Honest cybersecurity. No empty marketing.
Practical guides, analysis and case studies on WordPress and WooCommerce security, AI applied to defense, and real incidents. Written for business owners who want to understand, not just buy.
También disponible en españolLinux KVM Shadow-MMU Bug Proves Virtual Machine Escape Is Still a Real, Cross-Vendor Threat
A use-after-free vulnerability hiding in the Linux KVM hypervisor for over a decade can let a malicious guest virtual machine crash the host — and researchers warn the same primitive could be weapo…
The Banality of the Breach: Why "Boring" Vulnerabilities Are This Week’s Real Threat
A streaming box, a username field, a demo repository, and a browser permission prompt. These are not exotic zero-days; they are the mundane, overlooked elements of our digital infrastructure. Accor…
PolinRider Campaign Highlights the Supply Chain Risk of Compromised Maintainer Accounts
A single compromised developer account can now poison the well for thousands of downstream users, as demonstrated by the latest wave of malicious packages from North Korean threat actors. The Polin…
FatFs Library Bugs Put Millions of Embedded Devices at Risk: What Security Teams Need to Know
A new disclosure reveals seven unpatched vulnerabilities in a tiny filesystem library that runs inside everything from security cameras and drones to industrial controllers and crypto wallets. For…
Bad Epoll Linux Kernel Flaw Puts Servers, Desktops, and Android at Risk of Full Root Compromise
A newly disclosed vulnerability in the Linux kernel’s epoll subsystem—dubbed Bad Epoll—gives any unprivileged user the keys to the entire system, handing them root access without authentication or…
When Open Source Tooling Becomes a Backdoor: North Korean npm Packages Target Developer Supply Chains
Malicious actors linked to North Korea have seeded two fake npm packages that impersonate the Rollup polyfill ecosystem, aiming to poison the software supply chain at its most trusted point—the dev…
Pegasus Spyware Infected a European Parliament Investigator—Here’s What That Means for National Security
When the very people tasked with investigating spyware become its targets, the system meant to hold surveillance accountable reveals a critical flaw. A new forensic analysis shows that a Member of…
Google Cuts Down NetNut: The Residential Proxy Giant That Turned Two Million Home Routers Into a Paid Relay Army
If your home router suddenly starts serving traffic to a stranger in another country without your knowledge, you are no longer just a user — you are part of a commercial relay network. Google’s Thr…
Anubis Ransomware’s Playbook: Citrix Bleed 2, BYOVD, and the Abuse of Trusted Tools
Ransomware groups are no longer just breaking in through unpatched software; they are weaponizing legitimate management tools and stolen supply-chain credentials to move laterally once inside. A re…
AI Agent Automates the Full Ransomware Kill Chain – First Confirmed End-to-End Attack
For years, the cybersecurity industry has warned that artificial intelligence would eventually weaponize itself end-to-end, from initial access to data destruction. That theoretical warning just be…
Scattered Spider Extradition Puts a Face on the Human Risk Behind Social Engineering Attacks
A 19-year-old alleged member of the infamous Scattered Spider hacking group has been extradited from Finland to face federal charges in the United States. This case, reported by The Hacker News, se…
Spoofed Software Sites Weaponize ScreenConnect in Large-Scale AsyncRAT Campaign
A campaign that abuses a legitimate remote-access tool to drop a surveillance-capable trojan shows that threat actors are increasingly turning trusted software into their delivery mechanism. This a…
Blog-Based Attack Chain Delivers PureLogs Stealer: How Attackers Weaponize Free Hosting
Cybercriminals are leveraging a free, legitimate blogging platform to host the initial stage of a malware chain, using trusted infrastructure to bypass security tools that rely on domain reputation…
Microsoft’s 2029 Quantum Deadline: Why Your Encryption Clock Just Got Louder
Quantum computing is moving from theoretical risk to operational timeline, and Microsoft just cut the cushion. If your organization is still betting on current public-key cryptography for the next…
ClickFix Malware Campaigns Get a Backend: API-Driven Evasion and What It Means for Defenders
