brand-safety standards that hurt Breitbart and Musk's X.
- Ad firms settle with Trump FTC over claims they boycotted conservative media
FTC aims to stamp out brand-safety standards that hurt Breitbart and Musk's X.
- 'Harmless' Global Adware Transforms Into an AV Killer
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.
- 'Harmless' Global Adware Transforms Into an AV Killer
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.
- Europe’s Online Age Verification App Is Here
Available for free to any company that wants to use it, the “completely anonymous” app puts the pressure on porn sites and social media platforms to start blocking access by minors.
- Europe’s Online Age Verification App Is Here
Available for free to any company that wants to use it, the “completely anonymous” app puts the pressure on porn sites and social media platforms to start blocking access by minors.
- New Codex features include the ability to use your computer in the background
An in-app browser allows visual feedback while building websites and more.
- New Codex features include the ability to use your computer in the background
An in-app browser allows visual feedback while building websites and more.
- The Online Fiction Boom Reimagining China’s History
Chinese fantasy novels reimagine the past with modern tech and ideology. A new book argues they also help reinforce authoritarian politics.
- The Online Fiction Boom Reimagining China’s History
Chinese fantasy novels reimagine the past with modern tech and ideology. A new book argues they also help reinforce authoritarian politics.
- Musk v. Altman Is a Battle for OpenAI’s Soul
In Musk v. Altman, a jury will soon determine whether OpenAI has strayed from its founding mission to ensure AGI benefits humanity. Here’s what to know.
- Musk v. Altman Is a Battle for OpenAI’s Soul
In Musk v. Altman, a jury will soon determine whether OpenAI has strayed from its founding mission to ensure AGI benefits humanity. Here’s what to know.
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to t…
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos
- The UK Launches Its $675 Million Sovereign AI Fund
In a bid to minimize dependence on technology from other countries, the UK government is plowing resources into homegrown AI startups.
- The UK Launches Its $675 Million Sovereign AI Fund
In a bid to minimize dependence on technology from other countries, the UK government is plowing resources into homegrown AI startups.
- Google's AI Mode Update Tries to Kill Tab Hopping in Chrome
Google latest update to AI Mode in its Chrome browser is designed to keep the chatbot-style search tool always around once you start an online search journey.
- Google's AI Mode Update Tries to Kill Tab Hopping in Chrome
Google latest update to AI Mode in its Chrome browser is designed to keep the chatbot-style search tool always around once you start an online search journey.
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
- Two-Factor Authentication Breaks Free from the Desktop
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
- Two-Factor Authentication Breaks Free from the Desktop
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
- Microsoft's Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
- Microsoft's Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
- Anthropic Plots Major London Expansion
As tensions with the US government mount, Anthropic has leased a new office with enough space to quadruple its 200-person head count in London.