Schedule a Demo

Cyber Security

Cyber Security
Cyber Security

Windows 11 New Security Feature Denies Unauthorized Access to System Files

windows-11-new-security-feature-denies-unauthorized-access-to-system-files

Microsoft has introduced a significant security control in the latest Windows 11 preview update designed to restrict unauthorized interaction with critical system files. Released as part of the January 2026 non-security preview (KB5074105), this enhancement specifically targets the Storage settings menu, a sensitive area of the operating system that reveals detailed information about drive usage, […]

Critical Johnson Controls Products Vulnerabilities Enables Remote SQL Injection Attacks

critical-johnson-controls-products-vulnerabilities-enables-remote-sql-injection-attacks

A critical advisory addressing a severe SQL injection vulnerability affecting multiple Johnson Controls industrial control system products. The vulnerability, tracked as CVE-2025-26385, carries a maximum CVSS v3 severity score of 10.0, indicating the highest level of risk to affected infrastructure. The flaw stems from improper neutralization of special elements used in command injection, allowing remote […]

Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

moltbook-ai-vulnerability-exposes-email-addresses,-login-tokens,-and-api-keys

A critical vulnerability in Moltbook, the nascent AI agent social network launched late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for its registered entities amid hype over 1.5 million “users.” Researchers revealed an exposed database misconfiguration allowing unauthenticated access to agent profiles, enabling bulk data extraction. This […]

AutoPentestX Automated Penetration Testing Toolkit Designed for Linux systems

autopentestx-automated-penetration-testing-toolkit-designed-for-linux-systems

AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command. Developed by Gowtham Darkseid and released in November 2025, it generates professional PDF reports while emphasizing safe, non-destructive testing. AutoPentestX targets Kali Linux, Ubuntu, and Debian-based distributions, automating OS detection, port scanning, service enumeration, and vulnerability checks. […]

Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail

metasploit-releases-7-new-exploit-modules-covering-freepbx,-cacti-and-smartermail

The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit modules targeting commonly used enterprise software. The highlight of this release is a sophisticated trio of modules directed at FreePBX, alongside critical remote code execution (RCE) capabilities for Cacti and SmarterMail. This […]

UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS

uat-8099-targets-vulnerable-iis-servers-using-web-shells,-powershell,-and-region-customized-badiis

A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims in Thailand and Vietnam, marking a strategic shift toward region-specific operations. The attackers exploit unpatched […]

175,000 Exposed Ollama Hosts Enable Code Execution and External System Access

175,000-exposed-ollama-hosts-enable-code-execution-and-external-system-access

A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly exposed due to simple configuration changes that administrators make without fully […]

TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome

tamecat-powershell-based-backdoor-exfiltrates-login-credentials-from-microsoft-edge-and-chrome

A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage group that has been actively targeting high-value senior defense and government officials worldwide. The threat […]

Hackers Weaponized Open VSX Extension with Sophisticated Malware After Reaching 5066 Downloads

hackers-weaponized-open-vsx-extension-with-sophisticated-malware-after-reaching-5066-downloads

A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted malware code that activates when developers open HTML or TypeScript files. The extension operated undetected […]

Exposed Open Directory Leaks BYOB Framework Across Windows, Linux, and macOS

exposed-open-directory-leaks-byob-framework-across-windows,-linux,-and-macos

Threat researchers have uncovered an actively serving command and control server hosting a complete deployment of the BYOB framework following the discovery of an exposed open directory. The server, located at IP address 38[.]255[.]43[.]60 on port 8081, was found distributing malicious payloads designed to establish persistent remote access across Windows, Linux, and macOS systems. Hosted […]