Massive Phishing Campaign Targeting Ukraine Defense Contractors

Nearly 900 spoofed domains impersonate defense and aerospace firms supporting Ukraine. Credential theft and malware delivery linked to large phishing ops.

How Russian Disinformation Campaigns Exploit Domain Registrars

Russia is abusing domain registrars to run global disinformation campaigns. Learn how spoofed infrastructure enables phishing, propaganda, and evasion.

Stealthy WordPress Malware Exploits Mu-Plugins Directory

Attackers are hiding malware in WordPress mu-plugins, bypassing detection and gaining persistent access. Learn how it works and how to secure your site.

🎓️ Vulnerable U | #109

SignalGate, Next.js auth vuln, Kubernetes major RCE bug, Chinese shell companies hiring laid off gov employees, and much more!

Chrome Zero Day CVE-2025-2783 Used in Targeted Attacks

Critical Bugs In Ingress-NGINX Allow Kubernetes Cluster Takeover

Critical Next.js CVE-2025-29927 Flaw Disclosed

🎓️ Vulnerable U | #108

More CISA DOGE drama, US softening on Russia cyber defenses, 60M malware app downloads from Google Play Store, Massive Github supply chain hack, and much more!

Apache Tomcat CVE-2025-24813 Under Attack

CISA Warns of Supply Chain Compromise of tj-actions/changed-files GitHub Action

CISA Adds Apple CVE-2025-24201 to KEV Catalog

🎓️ Vulnerable U | #107

CISA having a bad time, Microsoft and Google Threat Intel full of goodies this week, SSRF on the rise as per GreyNoise, and much more!