Collaborate Disseminate
HoneyMyte (Mustang Panda) is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia. Continue reading HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks
Warning for EmEditor users: A third-party breach tampered with the official download link between Dec 19–22, 2025. Learn how to identify the fake installer and protect your data from infostealer malware. Continue reading EmEditor Homepage Download Button Served Malware for 4 Days
Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report. Continue reading New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations
Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data. Continue reading Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players
Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed. Continue reading Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert
Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data. Continue reading Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats
Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs – Eurostar later accused them of blackmail. Continue reading Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws
Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords. Continue reading New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords
Romania’s national water authority, Romanian Waters, was hit by a major ransomware attack affecting 1,000 systems but dams remain safe. Learn how authorities are fighting back without paying the ransom. Continue reading Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline
Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how “Anna’s Archive” bypassed security, and why experts warn against downloading the leaked files. Continue reading Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape