Skip to main content

Cybersecurity

General cybersecurity news and analysis

TP-Link VPN Routers: Exclusive Critical Flaws Exposed

TP-Link VPN Routers: Exclusive Critical Flaws Exposed

Think your TP‑Link VPN router is protecting your network? New Forescout research reveals critical flaws that can let attackers intercept traffic and maintain persistent access—update firmware, disable WAN management, and change default credentials now.

Analyst 207
Lumma Stealer: Exclusive Report on Dangerous Vidar 2.0

Lumma Stealer: Exclusive Report on Dangerous Vidar 2.0

When stolen‑credential marketplaces start to look like legit app stores, everyone loses—Lumma Stealer’s resurgence and the reborn Vidar 2.0 (Vidar 20) are fueling a sustained, hard‑to‑detect threat through Q4 2025. Read our exclusive to learn the practical steps defenders and everyday users need now: validate IOCs, tighten MFA, and sharpen telemetry.

Analyst 207
Shattered router with exposed internal components surrounded by glowing code and a partially unlocked padlock.

TP-Link VPN Routers Exclusive: Severe Security Flaws

Heads-up: researchers found critical, actively exploited flaws in TP‑Link VPN routers that can give attackers persistent access to your network and traffic. Update firmware, disable unnecessary remote management, replace default passwords, and swap unsupported devices to lock your front door again.

Analyst 207
TP-Link VPN Routers: Stunning Critical Flaws Found

TP-Link VPN Routers: Stunning Critical Flaws Found

Think your TP‑Link VPN router is the guardian of your home network? Researchers discovered critical, actively exploited flaws that can let attackers intercept traffic or gain persistent access—patch, disable WAN management, or replace affected devices now.

Analyst 207
TP-Link VPN Routers: Exclusive Critical Flaw Revealed

TP-Link VPN Routers: Exclusive Critical Flaw Revealed

Researchers just found the keys to TP‑Link VPN routers: critical flaws could let attackers hijack home and small‑business networks to snoop, redirect traffic, or stage wider attacks. Patch now, disable unnecessary remote management, and treat your router like vital infrastructure before it’s too late.

Analyst 207
Dark laptop screen with distorted CAPTCHA, Ukraine map, cracked glass, and ominous glowing eyes in shadows.

PhantomCaptcha Campaign: Stunning Threat to Ukraine Aid

What if the message promising help handed attackers the keys? The PhantomCaptcha campaign did exactly that — a surgical phishing blitz using believable impersonation and innocuous-looking attachments to steal credentials and threaten Ukraine relief efforts.

Analyst 207
PhantomCaptcha Campaign Exclusive: Critical Ukraine Threat

PhantomCaptcha Campaign Exclusive: Critical Ukraine Threat

Meet the PhantomCaptcha campaign: a short, surgical phishing blitz that tricks aid groups with believable emails and weaponized attachments to steal credentials and install persistent backdoors. The result puts NGOs, local governments and Ukraine relief efforts at risk of disrupted operations, exposed donor and logistics data, and long‑term compromise.

Analyst 207
JLR Hack UK Exclusive: Devastating £1.9bn Hit

JLR Hack UK Exclusive: Devastating £1.9bn Hit

A late‑September cyber-attack on Jaguar Land Rover froze production, threatened jobs and forced ministers to underwrite up to £1.5bn — turning a corporate breach into an estimated £1.9bn crisis that asks: who ultimately pays?

Analyst 207
PhantomCaptcha Campaign: Exclusive Danger to Ukraine Relief

PhantomCaptcha Campaign: Exclusive Danger to Ukraine Relief

PhantomCaptcha hijacks trusted-looking emails to trick aid workers into opening weaponized attachments that install credential stealers and remote access tools, risking disruption of Ukraine relief operations. Learn its tradecraft—plausible senders, urgent subjects, and innocuous file types—so a single click doesn’t hand attackers the keys.

Analyst 207
MuddyWater Exclusive: Dangerous Global Phishing Campaign

MuddyWater Exclusive: Dangerous Global Phishing Campaign

Get an exclusive look at the dangerous global MuddyWater phishing campaign—how it operates, who it targets, and simple, practical steps you can take today to stay protected.

Analyst 207
MuddyWater Exclusive: Dangerous Mailbox Phishing Surge

MuddyWater Exclusive: Dangerous Mailbox Phishing Surge

Think your inbox is safe? MuddyWater’s latest phishing wave shows how compromised mailboxes let attackers steal credentials and session tokens, impersonate colleagues, and turn a single click into long‑term espionage across organizations.

Analyst 207
JLR Hack: Stunning, Devastating £1.9bn Hit to UK

JLR Hack: Stunning, Devastating £1.9bn Hit to UK

Who knew the silence of a factory could cost billions? A cyber-attack on Jaguar Land Rover knocked production and deliveries about 25%—a blow analysts put at roughly £1.9bn—as disrupted IT systems rippled through factories, supply chains and dealer networks.

