FHN 
Security researchers have uncovered a coordinated malware campaign targeting people working in the cryptocurrency and Web3 industry....
A new phishing campaign is pretending to be LastPass support emails to trick users into revealing their...
Microsoft has discovered advanced phishing campaigns that misuse the normal behavior of the OAuth 2.0 authentication process....
Google Chrome’s security team has announced a new plan to protect HTTPS from future quantum computer attacks....
A serious security issue has been found in the MS-Agent framework. The flaw, tracked as CVE-2026-2256, allows...
GTFire is a newly identified phishing campaign that misuses trusted Google services, including Firebase and Google Translate,...
On March 2, 2026, Anthropic’s AI assistant Claude experienced a major global outage that disrupted users and...
A critical security flaw (CVE-2026-27728) has been identified in OneUptime, a service monitoring platform. The issue allows...
Hackers are actively mapping SonicWall firewalls worldwide. In just four days, over 84,000 SonicOS scanning sessions were...
OpenClaw, a popular open-source AI assistant with over 100,000 GitHub stars, recently fixed a serious security flaw...
The ongoing Middle East conflict has significantly elevated cyber risk across the region. During periods of geopolitical...
A new scam is targeting Zoom users by exploiting trust in meeting invitations. In just twelve days,...
A hacker reportedly manipulated Anthropic’s Claude AI to assist in a coordinated cyberattack against Mexican government agencies,...
Microsoft says attackers are creating fake Next.js projects to trick developers. These projects look normal and often...
A financially motivated threat actor used commercial generative AI tools to compromise more than 600 FortiGate devices...
ZeroDayRAT is a newly discovered mobile spyware service that targets both Android and iOS devices. Unlike traditional...
Google says it stopped more than 1.75 million malicious or policy-violating Android apps from reaching users in...
Software Error in Business Loan Application PayPal has notified a small group of customers about a cybersecurity...
Three Vulnerabilities Could Allow Remote Code Execution Google has released an urgent Chrome security update fixing three...
PromptSpy is a newly discovered Android malware family that uses Google’s Gemini AI model to make real-time...
A security weakness in Microsoft 365 Copilot is allowing the AI assistant to generate summaries of emails...
Cybersecurity researchers have uncovered a new version of the ‘ClickFix’ social engineering campaign. In this updated attack,...
The flaw, tracked as CVE-2026-22769, has a maximum CVSS score of 10.0 (Critical) and has been exploited...
Researchers from ETH Zurich have discovered 25 serious security vulnerabilities in three major cloud password managers: Bitwarden,...
Google has released an urgent Chrome update to fix a high-severity vulnerability that is actively being exploited....
A newly disclosed high-risk vulnerability, tracked as CVE-2026-1731, is impacting self-managed deployments of BeyondTrust Remote Support (RS)...
CISA has raised concerns about a serious security issue affecting Notepad++, one of the most widely used...
A recent investigation uncovered 287 Chrome extensions that may be quietly collecting users’ browsing data and transmitting...
Threat actors are evolving — and they’re doing it on trusted platforms. A recent campaign shows attackers...
Microsoft 365 administrators across North America are experiencing significant access issues with the Microsoft 365 admin center,...
Cybercriminals are running a sneaky operation that uses a fake version of the popular 7-Zip archiving tool...
A new security advisory from Fortinet highlights a serious weakness in FortiOS that could let attackers slip...
Security researchers at LayerX uncovered a design-level weakness affecting Claude Desktop Extensions (DXT), the extension framework tied...
A security researcher has published a proof-of-concept tool on GitHub aimed at stopping ransomware from inside the...
A widespread web server misconfiguration issue has quietly exposed millions of websites to potential data theft and...
A new and well-planned phishing campaign is targeting users of Apple’s payment ecosystem. The attackers are not...
Recent research from Google’s Threat Intelligence Group reveals that adversaries are now building malware that actively leverages artificial intelligence (AI) during...
F5 has released its latest security update, fixing several vulnerabilities across its products. Although F5 lists some...
