WTF! You can now run Kali Linux natively in Apple Containers on macOS.
Posted inCybersecurity News

WTF! You can now run Kali Linux natively in Apple Containers on macOS.

At WWDC 2025, Apple announced a groundbreaking new feature for macOS: the ability to run Kali Linux natively within Apple’s own container system. This enhancement, available beginning with macOS Sequoia 15.5 and slated for deeper integration in macOS Tahoe 26, marks a significant step forward for both developers and cybersecurity professionals seeking advanced Linux capabilities directly on their Mac devices.
Researchers uncover phishing campaign leveraging a multi-layer redirect technique to compromise Microsoft 365 login credentials.
Posted inCybersecurity News

Researchers uncover phishing campaign leveraging a multi-layer redirect technique to compromise Microsoft 365 login credentials.

Cybersecurity researchers have uncovered a sophisticated phishing campaign leveraging a multi-layer redirect technique to compromise Microsoft 365 login credentials. The attack stands out for its creative misuse of trusted redirection and link wrapping services, making detection and prevention significantly more challenging.
CISA issues two new Industrial Control System advisories.
Posted inCybersecurity News

CISA issues two new Industrial Control System advisories.

Cybersecurity and Infrastructure Security Agency (CISA) today announced the release of two new advisories pertaining to Industrial Control Systems (ICS). These updates are part of CISA’s ongoing initiative to strengthen the cybersecurity of critical infrastructure and help organizations stay informed about the latest threats and vulnerabilities targeting industrial environments.
Critical zero-day vulnerability in WordPress “Alone” theme is being actively exploited in the wild.
Posted inCybersecurity News

Critical zero-day vulnerability in WordPress “Alone” theme is being actively exploited in the wild.

A critical zero-day vulnerability (CVE-2025-5394) found in the widely used "Alone – Charity Multipurpose Non-profit WordPress Theme" is currently being actively exploited in the wild, putting thousands of WordPress sites at significant risk. This severe security flaw enables unauthenticated attackers to remotely upload arbitrary files and achieve full remote code execution (RCE), often resulting in complete site compromise.
Microsoft uncovers Russian cyberespionage campaign targeting foreign embassies in Moscow.
Posted inCybersecurity News

Microsoft uncovers Russian cyberespionage campaign targeting foreign embassies in Moscow.

Microsoft Threat Intelligence has revealed the existence of a sophisticated cyberespionage operation led by the Russian state-affiliated actor known as Secret Blizzardβ€”also tracked under aliases including Turla, Waterbug, and Venomous Bear. This campaign specifically targets foreign embassies and diplomatic personnel within Moscow, leveraging advanced adversary-in-the-middle (AiTM) tactics at the Internet Service Provider (ISP) level to facilitate the deployment of their custom ApolloShadow malware.
CISA releases Sandia Lab’s Thorium malware analysis and digital forensics platform as open source.
Posted inCybersecurity News

CISA releases Sandia Lab’s Thorium malware analysis and digital forensics platform as open source.

The Cybersecurity and Infrastructure Security Agency (CISA) has recently taken a significant step forward in the fight against digital threats by open-sourcing the Thorium platform. Developed in collaboration with Sandia National Laboratories, Thorium is designed to automate and streamline the process of malware analysis and digital forensics, providing cybersecurity teams with a powerful, scalable solution for modern threat detection and response.
INC Ransomware claims massive data theft of 1.2 TB of sensitive data from Dollar Tree.
Posted inCybersecurity News

INC Ransomware claims massive data theft of 1.2 TB of sensitive data from Dollar Tree.

Dollar Tree, a leading discount retail chain with thousands of locations across North America, has reportedly fallen victim to a significant ransomware attack orchestrated by the cybercrime group known as INC Ransomware. The group claims to have exfiltrated approximately 1.2 terabytes of highly sensitive company and employee data, and is now threatening to publish the information if its ransom demands are not met.
The Scarlet Letter “V” – Google to begin publicly reporting the discovery of new vulnerabilities within 1 week of notifying the vendor.
Posted inCybersecurity News

The Scarlet Letter “V” – Google to begin publicly reporting the discovery of new vulnerabilities within 1 week of notifying the vendor.

Google’s Project Zero team has announced a new policy, effective July 29, 2025, to increase transparency around software vulnerabilities. Under this trial policy, Project Zero will publicly report the discovery of a new vulnerability within one week of notifying the affected vendor or project.
Agentic AI is coming for your children.. so OWASP issues security guidance for Agentic AI applications.
Posted inCybersecurity News

Agentic AI is coming for your children.. so OWASP issues security guidance for Agentic AI applications.

The Open Web Application Security Project (OWASP) has announced the publication of its Securing Agentic Applications Guide v1.0, a comprehensive, open-source framework designed to address the unique security challenges posed by agentic AI systems. Released on July 28, 2025, this guidance arrives in response to the rapid adoption of autonomous AI agents in business, critical infrastructure, and digital operations.