Latest Threats & Blogs
Lumma Stealer spreads via LOLbin - mshta.exe
Threat Brief
The observed execution chain demonstrates a multi-stage delivery mechanism used to deploy Lumma Stealer. The infection begins through mshta.exe, which retrieves a remote payload hosted on …
Interlock Ransomware - New Deployment Techniques
Threat Brief :
The Interlock ransomware group continues to target organizations globally, with a pronounced focus on entities in the United Kingdom and the United States—particularly within the education sector. …
The Interlock ransomware group continues to target organizations globally, with a pronounced focus on entities in the United Kingdom and the United States—particularly within the education sector. …
Inside a Telegram-Powered Phishing Kit
Threat Brief
Behind the Curtain: How a Phishing Page Steals Credentials Using TelegramA technical teardown of a real-world credential harvesting kit abusing cloud messaging APIs
This blog analyzes a …
Fortinet FortiSIEM flaw is now being actively exploited threat actors
A critical vulnerability in Fortinet FortiSIEM, for which proof-of-concept exploit code is publicly available, is currently being actively exploited in real-world attacks.
Fortinet confirmed that the issue stems from an …
Potential Everest Ransomware Attack on McDonald’s India (January 2026)
On 20 January 2026, the Everest ransomware group publicly claimed responsibility for a cyberattack against McDonald’s India, alleging the exfiltration of ~861 GB of sensitive corporate and customer data. The …
Exploited MongoBleed vulnerability exposes MongoDB credentials across 87,000 servers
Threat Brief : MongoBleed Heap overflow vulnerability
On December 19, 2025, MongoDB disclosed a serious security flaw known as MongoBleed (CVE-2025-14847). This vulnerability enables unauthenticated attackers to extract sensitive heap …
On December 19, 2025, MongoDB disclosed a serious security flaw known as MongoBleed (CVE-2025-14847). This vulnerability enables unauthenticated attackers to extract sensitive heap …
Typosquatted Packages Deploy Multi-Stage Credential Harvester
Security researchers discovered 10 dangerous, fake software packages on the npm registry that have been actively stealing user login information for over four months, accumulating nearly 10,000 downloads. These packages …
PhantomRaven attack floods npm with credential-stealing packages
An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.
The activity started in August and deployed …