Mark of the Web bypass
A flaw in WinRAR versions prior to 7.11 allows attackers to bypass Windows' Mark of the Web (MotW) security checks using symlinks, enabling silent execution of malicious code. This vector, CVE-2025-31334, reflects a broader pattern of systemic failure in Microsoft’s layered security model.
AI cybersecurity
Google’s launch of Sec-Gemini v1 signals a push toward AI-dominated cybersecurity, but beneath the PR polish lies a deeper power grab cloaked in benevolence.
Akira ransomware
A security researcher reverse-engineered the Akira ransomware's encryption scheme by exploiting timestamp-based key generation and brute-forcing with GPU clusters. His $1,200 solution...
DarkWebDaily.Live
DarkWebDaily.Live has been listed as a darknet investigation resource by OSINTME, a trusted open-source intelligence platform maintained by cybersecurity professional Maciej Makowski.
Oracle
India's National Computer Emergency Response Team (NCERT) has issued a cyber alert regarding an alleged Oracle Cloud breach involving over six million federated login credentials. While Oracle denies the incident, dark web evidence and ongoing phishing attacks suggest otherwise.
Open Source
Thunderbird is quietly launching a suite of open-source services Thundermail, Appointment, Send, and Assist designed to replicate the integration of Gmail and Office365 without the surveillance or vendor lock-in.
VPN
A fifth of the most popular iOS VPN apps are quietly controlled by Chinese companies, including one blacklisted by the U.S. military. The deception runs deep, routed through shell firms and foreign registrations to obscure links to Beijing.
Cryptocurrency
Another day, another so-called "secure" blockchain project gets gutted. This time, it’s UPCX—a self-proclaimed financial service platform running on its own blockchain.
triada malware
Over 2,600 Android devices were infected by a preloaded version of the Triada malware in March 2025. The malware, embedded during manufacturing of counterfeit smartphones, grants full remote access, enabling crypto theft, social media hijacking, and botnet control.
GitHub quietly dropped a bomb: 39 million secrets were leaked on their platform in 2024 alone. API tokens, credentials, private keys exposed and weaponized in minutes by threat actors.
Despite institutional claims of disruption, darknet drug trade hit $2.4 billion in 2024. Messaging platforms like Telegram and WhatsApp are misrepresented.
India’s state machinery is targeting OSINT platforms for exposing the very data its agencies routinely mishandle. The crackdown aims not to protect citizens' data—but to criminalize decentralized intelligence gathering.
Chrome 135 and Firefox 137 shipped this week with patches for over 20 security flaws, including high-severity memory exploits that could enable remote code execution. Despite no public evidence of active exploitation, the nature of these bugs makes delayed updates a security risk.
OpenAI has quietly rolled out OpenAI Academy, an expansive educational platform designed to train users across industries in AI fundamentals, tools, and real-world implementation.
GrapheneOS replaced its outdated European infrastructure with a high-performance 25Gbps server sponsored by Macarne. This move directly addresses overloaded bandwidth during major Android updates and positions the project for aggressive user growth.
Visa’s latest Stay Secure study paints a revealing picture: Nigeria is racing ahead in digital payment adoption, but cyber fraud is close behind. The data shows rising consumer trust, but the threat of phishing, scams, and data breaches remains alarmingly real.
If you’re into OSINT, bug bounty hunting, or just enjoy digging through the internet’s forgotten corners, OneDorkForAll is a GitHub repo you’ll want to bookmark.
Tor Browser 14.0.9 didn’t launch with bells and whistles—but it patched key security and privacy issues under the hood. Here's a clear, no-fluff breakdown of what got fixed, why it matters, and how it affects you.
Google's new Gmail encryption sounds like a win for privacy—until you look closer. It's only for paying enterprise users, because regular users aren't customers. They're data.
France’s competition watchdog has fined Apple €150 million for the way it rolled out its App Tracking Transparency feature—arguing the privacy update unfairly crushed competition.
Federal authorities seized over $8.2 million in stolen USDT linked to a pig butchering scam that preyed on romance-seeking victims across the U.S. But this wasn’t just about financial fraud—it exposed a global network tied to human trafficking and Chinese organized crime.
