Guardio Labs analysts have observed that attackers are using Grok, the AI assistant integrated into the social network X, to circumvent link-posting restrictions that the platform has implemented to combat malicious advertising.
CONTINUE READING 🡒 
Researcher finds a way to hack Chinese Pudu service robots
An independent cybersecurity researcher known as BobDaHacker discovered security issues in Pudu Robotics (a leading global supplier of commercial service robots). The vulnerabilities allowed attackers to redirect the robots to any location and force them to execute…
CONTINUE READING 🡒 
Supercharge Nmap: Advanced Penetration Testing with Firewall Evasion, Dirbusting, DoS…
Nmap is the gold standard among port scanners and one of a pentester’s most important tools. But can you honestly say you’ve mastered all its features and use cases? In this article, you’ll learn how to use…
CONTINUE READING 🡒 
Google patched 120 Android vulnerabilities, including two 0-days
Google developers released security updates for Android that fixed 120 vulnerabilities in the operating system. According to the company, two of the issues had already been exploited by attackers in targeted campaigns.
CONTINUE READING 🡒 
Hackers abuse the Velociraptor forensics tool
Sophos cybersecurity specialists have highlighted a cyberattack in which unidentified threat actors used the open-source forensic tool for endpoint monitoring Velociraptor.
CONTINUE READING 🡒 
Decoding Ping, Traceroute, and WHOIS Output for Effective Network Troubleshooting
Ping, traceroute, and whois are among the first tools new admins learn. Many people who aren’t network specialists stop there—and that’s a mistake. With the standard toolset you can pull far more information about a problem than…
CONTINUE READING 🡒 
Cyberattack disrupts Jaguar Land Rover production
Automaker Jaguar Land Rover (JLR) announced that it was forced to take a number of systems offline due to a cyberattack. The incident appears to have affected the automaker’s manufacturing and retail operations.
CONTINUE READING 🡒 
Why Smartphone Home Screens Are Broken—and Why I Built AIO…
I don’t know about you, but I’ve always found it odd that a powerful smartphone—connecting people to each other and to the rest of the world—uses an utterly useless, uninformative screen of icons as its primary interface.…
CONTINUE READING 🡒 
Cloudflare blocked the largest-ever DDoS attack — 11.5 Tbps
The record for DDoS attack power set in June 2025 has already been broken. Cloudflare announced that it recently blocked the largest DDoS attack on record, whose peak bandwidth reached 11.5 Tbps.
CONTINUE READING 🡒 
Google Didn’t Ask 2.5 Billion Gmail Users to Change Passwords
Last week, media reports claimed that Google was allegedly notifying all Gmail users (about 2.5 billion people) en masse to urgently change their passwords and enable two-factor authentication. Google representatives say that reports of security issues in…
CONTINUE READING 🡒 
Wardriving Hardware Guide: Building a Wi‑Fi Pentesting Toolkit with USB…
Wardriving—essentially Wi‑Fi traffic capture—always starts with choosing the right hardware. That’s exactly what we’ll do: in a handy Q&A, we’ll break down what devices are out there, which tasks they’re best suited for, and what to pick…
CONTINUE READING 🡒 
FreePBX Servers Under Attack Due to a 0-Day Vulnerability
Developers at Sangoma Technologies Corporation have warned about an actively exploited 0-day vulnerability in FreePBX that affects systems with the administration panel exposed to the internet.
CONTINUE READING 🡒 
Bug in VS Code allows reuse of deleted extension names
Researchers have discovered an issue in the Visual Studio Code Marketplace that allowed attackers to reuse the names of previously deleted extensions.
CONTINUE READING 🡒 
Inside Magma: How the Russian GOST R 34.12-2015 block cipher…
In the previous installment of our “import-substitution misadventures,” we took a deep dive into the Kuznyechik (Grasshopper) block cipher defined in GOST 34.12–2015. Alongside Kuznyechik, the standard also specifies another cipher with a 64-bit block size called…
CONTINUE READING 🡒 
Authentication bypass bug found in the Passwordstate enterprise password manager
Click Studios, the company behind the Passwordstate enterprise password manager, has warned customers to urgently apply a patch to fix a critical authentication bypass vulnerability.
CONTINUE READING 🡒 
F6 researchers discover new Phantom stealer
In June 2025, researchers discovered a new malicious activity they named Phantom Papa. The attackers sent emails in Russian and English with malicious attachments containing the new Phantom stealer.
CONTINUE READING 🡒 
Google warns of large-scale data theft linked to Salesloft’s AI…
Last week it emerged that hackers had compromised the Salesloft sales automation platform and stole customers’ OAuth and refresh tokens from its Drift AI agent, which is designed to integrate with Salesforce. As Google has now warned,…
CONTINUE READING 🡒 
HDR+ Explained: What It Is and How to Enable It…
Over the past four years, the cameras in Google’s Pixel and Nexus lineups have made a major leap forward: Google introduced a software-based photo post-processing system called HDR+. In this article, we’ll explain how it works and…
CONTINUE READING 🡒 
Zero-Day Vulnerability in WhatsApp for iOS and macOS Patched
The messenger’s developers have fixed a 0-day vulnerability in the iOS and macOS versions. According to the company, the new issue, along with a recently disclosed Apple bug, may have been used in “sophisticated attacks targeting specific…
CONTINUE READING 🡒 
Firefox Patches Vulnerability Discovered by a Positive Technologies Expert
Exploitation of the vulnerability became possible after injecting malicious code into an arbitrary website, allowing an attacker to steal credentials and redirect users to phishing pages.
CONTINUE READING 🡒