⚠️ Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

I acquired a Chrome extension for $5 and began redirecting the browsing traffic of existing users to whatever I wanted. While doing so, I caught an ownership transfer of an extension with 400,000 installs that folks should be aware of. secureannex.com/blog/buying-br…

Mimikatz with a valid signature from... McDonald's? When did McDelivery put mimikatz on their menu?! (Sample SHA1: 2E33DFC94B8B2AFFF1CA73AF9516F0D649DF0282)

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth

Everything is possible with Linux. You can download more ram by setting Google Drive as swap space

New Collab with our friends at Beazley Security: 👻 Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem 🔺 SentinelLABS and Beazley Security discovered and analyzed a rapidly evolving series of infostealer campaigns delivering the Python-based PXA Stealer. 🔺

A combination of phishing lures, a previously spotted infostealer and Telegram bots are fueling a campaign by apparent Vietnamese-speaking hackers to capture and sell sensitive data globally, researchers said therecord.media/pxa-infosteale…

4,000+ victims across 62 countries. Over 200,000 passwords, 4M+ cookies, and hundreds of credit cards exfiltrated. SentinelLabs and Beazley Security have discovered and analysed a rapidly evolving series of infostealer campaigns delivering the Python-based PXA Stealer. Why it

Be careful with the IOCs in this FBI Flash Alert, there are multiple Microsoft IPs in there and a Zscaler one. I can already predict this is going to cause some issues for some who aren't checking properly. ic3.gov/CSA/2025/25091…

My regular reminder whenever a vendor discloses a 0-day on an edge device: Patching it doesn’t fix the breach that already happened. If it was exposed for months, patching it is like changing the front door lock while the burglars are already in your living room.

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.