Schedule a Demo

Cyber Security

Cyber Security
Cyber Security

Joomla Novarain/Tassos Framework Vulnerabilities Enables SQL injection and Unauthenticated File Read

joomla-novarain/tassos-framework-vulnerabilities-enables-sql-injection-and-unauthenticated-file-read

Joomla Novarain/Tassos Framework Vulnerabilities Websites running the Novarain/Tassos Framework are vulnerable to critical security flaws that allow unauthenticated file read, file deletion, and SQL injection attacks, potentially leading to remote code execution and full administrator takeover on unpatched systems. The issues affect multiple popular Tassos extensions and require urgent patching through the vendor’s updated releases. […]

Critical BeyondTrust Vulnerability Exploited in the Wild to Gain Full Domain Control

critical-beyondtrust-vulnerability-exploited-in-the-wild-to-gain-full-domain-control

BeyondTrust Vulnerability Exploit A critical vulnerability tracked as CVE-2026-1731 is being actively exploited in the wild, enabling attackers to gain full domain control over affected systems. Threat actors are leveraging this flaw to execute operating system commands remotely without authentication. The flaw, discovered in self-hosted BeyondTrust deployments, allows unauthenticated attackers to run arbitrary OS commands via specially crafted […]

Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop

windows-11-kb5077181-security-update-causing-some-devices-to-restart-in-an-infinite-loop

Windows 11 KB5077181 Security Update Microsoft’s February 10, 2026, security update KB5077181 for Windows 11 versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread reports of critical boot failures just days after deployment. Users describe devices entering infinite restart loops, often exceeding 15 cycles, preventing access to the desktop. This cumulative update delivers […]

PentestAgent AI Penetration Testing Tool With Prebuilt Attack Playbooks and HexStrike Integration

pentestagent-ai-penetration-testing-tool-with-prebuilt-attack-playbooks-and-hexstrike-integration

PentestAgent PentestAgent, an open-source AI agent framework from developer Masic (GH05TCREW), has introduced enhanced capabilities, including prebuilt attack playbooks and seamless HexStrike integration. Released on GitHub by a researcher with the alias GH05TCREW, this tool leverages large language models (LLMs) like Claude Sonnet or GPT-5 via LiteLLM to conduct sophisticated black-box security assessments. PentestAgent operates […]

New Clickfix Attack Uses DNS Hijacking to Spread Malware

new-clickfix-attack-uses-dns-hijacking-to-spread-malware

Clickfix Attack DNS Hijacking spread malware A new evolution in the ClickFix social engineering campaign, which now employs a custom DNS hijacking technique to deliver malware. This attack method tricks users into executing malicious commands that utilize DNS lookups to fetch the next stage of the infection, allowing attackers to bypass traditional detection methods and […]

Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users

threat-actors-exploit-claude-artifacts-and-google-ads-to-target-macos-users

Threat Actors Exploit Claude Artifacts Google Ads A sophisticated malware campaign targeting macOS users through Google-sponsored search results and legitimate platforms, including Anthropic’s Claude AI and Medium. The campaign has already reached over 15,000 potential victims through two distinct attack variants that exploit users’ trust in established online services. 15,000 potential victims (Source: Twitter) The […]

Threat Actor Allegedly Selling Critical Severity OpenSea 0-day Exploit Chain on Hacking Forums

threat-actor-allegedly-selling-critical-severity-opensea-0-day-exploit-chain-on-hacking-forums

OpenSea 0-day Exploit Chain A threat actor is reportedly selling a purported critical severity zero-day exploit chain targeting OpenSea for $100,000 USD in Bitcoin or Monero. The listing claims the vulnerability remains unpatched and undisclosed, raising alarms in the NFT community. The exploit allegedly targets flaws in OpenSea’s Seaport protocol order validation logic across Ethereum […]

CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks

cisa-warns-of-microsoft-configuration-manager-sql-injection-vulnerability-exploited-in-attacks

CISA Warns Microsoft Configuration Manager SQL Injection Vulnerability CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM). Tracked as CVE-2024-43468, this flaw lets unauthenticated attackers run malicious commands on servers and databases. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 12, 2026, agencies must patch […]

Malicious Chrome AI Extensions Attacking 260,000 Users via Injected IFrames

malicious-chrome-ai-extensions-attacking-260,000-users-via-injected-iframes

Malicious Chrome AI Extensions Attacking 260000 Users via Injected IFrames A coordinated campaign is using malicious Chrome extensions that impersonate popular AI tools like ChatGPT, Claude, Gemini, and Grok. These fake “AI assistants” spy on users through injected, remote-controlled iframes, turning helpful browser add-ons into surveillance tools. More than 260,000 users have installed these extensions. […]

Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts

chrome-extensions-infected-500k-users-to-hijack-vkontakte-accounts

Over half a million VKontakte users have fallen victim to a sophisticated malware campaign that silently hijacks accounts through seemingly harmless Chrome extensions. The malicious extensions, disguised as VK customization tools, automatically subscribe users to attacker-controlled groups, reset account settings every 30 days, and manipulate security tokens to maintain persistent control. What appeared as simple […]