Cybersecurity Cybersecurity News

Intro guides, beginner explanations, best practices.

PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph is an open-source network investigation and threat hunting tool that transforms packet cap...

Open-Source Network Discovery & Topology Mapping

Open-Source Network Discovery & Topology Mapping

RedSide Security has open-sourced NETMAPPER, a network discovery and visualization tool designed to ...

 RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

When an incident unfolds and all you have left are Windows event logs, understanding attacker moveme...

Latest Posts

AI-Generated "Vibe-Coded" PowerShell Malware Used for Active Directory Reconnaissance

AI-Generated "Vibe-Coded" PowerShell Malware Used for Active Directory Reconnaissance

RedSide Security July 13, 2026 Cybersecurity 38 views

Researchers uncovered an AI-generated PowerShell script used to enumerate Active Directory environments during a real-world intrusion. The "vibe-coded" malware demonstrates how attackers are increasingly using AI to create custom reconnaissance tools that evade traditional signature-based detection while retaining the same underlying attack behaviors.

Continue reading: AI-Generated "Vibe-Coded" PowerShell Malware Used …
GuardFall Bypass Lets Attackers Evade AI Coding Agent Safety Checks Using Decades-Old Shell Tricks

GuardFall Bypass Lets Attackers Evade AI Coding Agent Safety Checks Using Decades-Old Shell Tricks

RedSide Security June 30, 2026 Cybersecurity 49 views

Researchers have disclosed GuardFall, a shell command bypass technique that defeats safety protections in 10 popular AI coding agents. The flaw allows malicious commands to evade text-based filters and execute with user privileges, potentially exposing credentials, source code, and cloud infrastructure.

Continue reading: GuardFall Bypass Lets Attackers Evade AI Coding Ag…
Critical SimpleHelp Flaw Actively Exploited to Deploy TaskWeaver Loader and Djinn Stealer

Critical SimpleHelp Flaw Actively Exploited to Deploy TaskWeaver Loader and Djinn Stealer

RedSide Security June 30, 2026 Cybersecurity 35 views

Threat actors are actively exploiting CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp RMM software, to deploy the TaskWeaver loader and Djinn Stealer. The malware targets cloud credentials, developer tools, AI platforms, cryptocurrency wallets, and enterprise infrastructure across Windows, macOS, and Linux systems.

Continue reading: Critical SimpleHelp Flaw Actively Exploited to Dep…
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

RedSide Security June 05, 2026 Cybersecurity 65 views

Security researchers have uncovered serious design flaws in the VECT 2.0 ransomware family that can leave victim files permanently damaged, even when a ransom is paid and a decryptor is provided. Analysis reveals multiple implementation errors, race conditions, and encryption logic flaws that can result in incomplete recovery and irreversible data loss.

Continue reading: VECT 2.0 Ransomware Can Damage Files Its Own Decry…
TeamPCP and BreachForums Launch $1,000 Contest to Drive Open-Source Supply Chain Attacks

TeamPCP and BreachForums Launch $1,000 Contest to Drive Open-Source Supply Chain Attacks

RedSide Security May 14, 2026 Cybersecurity 115 views

Cybercrime groups **TeamPCP** and **BreachForums** are reportedly running a coordinated contest offering a $1,000 Monero prize for supply chain attacks targeting open-source ecosystems. The competition incentivizes participants to compromise software packages and CI/CD pipelines using a malicious tool called “Shai-Hulud,” raising serious concerns about large-scale, crowdsourced software supply chain compromise.

Continue reading: TeamPCP and BreachForums Launch $1,000 Contest to …