Dust Specter used randomly generated URI paths for command-and-control (C2) communication with checksum values appended to the URI paths to ensure that these requests originated from an actual infected system. The C2 server also utilized geofencing techniques and User-Agent verification.
This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
Coruna is powerful and sophisticated in both purpose and design. But it is not effective against the latest versions of iOS. The easiest defense is to ensure your iPhone is running iOS 17.3 or newer. In instances where an update is not possible, it is recommended that Lockdown Mode be enabled for enhanced security.
A malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. The shortcoming was addressed, along with CVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, a privilege escalation vulnerability that could result in administrative access.
A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. CISA added CVE-2026-22719 to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, instructing federal agencies to address it by March 24.
The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2. In all, a total of 149 hacktivist DDoS claims were recorded targeting 110 distinct organizations across 16 countries. The attacks were carried out by 12 different groups, including Keymous+, DieNet, and NoName057(16), which accounted for 74.6% of all activity.
Chainguard has rebuilt nearly one million unique versions of Java dependencies, including enterprise essentials such as Spring Boot, Jackson, Apache Commons, and Log4j, using the Chainguard Factory, an automated platform for creating software builds based on code originally found in open source software repositories.
Google security researchers released a report detailing Coruna as a highly sophisticated iPhone hacking toolkit that reportedly exploits multiple distinct vulnerabilities in iOS and includes several complete attack chains capable of bypassing iPhone security defenses. The toolkit can silently install malware when users simply visit compromised websites - no clicks, no downloads, no user interaction required.
LeakBase has been operating since 2021, the authorities said, and had a continuously maintained archive of hacked databases, including hundreds of millions of account credentials, credit card numbers, and banking account and routing information.
These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage. AWS said in an update on its online dashboard regarding the Iranian drone strikes on its Middle East facilities.
It launches a headless Chrome instance - a browser that operates without a visible window - inside a Docker container, loads the brand's real website, and acts as a reverse proxy between the target and the legitimate site. Recipients are served genuine page content directly through the attacker's infrastructure, ensuring the phishing page is never out of date.
AI is directly impacting blue team (defender) and red team (attacker) strategies, operations and tactics. Federal cybersecurity teams are increasingly relying on AI for anomaly detection, predictive threat intelligence and faster incident response. AI can flag suspicious behavior, such as access to sensitive systems from unusual locations, without depending on static rules.