TP-Link has disclosed multiple serious security flaws in its Archer BE230 v1.2 Wi-Fi router. These vulnerabilities allow...
A large, organized scanning campaign has been observed targeting Citrix NetScaler (ADC) Gateway systems across the internet....
A malware framework called PeckBirdy has been active since 2023, using built-in system tools (LOLBins) to quietly...
Microsoft has issued KB5074105, an important preview update for Windows 11 versions 24H2 and 25H2, aimed at...
A newly observed Linux threat called ShadowHS is showing how modern attackers are moving beyond traditional malware....
A fast-growing open-source personal AI project has unintentionally created a major security concern after more than 21,000...
The latest Metasploit Framework update brings several new modules that help security teams test real-world attack paths....
A serious security warning has been issued for several Johnson Controls industrial control products due to a...
Researchers at NeuralTrust uncovered a new AI weakness called Semantic Chaining. It affects multimodal systems like Grok...
A year-long study tracking 550 hacked e-commerce sites across 68 countries shows that removing a skimmer once...
MITRE has just unveiled a dedicated cybersecurity framework — the Embedded Systems Threat Matrix™ (ESTM) — to...
A working proof-of-concept exploit has been made public for CVE-2026-24061, a critical remote code execution vulnerability affecting...
Microsoft is preparing to introduce a new Teams feature that can automatically show where employees are working...
Microsoft investigates startup and stability issues affecting recent Windows 11 versions Microsoft is investigating serious problems linked...
A recently identified ransomware strain named Osiris was linked to an intrusion at a large food services...
The OWASP ZAP project has introduced a new add-on that brings the OWASP Penetration Testing Kit (PTK)...
A newly reported high-impact security flaw in BIND 9, one of the most widely deployed DNS server...
Cisco has issued an urgent security alert after identifying a previously unknown remote code execution flaw being...
Multiple vulnerabilities in Apache Airflow versions prior to 3.1.6 could lead to the exposure of sensitive credentials...
A critical security vulnerability has been identified in the Advanced Custom Fields: Extended WordPress plugin, exposing more...
The Everest ransomware group is claiming a significant breach involving McDonald’s India, alleging that hundreds of gigabytes...
VoidLink has emerged as a serious threat to Linux-based cloud infrastructure, marking a clear shift in how...
Default Service Agent Permissions Expose High-Risk Identity Paths Security researchers have uncovered critical privilege escalation vulnerabilities in...
Google has confirmed an Android bug that affects how volume buttons behave when the Select to Speak...
Microsoft has addressed a security weakness in Windows Remote Assistance that could allow attackers to bypass built-in...
A newly disclosed critical vulnerability in Cal.com, an open-source scheduling and booking platform, could allow attackers to...
Security researchers have released a detailed technical analysis of the DragonForce ransomware, along with confirmation that working...
Palo Alto Networks has released security updates to fix a denial-of-service (DoS) vulnerability in its PAN-OS firewall...
Elastic has released new security updates to fix multiple vulnerabilities across its platform, including a high-severity issue...
A serious security issue has been identified in the ServiceNow AI Platform, exposing organizations to the risk...
SAP has released its January 2026 Security Patch Day updates, publishing 17 new security notes on January...
Instagram has confirmed that its platform was not compromised after a wave of unexpected password reset emails...
Recent research has shed light on how underground carding markets operate online. Investigators identified 28 active IP...
The React2Shell vulnerability (CVE-2025-55182) continues to be heavily targeted, with attackers launching more than 8.1 million attack...
LockBit 5.0 has appeared as the newest version of one of the most active ransomware groups in...
More than 900,000 Chrome users were impacted by two harmful browser extensions that quietly collected AI chat...
Google has released an urgent security update for the Chrome browser to fix a high-severity vulnerability that...
Several large organizations worldwide have been breached after attackers reused stolen login details collected by infostealer malware....
Eaton has released a security advisory after identifying multiple vulnerabilities in its UPS Companion (EUC) software. If...
