Darktrace researchers have discovered a new DDoS botnet that infects misconfigured Docker containers and then sells access to customers so they can launch attacks themselves.
CONTINUE READING 🡒 
Design and Implement a Custom TCP Protocol and C# Server…
You’ve dealt with plenty of protocols over the years—some you’ve used, others you may have reverse‑engineered. Some were easy to read; others were indecipherable without a hex editor. In this article, I’ll show you how to design…
CONTINUE READING 🡒 
Ransomware operator involved in European airport disruptions arrested
The UK National Crime Agency (NCA) has arrested a suspect in a ransomware attack that disrupted operations at European airports earlier this week.
CONTINUE READING 🡒 
Kali Linux 2025.3 Released with Ten New Tools
The developers have released Kali Linux 2025.3 — the third release of this year, featuring 10 new tools, Nexmon support, and improvements to NetHunter.
CONTINUE READING 🡒 
Valve advises users who installed BlockBlasters to reinstall their OS
Valve is sending warnings to users who installed and launched the malicious game BlockBlasters, recently discovered on Steam. Affected users are advised to scan their systems with antivirus software and also consider a complete OS reinstallation.
CONTINUE READING 🡒 
An ‘Easter Egg’ in Telegram. How to log in without…
Telegram developers are continuously improving their product: the messenger gets more and more functions every year. But some of its cool features can turn, as of a sudden, into nasty bugs. This article discusses a curious vulnerability discovered when I was investigating…
CONTINUE READING 🡒 
How Keyloggers Evade Antivirus: A C# Proof of Concept
Full-fledged keyloggers packed with features and anti-detection measures can cost dozens, if not hundreds, of dollars. But a keylogger isn’t that complex, and if you want, you can build your own and even evade antivirus detection. In…
CONTINUE READING 🡒 
The Great Password Collider: Recovering Passwords from Hashes Without Heavy…
It’s often necessary to recover a password when all you have is its hash. You could brute-force it on your own machine, but it’s much faster to leverage existing databases. Even public datasets contain tens of millions…
CONTINUE READING 🡒 
Unpatched vulnerability in OnePlus devices allows any app to read…
Rapid7 specialists discovered a vulnerability in several versions of OxygenOS (the Android-based OS used on OnePlus devices). The bug allows any installed application to access SMS message data and metadata without permissions or user interaction.
CONTINUE READING 🡒 
Malicious npm package used QR codes to deliver malware
Researchers have discovered a malicious npm package, fezbox, that steals victims’ cookies. To keep the malicious activity unnoticed, QR codes are used to download the malware from the attackers’ server.
CONTINUE READING 🡒 
Speech-to-Speech: Building an AI Voice Cloning Neural Network
There are more and more ways to identify someone by their voice. At the same time, researchers are finding ways to bypass these mechanisms—both to protect personal data and to break into systems that rely on them.…
CONTINUE READING 🡒 
GitHub Tightens npm Security with Mandatory 2FA and Other Measures
GitHub developers reported that they are working on a set of protective measures aimed at countering supply chain attacks, which recently led to several major incidents on the platform.
CONTINUE READING 🡒 
Researchers have compiled a list of the 25 key MCP…
Adversa researchers have published an analysis of the top 25 Model Context Protocol (MCP) vulnerabilities. They describe this list as “the most comprehensive analysis of MCP vulnerabilities to date.”
CONTINUE READING 🡒 
Run Windows on iPhone with UTM: A Guide to Installing…
Want to play Windows games on your iPhone? Run macOS on an iPad? Or maybe you’ve dreamed of putting Android or Linux on those devices? It’s possible. Sounds crazy? Not really—iOS can run virtual machines with different…
CONTINUE READING 🡒 
Cloudflare Reports 22.2 Tbps DDoS Attack
Cloudflare reports a new record in the DDoS arena. The company mitigated a DDoS attack that peaked at a record 22.2 Tbps and 10.6 billion packets per second. Just three weeks ago, the company reported mitigating a…
CONTINUE READING 🡒 
US Secret Service discovered 100,000 SIM cards that “could have…
The U.S. Secret Service reported that in the New York region (the states of New York, New Jersey, and Connecticut), a network of electronic devices was discovered, concentrated around the venue of the UN General Assembly. More…
CONTINUE READING 🡒 
5 Simple Python Examples to Inspire You to Learn Python
Over the past decade, Python has exploded in popularity and shows no signs of slowing down—its use in both teaching programming and building applications keeps growing. Few languages can claim such broad appeal across fields as varied…
CONTINUE READING 🡒 
Fake password manager apps infect macOS with Atomic Stealer
LastPass developers warn that attackers are targeting macOS users and impersonating popular products, spreading infostealers via GitHub.
CONTINUE READING 🡒 
Customer data stolen from automaker Stellantis
Stellantis representatives reported that attackers gained access to a third-party service provider’s platform and stole data on North American customers. Apparently, this attack is related to the Salesforce breach.
CONTINUE READING 🡒 
Creating real-time video and audio deepfakes starts at $30
Experts at Kaspersky Lab discovered darknet ads offering real-time video and audio deepfake creation. The price of such services depends on the complexity and duration of the fake content, starting at $50 for video and $30 for…
CONTINUE READING 🡒