Social engineering is getting a dangerous upgrade. The ClickFix trick, which tricks users into manually pasting malicious commands, is no longer just a clever script — it now has a full API-driven…
Over 280 iOS AI Apps Leak API Keys in Plain Sight — Network Traffic Study Shows the Problem Is Widespread
A new traffic analysis of 444 AI chatbot apps for iPhone reveals that nearly two-thirds of them ship with API keys or backend access tokens exposed in plaintext. The result: anyone who can monitor…
SimpleHelp CVE-2026-48558 Under Active Exploitation: TaskWeaver and Djinn Stealer Signal a New Attack Paradigm
A maximum-severity authentication bypass in SimpleHelp remote-access software is being weaponized in the wild to plant two previously unknown malware families, TaskWeaver and Djinn Stealer. This is…
Oracle E-Business Suite Zero-Day Under Active Attack – What the CVE-2026-46817 Exploitation Means for Enterprises
A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild, and if your organization runs Oracle Payments, you are directly in the crosshairs. This is not a the…
WhatsApp Usernames Roll Out: A Privacy Win That Requires a Wider Security Posture
After years of speculation, WhatsApp has officially begun global username reservations, allowing users to connect without sharing their phone number. For over three billion users, this optional fea…
Perplexity Pretender Chrome Malware: The Sideloaded Search Hijacker No One Noticed
A malicious browser extension that posed as the legitimate AI search tool Perplexity managed to log every search query and every keystroke typed into the Chrome address bar before anyone at Google…
Stego Image Malware in Browser Extensions: Why Microsoft’s 119-Extension Takedown Demands a New Defense Mindset
Microsoft just removed 119 malicious Edge extensions that hid their payloads in steganographic image and font files, then activated days later to steal credentials and run ad fraud. This is not a t…
Critical libssh2 Flaw Puts SSH Clients at Risk: What You Need to Know About CVE-2026-55200
A public proof-of-concept exploit has emerged for a critical vulnerability in libssh2, the client-side SSH library used by thousands of applications and operating systems. This flaw flips the typic…
Russian Intelligence Targeted Ukrainian and US Officials in SMS Credential-Theft Campaign, SSU and FBI Reveal
A joint operation between Ukraine’s Security Service and the FBI has exposed a years-long Russian intelligence campaign that used fake SMS messages to steal messaging-app credentials from governmen…
Hijacked npm and Go Packages Weaponise VS Code Tasks Against Developers
The software supply chain has a new attack vector that exploits a developer tool itself. A recent campaign hijacked legitimate npm and Go open-source packages to deploy a Python infostealer using t…
Signal Backup Recovery Key Phish: Why a Single Leaked Secret Hands Over Your Full Chat History
A phishing campaign that already targeted Signal users has evolved into a more dangerous variant. If an attacker captures your Backup Recovery Key even once, they can silently restore your entire m…
StrikeShark Campaign Weaponizes New SharkLoader Malware to Deploy Cobalt Strike Against Asian Government Targets
A previously undocumented malware family called SharkLoader has been spotted in the wild, acting as a delivery mechanism for the infamous Cobalt Strike Beacon — a tool of choice for advanced persis…
Linux Kernel’s “pedit COW” Flaw Cracks Open Root Access via Memory Poisoning — What the Industry Missed
A public exploit for a Linux kernel flaw hit the streets less than 24 hours after the CVE was assigned — and teams that don’t test for local privilege escalation in the memory subsystem are now sta…
TinyRCT Backdoor Reveals the New Bar for Targeted APT Implants in Southeast Asia
A Chinese-speaking advanced persistent threat (APT) actor is deploying a custom, low-footprint backdoor called TinyRCT against government and energy targets in Southeast Asia, signaling a shift tow…
Amazon Q Developer Flaw Shows Why AI Coding Assistants Are a New Supply-Chain Risk
A high-severity flaw in Amazon’s AI coding assistant gave malicious repositories a direct path to steal developer credentials and execute arbitrary commands. The fix is out, but the attack class—ab…
Chrome’s Adblock for YouTube Carried a Dormant Script Bomb—10 Million Users Were the Unwitting Payload