In December 2025, a phishing campaign hit over 3,000 organizations, mostly in manufacturing. The attackers used Google’s...
A newly disclosed vulnerability in Apache NuttX RTOS could allow attackers to crash systems or trigger unexpected...
Cybercrime activity is increasingly shaped by automation and repeatable services. Researchers at Hudson Rock have identified ErrTraffic...
GlassWorm has returned with a dangerous new evolution, shifting its focus entirely to macOS. First discovered in...
IBM has disclosed a critical security flaw in its API Connect platform that allows attackers to bypass...
A newly uncovered Magecart operation shows how web-based attacks on online stores are becoming more advanced. Magecart...
CISA has flagged a serious security issue affecting MongoDB Server and confirmed that it is being actively...
Since March 2025, attackers running a Spanish-language phishing campaign have been going after Microsoft Outlook accounts. The...
Windows privilege escalation remains a common technique used by attackers to gain deeper control of a system....
A massive data leak linked to WIRED has surfaced online, exposing personal information tied to more than...
A security issue in the Trust Wallet Chrome extension led to losses of more than $7 million....
For a long time, Gmail users had only one option if they wanted a new email address:...
Microsoft is making Microsoft Teams safer by default. Beginning January 12, 2026, the platform will automatically apply...
Threat actors are using a new attack method that combines ClickFix social engineering with image steganography to...
A malicious npm package called “lotusbail” has been secretly stealing WhatsApp messages and user data from developers...
A major data breach at Marquis has compromised the personal information of hundreds of thousands of bank...
GitHub has officially introduced Claude Opus 4.5, Anthropic’s latest flagship AI model, into its Copilot platform. With...
An active zero-day exploit in Cisco AsyncOS is being used to target Secure Email Gateway and Secure...
Operation ForumTrol has launched a new phishing campaign aimed at Russian political scientists and academic researchers. The...
CISA has issued an urgent alert about a critical zero-day vulnerability in Apple WebKit that is being...
Microsoft has released security guidance to address a critical vulnerability called React2Shell (CVE-2025-55182). The issue affects applications...
Frogblight is a sophisticated Android banking Trojan mainly targeting users in Turkey by pretending to be official...
JSCEAL is a new threat targeting Windows users, mainly people using cryptocurrency apps or accounts with sensitive...
ReversingLabs has uncovered a supply-chain attack involving 19 malicious VS Code extensions.Active since February 2025, the campaign...
DomainTools Investigations has uncovered a rapidly growing malware network aimed at Chinese-speaking users around the world. The...
The cybersecurity landscape is at a worrying point. On December 5, 2025, Huntress discovered a smart attack...
A new vishing attack uses social engineering and legitimate Microsoft tools to run commands and deploy multi-stage...
Adex, an anti-fraud platform under AdTech Holding, has uncovered and shut down a long-running malware scheme tied...
India is weighing a new rule that would force all smartphones to keep GPS-based location tracking active...
Security teams around the world are rushing to fix systems after a major React vulnerability was revealed:...
A critical command injection vulnerability in Array Networks’ ArrayOS AG systems is being actively exploited, with confirmed...
Three major cyber agencies — CISA, NSA, and the Canadian Cyber Centre — have issued a new...
A new phishing campaign has been uncovered using fake Calendly pages to steal credentials from Google Workspace...
Google has released Chrome 143 to the Stable channel, with version 143.0.7499.40 now available for Linux and...
A newly disclosed security flaw in Apache Struts could let attackers trigger disk exhaustion attacks, potentially making...
Users of the new Outlook for Windows are facing a problem where Excel attachments won’t open if...
A fake VS Code extension pretending to be the Material Icon Theme was found targeting Windows and...
A Proof‑of‑Concept exploit has been released for a critical remote code execution vulnerability in Microsoft Outlook, tracked...
Albiriox is a new Android malware that recently appeared on cybercrime forums. It offers advanced remote-access features...
GitLab has released important security updates for both its Community Edition (CE) and Enterprise Edition (EE) to...
Hidden vulnerabilities in old Python code can create serious risks for today’s development environments. A recent example...
