A powerful new method of short-term covert command-and-control (C2) using mainstream web-conferencing services.
Dubbed “Ghost Calls,” this technique repurposes real-time communication protocols—built for low-latency audio and video streaming—as a high-bandwidth, interactive C2 channel that seamlessly blends into an organization’s normal network traffic.
At Black...
In a groundbreaking presentation at Black Hat USA 2025, security researcher Dirk-jan Mollema revealed a suite of advanced lateral movement techniques that exploit the hybrid trust model between on-premises Active Directory (AD) and Microsoft Entra ID.
Despite recent hardening efforts, these techniques demonstrate that...
Nvidia this week reaffirmed its commitment to hardware integrity, categorically denying industry speculation that its GPUs contain secret “kill switches” or backdoors that would allow remote disabling or surveillance.
In a statement posted on the company’s official blog, Nvidia executives emphasized that introducing single...
A critical vulnerability in HTTP/1.1 protocol that exposes tens of millions of websites to hostile takeover through sophisticated desynchronization attacks.
Despite six years of vendor mitigation efforts, PortSwigger's latest research demonstrates that HTTP/1.1 remains fundamentally insecure, with attackers consistently bypassing deployed protections.
The vulnerability...
WhatsApp and its parent company Meta have removed over 6.8 million accounts connected to organized fraud networks during the first six months of 2025, marking one of the platform's most aggressive anti-scam enforcement actions to date.
The takedown targeted criminal scam centers primarily operating...
A sophisticated social engineering operation by the Black Basta ransomware group has exposed critical vulnerabilities in remote access security, with cybercriminals successfully compromising enterprise systems in under five minutes using nothing more than phone calls and Microsoft's own support tools.
NCC Group's Digital Forensics and...