Researchers discovered a modular, "cloud-first" framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments.

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding attack surface.

An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.

Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector.

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises.