Aggregator

A new Malware-as-a-Service (MaaS) credential stealer named Torg Grabber has surfaced, showing remarkable development pace over just three months. Starting with simple Telegram-based data exfiltration, it matured into a fully encrypted REST API command-and-control (C2) infrastructure. With 334 samples compiled in that short period and more than 40 confirmed operator tags found in the binaries, […]

The post New Torg Grabber Stealer Moves From Telegram Exfiltration to Encrypted REST API C2 appeared first on Cyber Security News.

Washington has resolved to adopt a proactive posture in the relentless crusade against cyber warfare and the nascent

The post The Bureau of Emerging Threats: Inside Washington’s New High-Tech Shield Against AI and Orbital Warfare appeared first on Penetration Testing Tools.

Yet another devastating supply chain bombardment has struck at the heart of ubiquitous developmental instruments. On this occasion,

The post Security Subverted: How TeamPCP Poisoned Checkmarx KICS to Harvest Cloud Secrets appeared first on Penetration Testing Tools.

AI的超级入口固然重要，人与Agent的协作平台或许也不错

是时候让上下文管理也Agentic起来了

It’s time for context management to become Agentic.

我想“时间过得既快又慢”就是今年的最佳总结了

AI是个好东西

The cybercriminal syndicate known as Silver Fox astutely cloaks its bombardments beneath the guise of tax audits, relentlessly

The post The Taxman’s Shadow: How Silver Fox Weaponized Tax Audits to Hijack Networks Across Asia appeared first on Penetration Testing Tools.

兔子洞系列：生僻字

错误的CORS配置导致任意命令执行

已在v1.0.34版本中修复

https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c

Kali Linux 2026.1 has arrived, bearing not merely a novel array of software packages, but an unexpected, nostalgic

The post Ghosts in the Shell: Kali Linux 2026.1 Resurrects the Legendary BackTrack 5 for its 20th Anniversary appeared first on Penetration Testing Tools.

Hambardzum Minasyan, an Armenian man extradited to the United States, is accused of conspiring with others to develop and operate the RedLine infostealer malware used to steal sensitive data, including login credentials, from victims’ computers. Minasyan is charged with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act, and conspiracy to commit money laundering. If convicted, he faces up to 10 years in prison on the access device fraud … More →

The post Second RedLine infostealer operator ends up in US custody appeared first on Help Net Security.