WTF! You can now run Kali Linux natively in Apple Containers on macOS.
Posted inCybersecurity News

WTF! You can now run Kali Linux natively in Apple Containers on macOS.

At WWDC 2025, Apple announced a groundbreaking new feature for macOS: the ability to run Kali Linux natively within Apple’s own container system. This enhancement, available beginning with macOS Sequoia 15.5 and slated for deeper integration in macOS Tahoe 26, marks a significant step forward for both developers and cybersecurity professionals seeking advanced Linux capabilities directly on their Mac devices.
Researchers uncover phishing campaign leveraging a multi-layer redirect technique to compromise Microsoft 365 login credentials.
Posted inCybersecurity News

Researchers uncover phishing campaign leveraging a multi-layer redirect technique to compromise Microsoft 365 login credentials.

Cybersecurity researchers have uncovered a sophisticated phishing campaign leveraging a multi-layer redirect technique to compromise Microsoft 365 login credentials. The attack stands out for its creative misuse of trusted redirection and link wrapping services, making detection and prevention significantly more challenging.
CISA issues two new Industrial Control System advisories.
Posted inCybersecurity News

CISA issues two new Industrial Control System advisories.

Cybersecurity and Infrastructure Security Agency (CISA) today announced the release of two new advisories pertaining to Industrial Control Systems (ICS). These updates are part of CISA’s ongoing initiative to strengthen the cybersecurity of critical infrastructure and help organizations stay informed about the latest threats and vulnerabilities targeting industrial environments.
Critical zero-day vulnerability in WordPress “Alone” theme is being actively exploited in the wild.
Posted inCybersecurity News

Critical zero-day vulnerability in WordPress “Alone” theme is being actively exploited in the wild.

A critical zero-day vulnerability (CVE-2025-5394) found in the widely used "Alone – Charity Multipurpose Non-profit WordPress Theme" is currently being actively exploited in the wild, putting thousands of WordPress sites at significant risk. This severe security flaw enables unauthenticated attackers to remotely upload arbitrary files and achieve full remote code execution (RCE), often resulting in complete site compromise.
Microsoft uncovers Russian cyberespionage campaign targeting foreign embassies in Moscow.
Posted inCybersecurity News

Microsoft uncovers Russian cyberespionage campaign targeting foreign embassies in Moscow.

Microsoft Threat Intelligence has revealed the existence of a sophisticated cyberespionage operation led by the Russian state-affiliated actor known as Secret Blizzard—also tracked under aliases including Turla, Waterbug, and Venomous Bear. This campaign specifically targets foreign embassies and diplomatic personnel within Moscow, leveraging advanced adversary-in-the-middle (AiTM) tactics at the Internet Service Provider (ISP) level to facilitate the deployment of their custom ApolloShadow malware.
CISA releases Sandia Lab’s Thorium malware analysis and digital forensics platform as open source.
Posted inCybersecurity News

CISA releases Sandia Lab’s Thorium malware analysis and digital forensics platform as open source.

The Cybersecurity and Infrastructure Security Agency (CISA) has recently taken a significant step forward in the fight against digital threats by open-sourcing the Thorium platform. Developed in collaboration with Sandia National Laboratories, Thorium is designed to automate and streamline the process of malware analysis and digital forensics, providing cybersecurity teams with a powerful, scalable solution for modern threat detection and response.