A popular Chrome extension with more than ten million installs contained the technical plumbing to inject arbitrary JavaScript into any page, silently and on demand. The capability was dormant—but…
Mistic Backdoor Campaign Shows Initial Access Brokers Are Evolving Their Payload Stealth
A fresh backdoor dubbed Mistic is making its way into organizations across multiple sectors, and its operational ties to an initial access broker suggest the access-for-sale economy is investing in…
Cisco Catalyst SD-WAN Zero-Day Exploited in the Wild for Root-Level Access — What Defenders Need to Know
A high-severity zero-day in Cisco Catalyst SD-WAN was quietly exploited by an unknown threat actor for at least two months before the vendor had a chance to patch it. This is a stark reminder that…
Europol-Led Takedown of Amadey and StealC Shines a Light on the Credential Supply Chain
A coordinated international sweep has pulled the plug on the criminal infrastructure behind the Amadey botnet and the StealC information stealer, recovering roughly 27 million stolen credentials. T…
The Cordyceps CI/CD Flaw: A New Supply-Chain Attack Vector for the Open-Source Ecosystem
The open-source supply chain is only as secure as the weakest build pipeline. A newly identified class of CI/CD vulnerabilities, dubbed Cordyceps, demonstrates how poor workflow hygiene can turn a…
The End of Human-Speed Threats: Why Agentic AI Adversaries Break Your Patch Cycle
For years, defenders could rely on a predictable rhythm: a vulnerability is disclosed, a patch is released, and a window of days or weeks exists to deploy a fix. According to a recent analysis by T…
DoJ Seizure of Huione Cloud Account Exposes the Infrastructure Behind Cyber Scam Money Laundering
Law enforcement has struck at the digital backbone of a billion-dollar scam-for-launder ecosystem, seizing the cloud accounts that enabled transnational criminal syndicates to move illicit proceeds…
FortiBleed Campaign Exploits FortiGate Exposure to Harvest 110 Million Credentials
A financially motivated Russian-speaking broker is systematically raiding exposed FortiGate firewalls, snatching credentials from over 430,000 devices worldwide. The operation, dubbed FortiBleed, h…
Fake AI Agent Skill Slips Past Every Security Scanner, Raises Alarms for Marketplace Trust
A security research team demonstrated that a deliberately malicious AI agent skill could breeze through every automated security scanner on the market and still end up on roughly 26,000 agents, inc…
This Week’s Threat Roundup: Why The “Same Old” Attack Patterns Keep Winning
Another week, another threat list that security teams will recognize from last year, the year before, and likely next year. The Hacker News’ latest roundup reveals a stubborn reality: attackers are…
INTERPOL Report Warns Asia-Pacific Cybercrime Surge Driven by AI and Phishing
A new INTERPOL assessment confirms what many security teams have suspected: the Asia-Pacific region is experiencing a “dramatic increase” in cybercrime, and attackers are weaponizing the very digit…
Gravity SMTP Plugin Flaw Shows Why API Key Exposure Remains a Top WordPress Risk
A recently patched information disclosure vulnerability in the popular Gravity SMTP WordPress plugin is now being actively exploited in the wild, giving unauthenticated attackers a direct line to s…
The Unpatchable Silicon Nightmare: Why Apple’s A12/A13 SecureROM Flaw Demands a Defense-in-Depth Rethink
A SecureROM exploit that lives in read-only memory—literally burned into the processor during chip fabrication—has been released to the public, and no software update will ever kill it. For the mil…
AutoJack Attack Shows Why AI Browsing Agents Need a Zero-Trust Safety Net
A newly documented attack vector, christened AutoJack, demonstrates that the same autonomous browsing agents meant to save us time can be weaponized to hijack a machine without a single credential.…
Operation Endgame Strikes at SocGholish: 15,000 WordPress Sites Cleaned in a Cross-Border Takedown
When law enforcement agencies from four nations coordinate to scrub nearly 15,000 compromised WordPress installs in a single operation, the message is clear: the era of silent, parasitic malware ne…
Shadow AI’s Next Phase: Why Access Control, Not Data Leakage, Is the Real Enterprise Risk
The first wave of enterprise anxiety over shadow AI was simple—employees pasting sensitive data into public chatbots. That era is already over, and the threat landscape has shifted under our feet.…
