Innovative Network, Inc

Blog

New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. “It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations…

Read More New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
Blog

Build a prevention-first defense: The Sophos Cybersecurity Toolkit

Explore the Cybersecurity toolkit and start building your prevention-first strategy today.

Read More Build a prevention-first defense: The Sophos Cybersecurity Toolkit
Blog

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof. When a new exploit drops, scanners…

Read More The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Blog

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s

Read More ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
Blog

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the…

Read More PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
Blog

Data Leak Outs Students of Iran’s MOIS Training Academy

A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.

Read More Data Leak Outs Students of Iran’s MOIS Training Academy
Blog

Malicious NPM Packages Disguised With ‘Invisible’ Dependencies

In the “PhantomRaven” campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.

Read More Malicious NPM Packages Disguised With ‘Invisible’ Dependencies
Blog

AI Search Tools Easily Fooled by Fake Content

New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.

Read More AI Search Tools Easily Fooled by Fake Content
Blog

Dentsu Subsidiary Breached, Employee Data Stolen

A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said.

Read More Dentsu Subsidiary Breached, Employee Data Stolen
Blog

Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data

Exploitation of CVE-2025-59287 began after public disclosure and the release of proof-of-concept code

Read More Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data