Adnan Siddiqui

Author at AgentSOC

Published Posts

20 posts

CryptocurrencyJan 21, 2026

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Cryptocurrency / Artificial Intelligence A Telegram-hosted “guarantee” marketplace that has been a central hub for a wide spectrum…

CybersecurityJan 21, 2026

Why Secrets in JavaScript Bundles Are Still Being Missed

Leaked API keys are now a routine incident type for SOC teams, and so are the downstream breaches…

VulnerabilityJan 21, 2026

Cloudflare Fixes ACME Validation Flaw That Could Bypass WAF to Origin Servers

Cloudflare has fixed a security issue in its Automatic Certificate Management Environment (ACME) validation logic that allowed security…

CybersecurityJan 21, 2026

Evelyn Stealer Malware Abuses VS Code Extensions to Harvest Developer Credentials and Crypto

Security researchers have detailed an intrusion campaign aimed at software engineering environments, using a new information-stealing malware dubbed…

Enterprise SecurityJan 21, 2026

The Hidden Risk of Orphaned Accounts

The Problem: The Identities Left Behind As environments scale and change, people, vendors, workloads, and systems rotate constantly…

CybersecurityJan 21, 2026

LinkedIn Messages Used to Deliver RAT Malware via DLL Sideloading

Cybersecurity researchers have uncovered a phishing operation that abuses private messaging on social platforms to deliver malicious binaries,…

Open SourceJan 21, 2026

CERT/CC Warns binary-parser Vulnerability Could Allow Node.js Arbitrary JavaScript Code Execution

A vulnerability has been identified in the widely used binary-parser npm library that, if abused, can lead to…

CybersecurityJan 21, 2026

LastPass Warns of Phishing Messages Mimicking Maintenance Notices to Steal Master Passwords

LastPass is notifying customers about an active phishing campaign masquerading as the password manager, attempting to harvest users’…

Artificial IntelligenceJan 20, 2026

Three Vulnerabilities in Anthropic MCP Git Server Expose Arbitrary File Access, Deletion, and Code Execution

A trio of security issues has been identified in mcp-server-git, the official Git Model Context Protocol (MCP) server…

CybersecurityJan 20, 2026

North Korea-Linked Actors Target Developers Using Malicious Visual Studio Code Projects

The North Korean threat actors behind the long-running Contagious Interview campaign have now been seen abusing malicious Microsoft…

CybersecurityDec 30, 2025

Silver Fox Targets Indian Users with Tax-Themed Phishing Emails to Deliver ValleyRAT Malware

The threat actor referred to as Silver Fox is now actively targeting India, using phishing emails themed around…

Database SecurityDec 29, 2025

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

A high-severity MongoDB vulnerability has been identified that enables unauthenticated clients to read uninitialized data from the server…

AI SecurityDec 29, 2025

Conventional Security Frameworks Leave Organizations Vulnerable to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised and used to deploy malicious code that hijacked…

CybersecurityDec 29, 2025

27 Malicious npm Packages Leveraged as Phishing Infrastructure to Steal Credentials

Cybersecurity researchers have outlined a “sustained and targeted” spear-phishing operation that weaponized more than two dozen npm packages…

CybersecurityDec 29, 2025

Worldwide Active Exploitation of MongoDB Vulnerability CVE-2025-14847

A newly disclosed MongoDB security bug is now being actively weaponized, with more than 87,000 internet-facing instances appearing…

CybersecurityDec 29, 2025

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime, and More

From a SOC lens, last week’s activity in 2025 wasn’t dominated by a single headline breach, but by…

CybersecurityDec 27, 2025

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 Additional Stories

From a SOC vantage point, the line between routine technology use and hostile activity is getting thinner. Adversaries…

CybersecurityDec 27, 2025

Critical LangChain Core Vulnerability Exposes Secrets Through Serialization Injection

A critical vulnerability has been identified in LangChain Core that an attacker could abuse to exfiltrate sensitive secrets…

Cyber Threat IntelligenceDec 27, 2025

China-Linked Evasive Panda Conducted DNS Poisoning Campaign to Deliver MgBot Malware

A China-based advanced persistent threat (APT) group has been tied to a focused cyber-espionage operation in which the…

CryptocurrencyDec 27, 2025

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

Trust Wallet is urging users to immediately update its Google Chrome extension to the latest release after identifying…

Adnan Siddiqui

Published Posts

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Why Secrets in JavaScript Bundles Are Still Being Missed

Cloudflare Fixes ACME Validation Flaw That Could Bypass WAF to Origin Servers

Evelyn Stealer Malware Abuses VS Code Extensions to Harvest Developer Credentials and Crypto

The Hidden Risk of Orphaned Accounts

LinkedIn Messages Used to Deliver RAT Malware via DLL Sideloading

CERT/CC Warns binary-parser Vulnerability Could Allow Node.js Arbitrary JavaScript Code Execution

LastPass Warns of Phishing Messages Mimicking Maintenance Notices to Steal Master Passwords

Three Vulnerabilities in Anthropic MCP Git Server Expose Arbitrary File Access, Deletion, and Code Execution

North Korea-Linked Actors Target Developers Using Malicious Visual Studio Code Projects

Silver Fox Targets Indian Users with Tax-Themed Phishing Emails to Deliver ValleyRAT Malware

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

Conventional Security Frameworks Leave Organizations Vulnerable to AI-Specific Attack Vectors

27 Malicious npm Packages Leveraged as Phishing Infrastructure to Steal Credentials

Worldwide Active Exploitation of MongoDB Vulnerability CVE-2025-14847

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime, and More

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 Additional Stories

Critical LangChain Core Vulnerability Exposes Secrets Through Serialization Injection

China-Linked Evasive Panda Conducted DNS Poisoning Campaign to Deliver MgBot Malware

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

AgentSOC

Resources

Legal

Follow Us

Adnan Siddiqui

Published Posts

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Why Secrets in JavaScript Bundles Are Still Being Missed

Cloudflare Fixes ACME Validation Flaw That Could Bypass WAF to Origin Servers

Evelyn Stealer Malware Abuses VS Code Extensions to Harvest Developer Credentials and Crypto

The Hidden Risk of Orphaned Accounts

LinkedIn Messages Used to Deliver RAT Malware via DLL Sideloading

CERT/CC Warns binary-parser Vulnerability Could Allow Node.js Arbitrary JavaScript Code Execution

LastPass Warns of Phishing Messages Mimicking Maintenance Notices to Steal Master Passwords

Three Vulnerabilities in Anthropic MCP Git Server Expose Arbitrary File Access, Deletion, and Code Execution

North Korea-Linked Actors Target Developers Using Malicious Visual Studio Code Projects

Silver Fox Targets Indian Users with Tax-Themed Phishing Emails to Deliver ValleyRAT Malware

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

Conventional Security Frameworks Leave Organizations Vulnerable to AI-Specific Attack Vectors

27 Malicious npm Packages Leveraged as Phishing Infrastructure to Steal Credentials

Worldwide Active Exploitation of MongoDB Vulnerability CVE-2025-14847

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime, and More

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 Additional Stories

Critical LangChain Core Vulnerability Exposes Secrets Through Serialization Injection

China-Linked Evasive Panda Conducted DNS Poisoning Campaign to Deliver MgBot Malware

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code