A gap in Microsoft Teams’ B2B guest access allows attackers to bypass Defender for Office 365 protections,...
A threat actor calling themselves ResearcherX has claimed to sell a full-chain zero-day exploit for Apple’s new...
Security researchers at Socket discovered a deceptive Chrome extension called Crypto Copilot. It pretends to be a...
The Tor Project has introduced a major upgrade to its cryptographic system, replacing its long-standing relay encryption...
A proof-of-concept (PoC) exploit has been released for CVE-2025-9501, a critical command-injection vulnerability in W3 Total Cache,...
A new malware campaign is actively targeting users in Brazil, using WhatsApp as the primary channel to...
Salesforce has disclosed a significant security incident involving unauthorized access to customer data through compromised OAuth tokens...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly identified Oracle vulnerability to its...
A new command-and-control system called Matrix Push C2 has become a major threat to users on all...
A serious remote code execution flaw in Microsoft’s Windows Graphics Component allows attackers to take control of...
Microsoft has launched an investigation into a widespread issue affecting Microsoft Copilot in Microsoft 365, where users...
A new and rapidly growing scam is targeting WhatsApp users worldwide, exploiting the platform’s screen-sharing feature introduced...
Cloudflare released a detailed report explaining the cause of a major network outage that disrupted global internet...
Cisco has revealed serious security vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). These issues allow...
Cisco has released a warning about a newly discovered high-severity vulnerability (CVE-2025-20341) affecting the Cisco Catalyst Center...
Fortinet has released an urgent security update for a critical vulnerability in FortiWeb Web Application Firewall (WAF)....
On November 7, Veracode researchers found a dangerous typosquatting attack targeting developers who use GitHub Actions. A...
A new vulnerability has been discovered in Lite XL, a lightweight open-source text editor, that could let...
A new phishing scam is targeting iPhone users who have lost their devices, taking advantage of their...
A newly discovered malware campaign is leveraging one of cybercriminals’ most effective lures cryptocurrency to distribute DarkComet...
Microsoft has released its November 2025 Patch Tuesday update, fixing 63 security vulnerabilities across its products. One...
Ivanti has released an urgent security update for Ivanti Endpoint Manager, addressing a newly discovered high-severity flaw...
Cybercriminals are now hacking websites to insert malicious links that help boost their own search engine rankings....
QNAP has released an urgent security update after security researchers at Pwn2Own Ireland 2025 successfully hacked QNAP...
Cybersecurity teams are under constant pressure to find vulnerabilities before attackers do. Traditional penetration testing takes time,...
Google has uncovered a new form of AI-assisted malware that uses its own Gemini large language model...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new security flaws affecting Gladinet and...
Cybersecurity researchers have revealed four critical vulnerabilities in Microsoft Teams that could have allowed attackers to impersonate...
Researchers have discovered a new wave of attacks using the Lampion banking trojan, a malware active since...
WhatsApp has rolled out passkey-encrypted backups, a major upgrade that makes protecting chat history easier and more...
On October 29, 2025, CISA released new guidance to help organizations detect and reduce attacks exploiting CVE-2025-59287,...
Cybercriminals are using a new phishing technique that hides invisible characters in email subject lines to bypass...
A sophisticated Android banking trojan called Herodotus has appeared, using new techniques to evade detection. All about...
A new security flaw has been discovered in the recently released OpenAI Atlas browser. The issue was...
A new analysis by Wordfence security researchers has revealed a recurring malware strain that uses PHP’s variable...
Cybersecurity researchers have uncovered a sophisticated cybercriminal operation dubbed “Jingle Thief,” which has been targeting cloud environments...
E-commerce security experts at Sansec have issued a warning about active exploitation targeting a newly disclosed Adobe...
A new cyber espionage campaign has been launched by an Iranian state-sponsored hacking group known as MuddyWater,...
Record-Breaking Day for Security Researchers Day One of Pwn2Own Ireland 2025 concluded with an extraordinary showcase of...
