Emergence Mid-2022. Qilin, also known as Agenda, first appeared as a Go-based ransomware targeting Windows systems, later expanding into cross-platform operations. Qilin Agenda Go-Based Cross-Platform Mid-2022 Attribution Moderate confidence in Russian-speaking operators. Evidence includes Cyrillic encodings, windows-1251-character sets, and behavioral overlaps with other Eastern European RaaS ecosystems. Russian-Speaking Cyrillic Encodings
SmudgedSerpent
TRENDING TOPICS NOV 05, 2025 SmudgedSerpent Hackers Target U.S. Policy Experts with Iranian-Themed Phishing Lures A newly identified threat cluster dubbed UNK_SmudgedSerpent has launched a series of espionage-driven phishing attacks against U.S.-based academics and foreign policy experts focusing on Iran. According to Proofpoint researchers, the campaign
SesameOp
TRENDING TOPICS NOV 04, 2025 SesameOp: Backdoor Leveraging OpenAI API for Covert Command-and-Control Microsoft’s Incident Response team identified a stealthy backdoor, labeled SesameOp, that repurposes the OpenAI Assistants API as an off-the-shelf command-and-control channel. The implant comprises an obfuscated[.]NET loader injected into developer tooling via AppDomainManager manipulation, and
MONTHLY WRAP MONTHLY WRAP Overview In October 2025, attackers systematically weaponized trusted platforms, cloud services, and developer pipelines to achieve stealthy access, persistent footholds, and broad monetization. Campaigns moved beyond conventional email phishing into professional networks, hosted cloud assets,
Session Smuggling
TRENDING TOPICS NOV 03, 2025 Agent Session Smuggling: How Malicious AI Hijacks Victim Agents The newly uncovered agent session smuggling attack exposes a critical flaw in multi-agent AI ecosystems, allowing a malicious AI agent to hijack active communication sessions through the Agent2Agent (A2A) protocol. Unlike traditional one-shot prompt injections, this
CVE-2025-59287 Critical Windows Server Update Service UNSAFE DESERIALIZATION UNAUTHENTICATED A critical vulnerability in Windows Server Update Service (WSUS) allows remote, unauthenticated attackers to execute arbitrary code over a network by exploiting unsafe deserialization of untrusted data, potentially compromising entire update infrastructure. Mitigation: Apply Microsoft's security update immediately and
Microsoft
TRENDING TOPICS OCT 30, 2025 Microsoft’s October Cloud Outage: Root Cause Identified On Wednesday, October 29, 2025, Microsoft experienced a significant global outage that began at approximately 16:00 UTC. The disruption affected both the Azure cloud platform and the Microsoft 365 business suite, leaving thousands of customers unable
Browser AI Model Key Features Known Issues Perplexity Comet Proprietary model with API access Full agentic capabilities including navigation, screenshot parsing, and task automation Vulnerable to Commadjacking and PromptFix, enabling data exfiltration and drive-by downloads OpenAI Atlas GPT-4 Turbo Natural language omnibox and autonomous task execution Omnibox injection allows prompt-based
Intel TDX
TRENDING TOPICS OCT 29, 2025 New TEE[.]fail Attack Breaks Intel and AMD Trusted Execution Environments via DDR5 Memory Weakness Security researchers have disclosed a critical hardware-based vulnerability known as TEE[.]fail, which undermines the foundational guarantees of Intel TDX and AMD SEV-SNP Trusted Execution Environments (TEEs). The attack exploits
Active Directory
TRENDING TOPICS OCT 28, 2025 Domain-Join Accounts: A Quiet, Consistent Path to AD Compromise Active directory domain-join accounts are routinely exposed during device buildouts and imaging, where their passwords are often stored in clear text across deployment steps and configuration stores. Discovered by Shelltrail, once an attacker gets credentials from
CoPhish
TRENDING TOPICS OCT 27, 2025 CoPhish Exploit Abuses Copilot Studio to Steal OAuth Tokens and Bypass Cloud Defenses Researchers have discovered a new phishing technique, named CoPhish, that abuses Microsoft Copilot Studio to steal OAuth tokens and hijack user accounts. The attack takes advantage of the trust users place in
UNC6229
CVE-2025-6950 Critical Moxa Network Appliances HARDCODED SECRET KEY TOKEN FORGERY Moxa network appliances use a hard-coded secret key to sign JSON Web Tokens (JWT), allowing attackers to forge valid authentication tokens and gain full administrative control over affected devices without any valid credentials. Mitigation: Update firmware immediately, rotate all JWT