Securityblog

Is there a better way to learn than using real data from real intrusions? This is why we developed DFIR Labs, a one-stop-shop where you can work through various cases and see how your skills stack up to intruders. 💪 Start flexing your skills here: thedfirreport.com/products/dfir-…

LAST CALL FOR 2ND WAVE TICKETS! The countdown is on: 2nd wave tickets are almost SOLD OUT! If you’ve been thinking about joining us at BSides Porto 2026, this might be your sign 👀 Link is in the comments👇🏻 #bsides #secondwave #tickets #cybersecurity #event #hacking #infosec

⚠️ May 2026 attacks showed one clear pattern: routine business actions became attack paths. Fake invitations, #AgentTesla, BlobPhish, OTP #phishing and RMM abuse all exposed gaps in SOC visibility. See how to speed up triage against them 👇 any.run/cybersecurity-…

The power of Phorion Protections is nuts 🔥 Being built into the EDR gives you full historical analytics on any file/process controls that you implement. Prevent anomalous activity wherever you can, and where you can’t - have the detections in place to catch edge cases.

🚨 Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials & Drain Crypto Wallets Source: cybersecuritynews.com/russian-hacker… A solo Russian-speaking threat actor leveraged a jailbroken instance of Google Gemini to run a five-year MAGA-themed influence operation, crack WordPress administrator credentials, and empty at least one victim's cryptocurrency wallet, all at near-zero cost using stolen API keys. The full operational infrastructure of a threat actor tracked as "bandcampro", exposing a sophisticated, AI-assisted fraud and credential theft campaign that had been active since 2021. The actor operated the Telegram channel @]americanpatriotus, which accumulated approximately 17,000 subscribers by impersonating an American military veteran and targeting politically engaged audiences aligned with QAnon and MAGA movements. #cybersecuritynews

🚨 India’s CERT-In has directed organizations to patch known exploited vulnerabilities in internet-facing systems within 12 hours where feasible as AI tools accelerate cyber attacks. The guidance cites faster vulnerability discovery, phishing, malware generation, and exploitation workflows. Read: thehackernews.com/2026/05/cert-i…

HP is investigating flawed BIOS updates pushed as "Critical" via Windows Update that are bricking premium ZBook Ultra and EliteBook X laptops overnight. #HP #BIOSUpdate #SysAdmin #TechNews2026 #ZBook #EliteBook #WindowsUpdate meterpreter.org/hp-bios-update…

Learn how a sophisticated phishing campaign leverages VS Code Remote Tunnels abuse to bypass security and control enterprise networks. #Cybersecurity #VSCode #Phishing #ThreatIntel #Malware #Infosec securityonline.info/vs-code-remote…

🚀 FuzzingLabs is now part of the @NVIDIA Inception Program! We're building FuzzForge, our AI agents platform leveraging GPU infrastructure for Continuous Offensive Validation on firmware, binaries & embedded systems. Scaling fine-tuned Qwen, Gemma & DeepSeek for offensive security. 🔥 #NVIDIAInception #AI #Cybersecurity

Very interesting paper, I think the system would have been much more reliable with a YARA Skill and an agent rather than just feeding the traces to an LLM with a prompt. With a well crafted skill with scripts and assets, you avoid false positive, formatting issuesand other errors! 😊

CNX Software piece on V2X2MAP an MIT-licensed Android app by Peter Holzhauser (Pit711) that pairs with a cheap Waveshare ESP32-C5 dual-band Wi-Fi board to receive the European ITS-G5 / 802.11p V2X stack and plot CAM, DENM, SPATEM and MAPEM messages on a live map. Includes the legal disclaimer carried inside the app and a defenders view of the privacy and detection implications. core-jmp.org/2026/05/v2x2ma…

🚨 One shared key. Every deployment at risk. Attackers exploited CVE-2026-5426 in the KnowledgeDeliver LMS to gain unauthenticated RCE through hard-coded ASP-NET machineKeys, deploy the Godzilla (BLUEBEAM) web shell, and deliver Cobalt Strike Beacon on vulnerable internet-facing systems. Read 🠒 thehackernews.com/2026/05/knowle…

1/ Wrote up some notes on hiding on Windows — how DKOM corrupts kernel-object enumeration, how BYOVD chains scrub their own traces (PiDDB, MmUnloadedDrivers, CI cache), what modern in-process tradecraft looks like (manual map, ghosting, ProcessInstrumentationCallback, ETW patching), and how cross-view detection holds up from active-list checks through TPM-anchored boot attestation. 🔗kernullist.github.io/kernullist-blo…

🚨 Iranian hackers deployed a new AI-assisted backdoor called MiniFast. thehackernews.com/2026/05/irania… IRGC-linked group Nimbus Manticore targeted aviation, software, telecom, and energy sectors across the U.S., Europe, and the Middle East. The campaigns used: • Phishing lures • SEO poisoning • Trojanized Zoom and SQL Developer installers • Fake meeting invites • AppDomain hijacking Activity was tracked between February and April 2026.

Open-source FPGA recreation of Intel’s 80386 that runs the original recovered Intel microcode rather than re-implementing instruction behaviour from scratch. The result is an 8 K-line, 18 K-ALUT, 85 MHz core that boots DOS, runs DOS/4GW and DOS/32A extenders, and plays Doom and Doom II — with detailed comparison against 486 and a clear silicon-archaeology angle relevant to reverse engineers and hardware security researchers. core-jmp.org/2026/05/z386-o…

We paired time travel debugging with an #AI agent on a noisy 7B-instruction ARM64 Android trace. In ~10 minutes, it traced the MTProto v2 decryption chain down to AES-IGE and correctly described the execution flow. Full write-up 👇 eshard.com/blog/telegram-…

Hackers are actively exploiting a critical Ghost CMS SQL flaw (CVE-2026-26980) to hijack 700+ websites and serve fake Cloudflare ClickFix malware overlays. #GhostCMS #CVE202626980 #Cybersecurity #ClickFix #Malware #Infosec2026 #SQLInjection meterpreter.org/ghost-cms-cve-…

Finally, the NXP PN512-based relay mode is ready for real-world testing... 🥳 The great surprise: it’s punchy enough to handle manual anticollision in emulation (with SPI at 10 MHz!) 😇 The Pico’s dual-core (2x RISC-V here) helps avoid dropping packets, but isn't essential

Our Vercel bill was $25k per month. We just switched to Cloudflare and our spend is $2k per month. This is your sign to switch to Cloudflare

Denis Laskov’s “Eye on Cyber” pointer to a USENIX Security 2025 paper by Onishi et al. The research shows that MEMS microphones, because of their PDM (Pulse Density Modulation) digital interface, radiate unintended EM signals that still carry the original audio. With nothing more than copper-foil-tape antennas, the authors recovered enough signal through a 25 cm concrete wall at 2 m to hit 93% speaker-recognition accuracy — a TEMPEST-class result for cheap consumer mics. core-jmp.org/2026/05/mems-m…