A critical security flaw in Oracle E-Business Suite (EBS) is being actively exploited by the Cl0p ransomware...
The Akira ransomware gang is now reportedly bypassing multi-factor authentication (MFA) protections on SonicWall VPN devices, according...
Attackers Exploiting VPN and Web Services to Gain Root Access — CISA Issues Emergency Directive Two critical...
In a series of escalating cyber threats, two distinct hacking groups— the newly identified ComicForm and the...
A large-scale cyberattack has been uncovered. The attack was enabled by DNS misconfigurations across global networks. Over...
Google has issued an emergency security update for its Chrome browser following the discovery of a critical...
A newly identified ransomware group known as The Gentlemen has been targeting enterprises across 17 countries since...
Threat hunters recently found 45 secret domains linked to Salt Typhoon, a China-backed hacking group. These domains,...
Cybercriminals are misusing iCloud Calendar to send phishing emails from Apple’s servers. These fake emails look like...
In a shocking cybersecurity incident that highlights the growing threats to global financial systems, hackers recently targeted...
In a major cybersecurity incident shaking the tech world, Zscaler, a leading cloud security provider, has confirmed...
Every organization – whether it’s a global enterprise with thousands of employees or an individual tech enthusiast...
In recent months, security researchers have identified a new phishing campaign aimed at macOS users, disguised as...
A new set of 60 malicious packages targeting the RubyGems ecosystem has been discovered. These packages masquerade...
Cybersecurity researchers have identified 11 malicious Go packages engineered to download and execute additional payloads from remote...
Mozilla has issued an urgent security alert to its developer community after identifying a sophisticated phishing campaign...
A sophisticated attack technique has emerged in which cybercriminals exploit free trials of Endpoint Detection and Response...
On Tuesday, Apple rolled out security updates for its entire software lineup, addressing a vulnerability that Google...
Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing...
In the latest example of a software supply chain attack, unidentified threat actors breached Toptal’s GitHub organization...
A significant cybersecurity breach has compromised the privacy of users accessing one of the internet’s most infamous...
A fast-growing phishing campaign is leveraging a Browser-in-the-Browser (BitB) overlay to mimic Facebook’s login page and steal...
A highly sophisticated WordPress malware campaign has been uncovered, exploiting the seldom-monitored mu-plugins (must-use plugins) directory to...
Google has unveiled a new initiative called OSS Rebuild, aimed at strengthening the security of open-source package...
“A New DCHSpy Variant Unveiled: Iranian Cyber Group MuddyWater Targets Mobile Data Amid Rising Israel-Iran Tensions” This...
On July 19, 2025, CoinDCX, India’s second-largest cryptocurrency exchange, confirmed a sophisticated security breach that led to...
On July 17, 2025, CISA released three important advisories concerning Industrial Control Systems (ICS), targeting critical vulnerabilities...
Google’s cutting-edge AI-driven security tool, Big Sleep, has reached a major milestone by identifying and halting the...
A sophisticated new credential stealer has surfaced on GitHub, masquerading as a legitimate forensic toolkit while targeting...
A new wave of phishing emails is circulating globally, posing as offers for a “Social Media Manager”...
Security researchers have identified a critical vulnerability in Google Gemini for Workspace that allows attackers to insert...
A critical security flaw in Microsoft Remote Desktop Client, identified as CVE-2025-48817, could enable attackers to execute...
A new wave of cyberattacks is actively compromising WordPress websites through the use of malicious SEO plugins...
Cybersecurity researchers have uncovered two security vulnerabilities in the Sudo command-line utility used in Linux and Unix-like...
CrowdStrike Services has observed SCATTERED SPIDER escalating its attacks across multiple industries
CrowdStrike Services has observed SCATTERED SPIDER escalating its attacks across multiple industries
CrowdStrike Services outlines the techniques used by SCATTERED SPIDER in attacks targeting the aviation, insurance, and retail...
A critical security flaw in Anthropic’s Model Context Protocol (MCP) Inspector tool, identified as CVE-2025-49596, has raised...
