A critical vulnerability in AI-integrated enterprise systems that allows threat actors to gain privileged access through seemingly innocent support tickets.
This attack method, dubbed "Living off AI," exploits the Model Context Protocol (MCP) implementations in platforms like Atlassian's Jira Service Management, demonstrating how the...
A two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port.
The vulnerabilities , disclosed on June 13, 2025, could enable remote attackers to trigger denial-of-service (DoS) conditions, potentially crashing servers and disrupting services.
The...
A sophisticated cyber attack campaign that exploited a Google Chrome zero-day vulnerability in March 2025, with investigators now linking the operation to a persistent threat actor group.
The Positive Technologies Expert Security Center analyzed the attack targeting the previously unknown vulnerability, tracked as CVE-2025-2783,...
Researchers recently uncovered that the attackers are deploying advanced techniques to evade even the most secured security environments.
The latest trend? Using stealthy, obfuscated system calls (syscalls) to bypass Endpoint Detection and Response (EDR) solutions and neutralize logging mechanisms like Event Tracing for Windows (ETW).
How...
In a striking escalation of attack sophistication, advanced threat actors are now leveraging “stealth syscalls” to systematically evade Windows security monitoring tools including Event Tracing for Windows (ETW), Sysmon, and modern Endpoint Detection and Response (EDR) solutions.
This new wave of malware employs multiple technical...