#git

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for

The NCSC warns that prompt injection is unlikely to be mitigated in the same way SQL injection was. How do they compare?

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds.

The core problem persists: anyone can still buy a 'verified' checkmark from X, so don't take their authenticity for granted.

Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs.

Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks.

Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade, which is also

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take

### Summary A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the `block_hash` field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves `BlockHash` as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably `VerifyVoteExtension`, and also proposal-time vote verification), causing a runtime panic. ### Impact Intermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block. ### Finder Vulnerability discovered by: - @GrumpyLaurie55348

### Summary A potential vulnerability exists in ZITADEL's logout endpoint in login V2. This endpoint accepts serval parameters including a `post_logout_redirect`. When this parameter is specified, users will be redirected to the site that is provided via this parameter. ZITADEL's login UI did not ensure that this parameter contained an allowed value and even executed passed scripts. ### Impact Zitadel is vulnerable to a DOM-Based XSS vulnerability. More specifically, the /logout endpoint insecurely routed to value that is supplied in the post_logout_redirect GET parameter. As a result, malicious JS code could be executed on Zitadel users’ browsers, in the Zitadel V2 Login domain. An unauthenticated remote attacker can exploit this DOM-based XSS vulnerability, and thus, execute malicious JavaScript code on behalf of Zitadel users. By doing so, such an attacker could reset the password of their victims, and take over their accounts. Note that for this to work, multiple user sessions...