Rui Miguel Feio

China-linked espionage groups are deploying ASPX and ASHX web shells to maintain persistence and conduct covert operations against targeted networks. https://t.co/S8Dm3UL3yw

OpenAI’s new ChatGPT Lockdown Mode restricts tool access and interactions to reduce security risks, providing users with enhanced protection in high-risk scenarios. https://t.co/DjfG6b4aeM

The Pink Extortion campaign is targeting Microsoft 365 users with vishing scams to gain access to cloud accounts and steal sensitive organizational data. https://t.co/cMB7UMVq4F

The Reaper macOS infostealer is abusing Apple’s Script Editor to steal passwords, cryptocurrency wallets, and other sensitive data, highlighting the growing threat to macOS users. https://t.co/liOFFxV6BK

Attackers are increasingly weaponizing trusted tools and legitimate software to blend into normal operations, evade security controls, and carry out attacks with greater stealth. https://t.co/c8BXNAi7bA

Verizon’s 2026 DBIR confirms a growing trend of attackers “living in the browser,” exploiting web sessions and trusted browser activity to evade detection and steal data more effectively. https://t.co/tgfM2Z6xWI

CISA is warning that ATG fuel storage systems are being targeted in cyberattacks, raising concerns about the security of critical infrastructure and industrial control environments. https://t.co/CExzSFtdbF

A vulnerability in the Claude Code GitHub Action could allow a single malicious pull request to compromise CI/CD workflows, highlighting the growing security risks in AI-powered development tools. https://t.co/3DT3qi6vYN

The new IronWorm malware has infected 36 npm packages in a supply chain attack, exposing developers and organizations to malicious code through trusted software dependencies. https://t.co/hb4m5WXJyY

A flaw affecting Microsoft 365 on Android exposed authentication tokens, potentially allowing attackers to gain unauthorized access to user accounts and sensitive cloud resources. https://t.co/TWxgDcPFxL

Cisco has patched CVE-2026-20230 in Unified Communications Manager, addressing a critical vulnerability that could allow attackers to gain unauthorized access and compromise enterprise communications systems. https://t.co/F5OHrdv3qs

A credit card theft campaign is abusing Stripe infrastructure to store stolen payment data, demonstrating how legitimate platforms can be leveraged to support cybercriminal operations. https://t.co/QXXgYqHPcV

A compromise of the Hola Browser for Windows distribution channel led to the delivery of cryptomining malware, highlighting the ongoing risks posed by software supply chain attacks. https://t.co/K9xQQs0N4M

Dutch authorities have disrupted a massive malware botnet linked to 1.7 million infected devices, marking a major win against large-scale cybercrime infrastructure. https://t.co/QqW4oZvqi1

The DDoS-as-a-service market has evolved from small-scale attacks into massive botnet-powered platforms, making disruptive cyberattacks cheaper and more accessible than ever. https://t.co/SXZVZlZ8jP

Attackers are beginning to use LLM agents for post-exploitation activities, signaling a new phase where AI can autonomously assist cybercriminal operations after initial compromise. https://t.co/e0O6rK7JP2

The FBI is warning fans about fake FIFA websites being used in World Cup fraud schemes, tricking victims with counterfeit tickets, scams, and credential theft attempts. https://t.co/GTJ5MBsuu8

A data breach at Carnival has exposed the personal information of nearly 6 million customers, raising serious concerns over privacy and large-scale consumer data protection. https://t.co/Y35tHR1h52

The BTMOB Android malware service is enabling cybercriminals to generate custom phishing payloads, lowering the barrier for large-scale mobile credential theft campaigns. https://t.co/oFwqg83fZ1