Ethical Hacking Mission Control
This live lab is a safe space for defenders, red teamers, and curious hackers to sharpen their tradecraft using real tooling and real telemetry. Every article, lab module, and intel briefing is curated to help you practice responsible disclosure, grow your skill set, and support the security community.
Medtronic notifies customers impacted by ShinyHunters data breach
Alleged Scattered Spider hacker extradited to the United States
FortiBleed credential-theft campaign linked to Lynx ransomware
Kubota says hackers had month-long access to network systems
ChocoPoc malware delivered via trojanized exploits on GitHub
New ChocoPoC malware targets researchers via trojanized PoC exploits
DHS confirms hackers breached HSIN info-sharing platform
Webinar: Why traditional email security is no longer enough
Hackers target Microsoft 365 accounts with 81 million login attempts
Turning Indicators into Intelligence in OpenCTI with Criminal IP
Over 900 Oracle E-Business instances exposed to ongoing attacks
Microsoft fixes GIF functionality in the Windows Emoji Panel
Amazon fined $2.25M for withholding evidence from fraud victims
Adobe patches seven max severity ColdFusion, Campaign flaws
Anthropic to restore Claude Fable access on Wednesday
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
New BioShocking attack manipulates AI browser into data theft
Microsoft accelerates quantum-safe roadmap as risks grow
Malicious PyPI packages give hackers control of Telegram bot servers
Lessons from the Underground: How to Combat Business Email Compromise
Mircosoft adds smarter bot protection to Teams meetings
Fake Perplexity extension on Chrome Web Store tracked searches
Insurance giant Aflac discloses data breach after subsidiary hack
Microsoft adds smarter bot protection to Teams meetings
Blackfield ransomware asks Nidec Corporation for $2 million ransom
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
Nissan discloses employee data breach linked to Oracle zero-day attacks
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
WhatsApp rolls out usernames to help users hide their phone number
Microsoft extends Windows Server 2022 hotpatching until October 2027
Agentic AI Has an Identity Problem and Attackers Know It
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers now exploit critical Oracle E-Business flaw in attacks
Webinar: Why business email compromise attacks keep succeeding
US seizes hundreds of FIFA World Cup illegal streaming domains
Data breach exposes up to 14.2 million email logins at six ISPs
Clean GitHub repo tricks AI coding agents into running malware
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
FBI: Russian hackers now target Signal backup recovery keys
Polymarket customers lose $3 million in supply-chain attack
Cybersecurity firms targeted by fraudulent OpenAI organization invites
PirloTV sports piracy network disrupted as 44 domains seized
Your First GRC Agent: A Red Teamer's Walkthrough
Anthropic is testing desktop-like Claude Cowork for mobile
Order-tracking app Shop abused to push callback phishing attacks
Poland busts SIM-swapping gang tied to millions in crypto theft
New macOS malware embeds fake errors to confuse AI analysis tools
The Four Elevations of Effective Fraud Prevention
Bluekit phishing kit adopts browser-in-the-middle for login theft
Microsoft quietly extends free Windows 10 ESU support to October 2027
Webinar: Why account takeovers remain one of the hardest threats to stop
Google releases new privacy controls for activity history, personalization
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
Malicious Edge extension abuses Native Messaging as bridge to malware
Stealthy Mistic backdoor linked to ransomware access broker KongTuke
CISA warns of max severity Ubiquiti flaws exploited in attacks
Amadey, StealC malware operations disrupted in Operation Endgame action
Securing the service desk: Why social engineering attacks keep succeeding
Healthtech firm Xolis suffers data breach impacting 1.4 million people
The Exploit Doesn't Exist. You Can Still Prove It Works Against You
Tata Electronics confirms cyberattack as hackers leak data
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
New macOS ClickFix attack silently mounts DMGs to push infostealer
Scattered Spider members plead guilty to hacking Transport for London
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Bug Bounty Radar
Hand-picked programs with live scope and standout rewards to help you focus your next responsible disclosure run.
FastAPI Cloud
HackerOne • Updated 2024-05-18
Prototype pollution in async workers and GraphQL stitching flaws.
Scope: api.fastapicloud.com, *.fastapicloud.com
Program brief →Supply Chain Monitor
Bugcrowd • Updated 2024-05-22
Dependency confusion, pipeline breakout, and artifact poisoning.
Scope: *.scm.dev, api.scm.dev
Program brief →Secure Notes
Intigriti • Updated 2024-05-17
OAuth misconfigurations, storage isolation, and advanced XSS chains.
Scope: app.securenotes.io, api.securenotes.io
Program brief →OpenTelemetry Hub
YesWeHack • Updated 2024-05-20
Collector escapes, tenant isolation bugs, and SSRF via exporters.
Scope: *.otelhub.dev
Program brief →