A recent red team operation identified a significant security risk related to Microsoft Azure Arc, a service that bridges Azure management to on-premises and multi-cloud resources.
The team stumbled across a PowerShell onboarding script with a hardcoded Service Principal secret.
This credential, intended for...
In a recent security incident, the Wiz Research Team uncovered a sophisticated cyberattack targeting TeamCity, a popular continuous integration and delivery (CI/CD) platform, by abusing an exposed Java Debug Wire Protocol (JDWP) interface.
This attack highlights the risks of misconfigured debugging utilities and the...
In June 2025, cybersecurity researchers at NSFOCUS Fuying Lab detected a powerful new botnet named hpingbot proliferating across global networks.
Distinct from legacy threats, hpingbot is coded in Go and supports a range of platforms, including Windows, Linux, and IoT devices.
Notably, it’s engineered for multiple...
In a sophisticated new wave of social engineering attacks, cybercriminals are exploiting users’ trust in security measures by deploying a convincing fake Cloudflare verification screen.
This attack chain extends beyond traditional phishing, cleverly manipulating victims into executing malware that is deeply embedded within their...
Azure, Microsoft’s flagship cloud platform, faces new scrutiny after security researchers from Token Security uncovered critical misconfigurations in multiple built-in Azure roles, combined with a previously unreported API vulnerability that exposed VPN keys.
The findings reveal a high-risk attack chain enabling weak users to...
Cybercriminals have long abused common Top-Level Domains (TLDs) such as .com and .ru to launch widespread credential phishing campaigns.
However, recent threat intelligence from Cofense Intelligence reveals an alarming and persistent pattern: the .com TLD remains the most abused domain for hosting phishing content,...