Latest Insights

We Followed the Wallet: Tracking GlassWorm Through Nine C2 Rotations

TL;DR Introduction On April 24, 2026, a Solana wallet executed a transaction that cost less than a fraction of a cent. To anyone watching the blockchain as a whole, it was noise in millions of daily memos moving through the network. For our team, this was a signal we had been waiting for. The wallet…

17th June 2026

Beyond Risky Sign-Ins: Behavioural Analysis for AiTM Attack Detection

Social engineering attacks are at an all-time high, amplified by the accessibility of phishing toolkits and open-source Artificial Intelligence (AI) offerings. This is reflected in the fact that 98% of cyberattacks leverage social engineering techniques to exploit the human element to achieve their end objectives.[1] What began as Business Email Compromise (BEC), campaigns that facilitated…

11th June 2026

RCE in PIXERA TWO Media Server (CVE-2026-7703, CVE-2026-7704)

The PIXERA TWO Media Server is an Audio-Visual (AV) solution widely adopted to create large-scale, high-quality visual experiences in live events, stage productions, and creative projects. PIXERA servers are typically deployed in internal or isolated networks as part of professional AV setups, where performance and stability are critical. The following advisory presents two (2) vulnerabilities…

3rd June 2026

Prioritizing Agentic Workflows Before Models: The Story Behind CVE-2026-34311

Everyone is obsessing over which model powers their security agent. Is it the largest? The most expensive? The one topping the benchmarks? We took a different bet. We ran with GLM-4.7 and uncovered CVE-2026-34311, a critical unauthenticated SSRF in Oracle OPERA PMS (again!). GLM-4.7 is certainly not the flashiest model on the market, but instead it strikes a balance…

1st June 20262nd June 2026

Supply Chain As the Perimeter

When the threat enters through the vendor, detection starts too late. Here is what we saw in the past twelve months — and what it demands from defenders. The perimeter is dead — and the supply chain buried it. Just over a month ago, we were invited by the Cyber Security and Technology Crime Bureau…

29th April 202611th June 2026

Silver Fox’s Dual-Pronged Strategy: Dissecting the ValleyRAT Distribution Campaign

The Silver Fox APT group employs a sophisticated, hybrid distribution strategy to maximize the reach of their custom-built ValleyRAT trojan, primarily aimed at Chinese-speaking victims. Rather than relying on a singly infection method, the group employs a multi-medium strategy to achieve both precision and scale. On one front, Silver Fox executes highly targeted phishing operations,…

25th March 2026

Something went wrong. Please refresh the page and/or try again.

Dark Lab

Insights from Hong Kong's largest group of technical cyber security professionals.