LIVE NEWSROOM · --:-- · May 14, 2026
A LIBRARY FOR SECURITY RESEARCHERS

Threat intel,
decoded &
skills sharpened.

Daily breach reporting, CVE deep-dives, and hands-on hacking tutorials — written by practitioners for the analysts, defenders, and learners who actually do the work.

Read today’s intel Start learning
279+ARTICLES PUBLISHED
DailyTHREAT UPDATES
2021TRUSTED SINCE
BREAKING

NEWS · May 12, 2026 · 7 MIN READ

YARA-X 1.16.0: Faster Scans, Panic Fixes, and Neovim LSP Support

YARA-X 1.16.0 ships with performance improvements across 10 PRs, constant folding for bitwise ops, configurable match context, and two panic-condition bugfixes.
EXPLORENews 148Blog 69THM Walkthrough 28Information Gathering 13Tools 11Scanning Network 6Programming 6Cryptography 4

Latest News

View all →

YARA-X 1.16.0: Faster Scans, Panic Fixes, and Neovim LSP Support

Medium·May 12, 2026·2.1k views·7 min readYARA-X 1.16.0 ships with performance improvements across 10 PRs, constant folding for bitwise ops, configurable match context, and two panic-condition bugfixes.

Instructure Removed from ShinyHunters' Leak Site as Canvas Breach Deadline Passes

High·May 12, 2026·2.7k views·8 min readInstructure was quietly removed from ShinyHunters' extortion site after the May 12, 2026 deadline — no data dump, no explanation, no ransom confirmation.

Costa Rica Joins Have I Been Pwned as the 42nd Government

Medium·May 12, 2026·2.0k views·7 min readCosta Rica's CSIRT gains free access to Have I Been Pwned's government domain monitoring service, becoming the 42nd nation in the global breach visibility program.

LummaC2 Infostealer Targets US Critical Infrastructure: CISA-FBI Advisory AA25-141B and DOJ Domain Seizures

Critical·May 12, 2026·4.8k views·8 min readCISA and FBI advisory AA25-141B details LummaC2 MaaS infostealer TTPs targeting critical infrastructure. DOJ seized 2,300 domains. Detection and mitigation guide.

MacSync Stealer: Hackers Abuse Google Ads and Claude.ai Chats to Push Mac Malware

High·May 12, 2026·2.4k views·9 min readRussian-speaking attackers combine Google Ads and Claude.ai shared chats in a ClickFix campaign deploying MacSync Stealer infostealer on macOS. Over 200 malicious ads active.

JDownloader Site Hacked, Installers Swapped with Python RAT Malware

High·May 11, 2026·3.6k views·8 min readJDownloader's website was hacked May 6–7, 2026, replacing Windows and Linux installers with a Python-based RAT. Users who downloaded during that window should reinstall their OS.

Operation HookedWing: 4-Year Phishing Campaign Hits 500+ Organizations Across Aviation, Energy, and Logistics

High·May 11, 2026·364 views·7 min readOperation HookedWing has stolen credentials from 500+ organizations in aviation, energy, logistics, and critical infrastructure by abusing GitHub Pages as phishing infrastructure since 2022.

Twelve Critical vm2 Node.js Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

Critical·May 11, 2026·3.1k views·9 min readA dozen CVEs in the vm2 Node.js sandbox library — including CVSS 10.0 flaws — allow sandbox escape and RCE. Update to vm2 3.11.2 now or migrate to isolated-vm.

Research Work

All guides →

Port Scanning Techniques: Nmap, Zenmap, and Scanning Through Firewalls

Medium·5.0k·17 min

Oracle Monthly Critical Security Patch Updates (CSPU) Guide: Runbook Changes and Verification Automation

Critical·3.0k·11 min

SHA-1 Algorithm Explained: How It Works, Step by Step

Medium·3.3k·15 min

VENOMOUS#HELPER RMM Detection: Stop SimpleHelp and ScreenConnect Backdoors

High·609·12 min

SCA Tool EOL Dependency CVE Blind Spot Detection: What Snyk and Dependabot Miss

Medium·3.6k·11 min

UAT-8302 China APT Malware Analysis: Shared Implants, IOCs, and Detection Rules

High·3.0k·16 min

PRC State-Sponsored Telecom Router Compromise Detection: CISA AA25-239a Breakdown

Medium·3.6k·15 min

North Korea Cryptocurrency Theft Tactics 2026: How DPRK Seized 76% of All Stolen Crypto

Medium·4.1k·12 min

Ruby Gem Supply Chain Attack Detection: CI Checklist for Sleeper Packages

Medium·3.5k·13 min

npm Supply Chain Attack Audit: Detect Mini Shai-Hulud in SAP, PyTorch Lightning, and Intercom Dependencies

Medium·1.9k·16 min

Trending This Week

  1. 01What is Information GatheringInformation Gathering·Dec 9·7 min
  2. 02Best Information Gathering ToolsInformation Gathering·Dec 13·12 min
  3. 03How to install knockpy on Linux for information gatheringTools·Dec 13·5 min

Popular Tags

Browse by topic · auto-updates daily
#network 32#ethical hacking 30#tool 26#linux 26#supply chain 26#thm walkthrough 24#patch 24#ip address 22#walkthrough 22#footprinting 20#Passive Information Gathering 19#credential theft 18#RCE 17#malware 15#data breach 15#information gathering 13#AI security 13#phishing 13#ransomware 12#critical infrastructure 11#network 32#ethical hacking 30#tool 26#linux 26#supply chain 26#thm walkthrough 24#patch 24#ip address 22#walkthrough 22#footprinting 20#Passive Information Gathering 19#credential theft 18#RCE 17#malware 15#data breach 15#information gathering 13#AI security 13#phishing 13#ransomware 12#critical infrastructure 11
#zero-day 11#CISA 10#ShinyHunters 9#threat intelligence 8#security news 8#ICS 7#nmap 7#extortion 7#Google 7#THM 7#infostealer 6#programming 6#OT security 6#backdoor 6#malware analysis 6#exploit 6#network security 6#supply chain attack 6#cyber security 5#Android 5#zero-day 11#CISA 10#ShinyHunters 9#threat intelligence 8#security news 8#ICS 7#nmap 7#extortion 7#Google 7#THM 7#infostealer 6#programming 6#OT security 6#backdoor 6#malware analysis 6#exploit 6#network security 6#supply chain attack 6#cyber security 5#Android 5
Scroll to Top