soc

WormGPT: The Blueprint for Malicious AI The story of WormGPT is about what happens when a proof-of-concept becomes a brand and is one of the first examples of how AI is used in cyberattacks. Origins and the Original Version On June 28, 2023, a user on a popular hacking forum introduced WormGPT, marketing it as […]

OSINT Tools for Cybersecurity: A Practical Guide for Security Teams Attackers are already running open source intelligence operations against your organization. They are mapping your exposed infrastructure, harvesting employee credentials from breach databases, and identifying unpatched systems, all before writing a single line of exploit code. The question is whether your security team is doing […]

Bitwarden CLI Hijacked in npm Supply Chain Attack Linked to TeamPCP & Checkmarx Breach A malicious version of the Bitwarden CLI circulated on npm for roughly 90 minutes on April 22, 2026, silently stealing developer credentials, cloud secrets, and CI/CD tokens before exfiltrating them through encrypted channels. The attack is part of a broader wave […]

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability CVE-2024-57728 SimpleHelp Path Traversal Vulnerability CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: […]