Analyst 207
Singapore Officials Impersonated in Exclusive Costly Scam

Singapore Officials Impersonated in Exclusive Costly Scam

Singapore officials impersonated in a sophisticated, costly scam—learn how it works and simple steps to protect yourself before you become a target.

Analyst 207
Singapore Officials Impersonated in Stunning, Damaging Scam

Singapore Officials Impersonated in Stunning, Damaging Scam

Think twice before trusting top search results: criminals are buying Google ads to surface near‑perfect clones of Singapore government sites and using AI-generated deepfakes of real officials to trick investors into wiring funds or handing over credentials.

Analyst 207
Email Bombs Expose Zendesk Flaw: Exclusive Critical Alert

Email Bombs Expose Zendesk Flaw: Exclusive Critical Alert

When attackers turned a customer-service tool into a weapon, thousands got threatening email bombs that appeared to come from trusted brands—exploiting Zendesks lax outbound authentication and showing how convenience can suddenly erode online trust.

Analyst 207
Email Bombs Reveal Stunning, Dangerous Zendesk Flaw

Email Bombs Reveal Stunning, Dangerous Zendesk Flaw

Imagine your inbox suddenly flooded with threatening messages from your bank, favorite store and utility — thats the reality of the recent email bombs attack, which abused Zendesk’s outbound mail to make malicious messages look legitimate. The episode exposes how convenient customer-service tools can be weaponized when email authentication is misconfigured, letting dangerous mail slip into primary inboxes.

Analyst 207
Patch Tuesday Exclusive: Critical End of 10 Update

Patch Tuesday Exclusive: Critical End of 10 Update

Microsofts October Patch Tuesday — which fixed 172 vulnerabilities and patched at least three flaws already being exploited — also sounded the retirement bell for free Windows 10 security updates. If youre still on Windows 10, the clock is ticking: patch, upgrade, or put mitigations in place before attackers reap the payoff.

Analyst 207
Patch Tuesday Exclusive: Critical End of 10 Alert

Patch Tuesday Exclusive: Critical End of 10 Alert

Patch Tuesday just dropped — don’t miss this critical End of 10 alert. Find out what you need to update now to keep your systems secure.

Analyst 207
DDoS Botnet Aisuru Sparks Severe, Stunning ISP Outages

DDoS Botnet Aisuru Sparks Severe, Stunning ISP Outages

Imagine fighting a storm when most of the clouds are over your own house — that’s the Aisuru DDoS. A near‑record 30 trillion bps flood from hijacked home IoT devices clustered on AT&T, Comcast and Verizon networks forced ISPs to choose between cutting off millions with blunt defenses or chasing slow, costly surgical fixes.

Analyst 207
Self-Replicating Worm Hits 180+ Packages: Exclusive Danger

Self-Replicating Worm Hits 180+ Packages: Exclusive Danger

A fast-spreading self-replicating worm has already infected 180+ packages—our exclusive breakdown reveals how it spreads, who’s at risk, and the quick steps you can take to protect your projects.

Analyst 207
Bulletproof Host Evades EU Sanctions: Exclusive Controversy

Bulletproof Host Evades EU Sanctions: Exclusive Controversy

EU sanctions couldnt stop a notorious bulletproof hosting provider—it reconstituted under new names and kept serving the same clients. Our exclusive reporting shows how shell companies, domain and IP migrations, and rapid rebrands preserved a hostile infrastructure, a wake-up call for regulators and defenders.

Analyst 207
18 Popular Code Packages Hacked: Stunning Crypto Theft Risk

18 Popular Code Packages Hacked: Stunning Crypto Theft Risk

Imagine one convincing phishing email letting attackers slip crypto‑stealing code into 18 popular JavaScript packages — collectively downloaded billions of times each week. The breach lays bare how fragile the software supply chain is: a single compromised maintainer can push malicious updates into countless projects and developer environments.

Analyst 207
Part Four of The Kryptos Sculpture: Exclusive Best Reveal

Part Four of The Kryptos Sculpture: Exclusive Best Reveal

Who owns the answer to Jim Sanborn’s famously unsolved Kryptos puzzle — the artist, the public, or the researchers who say they found the key in his Smithsonian papers? Two investigators claim archival notes and a copper proof plate now headed to auction reveal K4’s missing piece, but legal threats and a decision not to publish have turned the revelation into a tangled debate about provenance, access, and ethics.

Analyst 207
Part Four of The Kryptos Sculpture: Exclusive Best Evidence

Part Four of The Kryptos Sculpture: Exclusive Best Evidence

Who owns the answer to Kryptos’s long-unsolved fourth passage—the artist, the researchers who found it in Sanborn’s Smithsonian archives, or the private buyer poised to lock it away? Two teams say they recovered K4’s plaintext from Sanborn’s papers and proof plates now headed to auction, sparking legal threats and a tense standoff between discovery and public access.

Analyst 207