BlackSanta EDR killer targets HR teams through fake resume files
A newly documented malware campaign has spent more than a year targeting HR and recruitment staff with resume-themed lures and a kernel-level EDR killer called…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
BeatBanker Android malware hides as a fake Starlink app and can take over phones
BeatBanker is a newly documented Android threat that spreads through fake app pages posing as Google Play and, in one recent campaign, masqueraded as a…
Zombie ZIP can help malware hide inside ZIP files and evade security scans
Zombie ZIP is a newly disclosed archive evasion technique that can let malware pass through some antivirus and EDR checks by tampering with ZIP metadata.…
HPE warns of critical AOS-CX flaw that can let attackers reset admin passwords
Hewlett Packard Enterprise has patched a set of security flaws in Aruba Networking AOS-CX, including a critical authentication bypass issue that can let an unauthenticated…
Microsoft brings phishing-resistant Windows sign-ins with Entra passkeys
Microsoft is rolling out Entra passkeys on Windows, giving organizations a new way to offer phishing-resistant, passwordless sign-ins through Windows Hello. The feature lets users…
New KadNap botnet hijacks ASUS routers and turns them into criminal proxy nodes
A newly tracked botnet named KadNap is hijacking ASUS routers and other edge networking devices, then using them to relay malicious traffic for a cybercrime…
Dutch Intelligence Warns of Signal and WhatsApp Account Hijacking Attacks Targeting Officials and Journalists
Dutch intelligence agencies have issued a warning about an ongoing phishing campaign that attempts to hijack Signal and WhatsApp accounts. The attacks reportedly target government…
Ericsson U.S. discloses data breach affecting more than 15,000 people after vendor hack
Ericsson Inc., the U.S. subsidiary of Swedish telecom giant Ericsson, has disclosed a data breach that exposed personal information belonging to more than 15,000 employees…
Gogs flaw let attackers overwrite LFS files across repositories until 0.14.2 fix
Gogs has patched a critical security flaw that could let attackers overwrite Git Large File Storage objects across repositories on the same server. The issue,…
Microsoft patches publicly disclosed .NET DoS flaw that can crash apps with crafted requests
Microsoft has released security updates for CVE-2026-26127, a publicly disclosed denial-of-service vulnerability in .NET and Microsoft.Bcl.Memory. The flaw can let a remote, unauthenticated attacker crash…
Microsoft patches publicly disclosed SQL Server zero-day that can grant sysadmin rights
Microsoft has released fixes for CVE-2026-21262, a publicly disclosed SQL Server elevation of privilege flaw that can let an authenticated attacker raise privileges to the…
Fortinet patches 11 flaws across FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox
Fortinet has released a new set of security advisories covering 11 vulnerabilities across several enterprise products, including FortiManager, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager Cloud, FortiSwitchAXFixed, FortiSandbox,…
Zoom Workplace for Windows flaws can let attackers gain elevated access
Zoom has disclosed four Windows security vulnerabilities, including one Critical flaw that could let an unauthenticated attacker escalate privileges over the network. The issues affect…
Fortinet warns FortiManager flaw can let attackers run unauthorized commands
Fortinet has disclosed a high-severity FortiManager vulnerability that can let a remote, unauthenticated attacker execute unauthorized commands if a specific service is enabled. The flaw,…
Microsoft Patch Tuesday March 2026 Fixes 78 Security Flaws Including One Zero-Day
Microsoft released its March 2026 Patch Tuesday security updates on March 10, fixing 78 vulnerabilities across Windows, Microsoft Office, Azure services, SQL Server, .NET, and…