We are thrilled to officially announce that VB2026 will take place in the vibrant city of Seville, Spain, from 30 September to 2 October 2026. 🇪🇸 More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us. Can't wait to see you there!

Zimperium zLabs identified a new ClayRat Android spyware variant. The latest version abuses Android’s accessibility services for keylogging and lockscreen bypass, screen recording, fake notifications and scripted button taps to block shutdown or removal. https://t.co/znP29gUFAT

Did someone order a change of scenery? You could be here by Friday.

Intel 471 reports new Android banking trojan FvncBot, targeting Polish users via a fake mBank security app. It abuses accessibility services for keylogging, employs web injects, screen streaming & HVNC, & has a new codebase not tied to leaked source codes. https://t.co/WbYHbzrdpq

We’ve joined @CISACyber & @cybercentre_ca to attribute the broad campaign using BRICKSTORM to China state-sponsored cyber actors. Review the report for guidance on how to detect BRICKSTORM backdoor activity and improve your cybersecurity posture against this targeting. 🔗

🔴 LIVE from inside #Lazarus APT's IT workers scheme. For weeks, @BirminghamCyber & @north_scan kept #hackers believing they controlled a US dev's laptop. In reality, it was our sandbox recording everything. See full story and videos ⬇️ https://t.co/gRb7GKIERQ

New Securonix Threat Research Advisory: JS#SMUGGLER. Our team identified a sophisticated multi-stage malware campaign that begins with an obfuscated JavaScript loader and ends with the silent installation of NetSupport RAT. 🔗 https://t.co/FseBpMOcMp

CrowdStrike has identified WARP PANDA, a China-nexus actor targeting vCenter and cloud environments with custom implants and long-term covert access. 🔗 Full analysis and recommendations: https://t.co/g06XzPlbS6

FortiGuard Labs observed UDPGangster, a UDP-based backdoor linked to MuddyWater. Recent campaigns use macro-enabled Word lures to target organisations in Turkey, Israel & Azerbaijan, with UDP for command execution, file exfiltration & payload delivery. https://t.co/Q7H8LKylLg

Splunk Threat Research Team analyses CastleRAT, a RAT first seen in March 2025 with Python and compiled C builds. It uses RC4 with a hard-coded key for C2, gathers host details, & can download further payloads and open a remote shell for attacker commands. https://t.co/xQuYSZesHb

Thinking of integrating AI into your operational technology environment? We’ve joined @CISACyber and others to publish guidance to help you safely and securely manage the associated risks and protect your environments. https://t.co/H0hu5vhUfn

In 2025, Tor faced some of the toughest censorship yet. Thanks to real-time monitoring, community feedback that helped us improve and deploy new tools, Tor kept people connected when it mattered most. Want to help? You can support our mission by running a Snowflake proxy or

🚨 CRITICAL RCE ALERT: React & Next.js Vulnerability ↓ Critical remote code execution (RCE) vulnerabilities have been published affecting the React 19 ecosystem and Next.js. These vulnerabilities (CVE-2025-55182 & CVE-2025-66478) reside in the React Server Components (RSC)

"Defense is doable… We have to be brilliant at the basics... It’s about doing really good access management, really good principle of least privilege, really good network architecture..." -- Matt Duncan, E-ISAC VP of Security Operations and Intelligence

🔴 🐭 𝗢𝗰𝘁𝗼𝗥𝗔𝗧: 𝗡𝗲𝘄𝗹𝘆 𝗦𝗼𝗹𝗱 𝗥𝗔𝗧 𝗦𝗵𝗼𝘄𝘀 𝗨𝗽 𝗶𝗻 𝗮 𝗠𝘂𝗹𝘁𝗶 𝗦𝘁𝗮𝗴𝗲 𝗔𝘁𝘁𝗮𝗰𝗸 𝗖𝗵𝗮𝗶𝗻 A malicious VSCode extension kicked off a multi-stage chain that delivered Anivia and OctoRAT. OctoRAT is a brand new RAT now circulating in underground

Browser-update-themed lures are fueling a surge in #ClickFix activity. We've seen 10K-plus hits on sites that lead to ClickFix pages pushing a variety of malware types through #pastejacking. Details at https://t.co/jLHXBHpx60

CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. https://t.co/G4yKt2uTW1 #V3G4 #Botnet #Cryptominer #ThreatIntelligence

SEQRITE APT-Team details a spear-phishing campaign against Russian HR, payroll and internal admin departments using bonus and policy-themed decoys. The chain relies on malicious LNK files, a new DUPERUNNER implant, and an AdaptixC2 Beacon for C2. https://t.co/HtwkP6uwuy

Amnesty Security Lab’s Intellexa Leaks investigation details the internal operations of the spyware vendor behind Predator. Leaked documents & materials show how its tools enable targeted surveillance of journalists, human rights defenders & civil society. https://t.co/6qEFGOK9A0

Trend Micro Research details a ValleyRAT campaign targeting job seekers via email, hiding behind a weaponized Foxit PDF Reader and using DLL side-loading for initial access. As a RAT, ValleyRAT enables remote control, monitoring and data theft. https://t.co/c12jyCzz55

On 10 December, a webinar hosted by the Cyber Threat Alliance will explore how adversaries & defenders are using AI, the challenges of securing AI systems, and what these trends mean for protecting our networks and critical infrastructure.

🚩 7-Zip RCE Vulnerability Exploited in the Wild https://t.co/xww051lZKn Security researchers are warning that a remote-code-execution flaw (CVE-2025-11001) in 7-Zip is now being actively exploited. The bug stems from incorrect processing of symbolic links inside ZIP