Threat Analyst
Artem specializes in analyzing large-scale data breaches and social engineering methods. He believes that the primary vulnerability in any system isn't code-it's human behavior. In his articles, he deconstructs complex cybercriminal schemes and transforms them into actionable security guidelines.
Open a project folder in VS Code, click "Trust," and North Korean malware executes instantly. Sophos documents how NICKEL ALLEY weaponised tasks.json to target crypto and Web3 developers through fake …
Read more →
Twenty-one Apple CVEs across every platform in active support, including two macOS sandbox escapes and a Stolen Device Protection bypass. Cisco's semiannual IOS XE bundle adds three unauthenticated DoS flaws. …
Read more →
Third memory overread in NetScaler in three years. CVE-2026-3055 (CVSS 9.3) leaks session tokens from appliances configured as SAML IDP. The two predecessors, CitrixBleed and CitrixBleed2, both led to ransomware. …
Read more →
Stolen Trivy credentials gave TeamPCP a PyPI publishing token for LiteLLM, the most popular LLM proxy in Python. Malicious versions ran on every Python process, not just LiteLLM imports, exfiltrating …
Read more →
Eight memory safety bugs in one Chrome update. Three hit the GPU stack, one targets the authentication API. A pseudonymous researcher filed two GPU-adjacent flaws in four days. This is …
Read more →
Forty-two CVEs in a single Firefox release. Six are sandbox escapes. Six were found by researchers using Anthropic's Claude. Chrome patched 8 more the same day. Both browsers closed attack …
Read more →
A Russian access broker sold corporate network credentials for $1,000. His Yanluowang buyers demanded millions. Separately, a DigitalMint negotiator ran BlackCat attacks against his own clients, extracting $75 million. Both …
Read more →
Oracle's emergency patch fixes a CVSS 9.8 pre-auth RCE in Identity Manager. PTC Windchill carries a CVSS 10.0 zero-day with webshell IOCs but no patch. Langflow AI pipelines were exploited …
Read more →
A 24-day supply chain campaign hit Aqua Security's Trivy scanner, 75 GitHub Actions tags, and 66+ npm packages. TeamPCP stole CI/CD secrets from 10,000+ workflows using memory scraping and spawned …
Read more →
Four MOIS domains seized, replacement site launched within hours. Handala Hack wiped 80,000 Stryker devices through Microsoft Intune without deploying malware, sent $250,000 bounty threats to dissidents, and doxxed 190 …
Read more →
A weekend batch of 198 CVEs includes a BACnet plaintext flaw (CVSS 9.1) exposing building automation to traffic interception. WordPress gets hit with five privilege escalation bugs, cookie-based SQL injection …
Read more →
Four IoT botnets that launched 316,000+ DDoS attacks and hit a record 31.4 Tbps are down. The DOJ-led takedown targeted Aisuru, KimWolf, JackSkid, and Mossad, which had compromised 3+ million …
Read more →