The Ghost in the Machine: Why Orphaned AI Agents Are Your Next Identity Crisis
Your network is running on autopilot—and the pilot just quit. The Hacker News reports that enterprises are discovering a dangerous new class of shadow IT: autonomous AI agents that keep operating e…
Fake Reviews and AI Narrators Fuel a Crypto Clipper Campaign That Exploits Trusted Platforms
A sophisticated threat actor is now weaponizing the very tools of online trust—legitimate news site ads, fake product reviews, and even VirusTotal comments—to distribute cryptocurrency-stealing mal…
RoguePlanet Zero-Day in Microsoft Defender: Why a Privilege Escalation in an AV Engine Demands a Realistic Defense Strategy
When the very tool you trust to protect your endpoints becomes the vector for an attack, the security model needs a hard reassessment. Microsoft’s confirmation of a Defender zero-day—codenamed Rogu…
The Danger of Temporary Passwords in Employee Onboarding
A recent report by The Hacker News highlights the risks associated with temporary passwords used during employee onboarding, which can lead to unnecessary security risks if not properly managed. Th…
US Government Orders Anthropic to Halt AI Model Access for Foreign Nationals: What It Means for Infrastructure Security
When a sovereign government orders an AI company to abruptly disable its most advanced models for foreign nationals—whether they are inside or outside the country—the cybersecurity community must s…
Google Takes Action Against Chinese Smishing Network Using AI for Phishing
A recent lawsuit by Google against a Chinese cybercrime network has shed light on the evolving threat landscape of phishing attacks, which are now leveraging artificial intelligence (AI) to target…
China-Nexus Velvet Ant Hid Inside Linux Login for Nearly a Decade — What That Means for Your Apps
For close to ten years, a threat actor with ties to China was not hiding in the shadows of your typical server logs; it was hiding in the login software itself. If the very mechanism that decides w…
Interpol’s “Operation Ramz” Takedown of Sniper Dz Exposes the Enduring Threat of Phishing-as-a-Service
For a decade, one platform quietly powered credential theft across the Middle East and North Africa — until a coordinated global police action finally pulled the plug. The takedown of Sniper Dz and…
Takedown of AudiA6 Crypto-Loundering Service Strikes at the Economic Engine of Ransomware
When law enforcement disrupts a financial pipeline that has moved over $380 million in illicit funds, the ripple effect is felt across the entire cybercriminal supply chain. The dismantling of Audi…
Europol Sinks AudiA6: What the Takedown of a €336 Million Crypto Laundry Service Means for Ransomware Defense
When a key financial pipeline for ransomware gangs gets shut down, it sends a shockwave through the entire cybercrime supply chain. The takedown of AudiA6 is not just a seizure of servers; it is a…
When Crime Runs Like SaaS: The Leaked Supply-Chain Kit, AI Credential Theft, and Why “Polished” Attacks Are Harder to Stop
It’s one thing to deal with a script kiddie; it’s another to face a criminal operation that ships attack kits via public repos, rents out browser-cloning RATs at a predictable monthly fee, and turn…
Why Invisible Cybersecurity Wins Actually Matter More Than Crisis Headlines
The best cybersecurity work is invisible because it prevents something from ever happening. This week, The Hacker News reported the winners of the 2026 Cybersecurity Stars Awards across 95 categori…
The Gentlemen Ransomware: When Affiliates Turned Operators and a Worm-Like Spread Engine Changed the Threat Model
The ransomware ecosystem is undergoing a dangerous evolution: seasoned affiliates are breaking away from established RaaS brands to launch their own operations, armed with professional tools and th…
The Commoditization of Cybercrime: When Attack Kits, AI-Agent Credential Theft, and Mule Networks Operate Like SaaS
Cyber attacks used to be noisy; now they are polished. This week’s threat landscape reveals a disturbing plateau: a supply-chain attack kit openly hosted in a public repository, a $5,000-a-month Re…
Tu sitio merece un guardián que nunca duerme.
Mientras leés esto, hay bots escaneando sitios WordPress buscando vulnerabilidades. Drako está listo para defender el tuyo.
7 días de garantía · Cancelá cuando quieras · Soporte WhatsApp