Pro-Iranian Hacktivist Group Leaks Sensitive Data from Major Sporting Event In a significant cyber incident that underscores...
Microsoft has unveiled plans to extend security updates for Windows 10 until October 13, 2026, offering critical...
In a decisive move highlighting growing concerns over digital privacy and cybersecurity, the United States House of...
In a shocking cryptocurrency security breach, CoinMarketCap, the leading crypto price tracking platform, fell victim to a...
Newly discovered Linux vulnerabilities, identified as CVE-2025-6018, CVE-2025-6019, and CVE-2025-6020, threaten major distributions like Ubuntu, Debian, Fedora,...
Zoomcar, India’s prominent car-sharing platform, has disclosed a significant data breach affecting approximately 8.4 million of its...
FTC Cracks Down on Payment Processor’s Role in Deceptive Schemes On June 16, 2025, the Federal Trade...
Scattered Spider Threat Looms Over Insurance Industry Google’s Threat Intelligence Group has identified multiple cybersecurity breaches in...
What is the Coinbase Data Breach All About? In June 2025, global crypto exchange Coinbase disclosed a...
A newly discovered security vulnerability, identified as CVE-2025-46701, has been found in Apache Tomcat’s CGI servlet implementation....
Netskope Threat Labs has uncovered a stealthy malware campaign delivering the PureHVNC Remote Access Trojan (RAT), using...
Between April and May 2025, threat actors launched a multi-wave phishing campaign by exploiting the trusted infrastructure...
On May 8, 2025, cybersecurity analysts at GreyNoise identified a large-scale and tightly coordinated scanning campaign that...
A critical vulnerability (CVE-2025-4009) was found in Evertz’s Software Defined Video Network (SDVN) products, allowing attackers to...
At this year’s Pwn2Own Berlin, researchers revealed two new zero-day flaws in Mozilla Firefox, targeting its content...
DocuSign is trusted by over 1.6 million customers, including 95% of Fortune 500 companies, and has more...
A serious security issue has been discovered in the TI WooCommerce Wishlist plugin, which is used on...
Linux 6.15, released on May 25, 2025, brings major updates to the open-source world with new features...
A new phishing scam is targeting Indian air travelers by pretending to be the trusted DigiYatra service....
OpenAI has upgraded ChatGPT with powerful deep research features, now supporting direct integration with cloud platforms like...
Cisco has patched a security flaw (CVE-2025-20255) in its Webex Meetings service that could let attackers manipulate...
PowerDNS has released an important security update to fix a high-risk vulnerability in DNSdist, its DNS proxy...
Microsoft is rolling out a major security upgrade in Windows 11 called Administrator Protection, aimed at stopping...
On May 13, 2025, a sophisticated supply chain attack compromised the trusted VMware administration tool RVTools, turning...
Cybersecurity researchers have discovered a sophisticated malware campaign that leverages AutoIT, a scripting language known for its...
A critical vulnerability has been found in the Auth0-PHP SDK that could let attackers bypass authentication by...
Researchers have found a way to bypass Kernel Address Space Layout Randomization (KASLR) on fully updated Windows...
A new phishing campaign is tricking users with fake Zoom meeting invites that appear to come from...
Xerox has rolled out its April 2025 security update for the FreeFlow Print Server v2 (Windows 10),...
Adobe has released an urgent security update for Illustrator after discovering a critical vulnerability (CVE-2025-30330) that affects...
A critical vulnerability, CVE-2025-31644, has been discovered in F5 BIG-IP systems running in Appliance mode. The flaw...
A new macOS vulnerability, CVE-2025-31258, has been disclosed by security researcher wh1te4ever, along with a proof-of-concept (PoC)...
Broadcom-owned VMware has released security updates to fix a moderate-severity vulnerability (CVE-2025-22247) in VMware Tools, which has...
The IPFire team has officially released IPFire 2.29 – Core Update 194, bringing a host of security...
Cofense Intelligence researchers have uncovered a phishing method that uses Blob URIs to sneak fake login pages...
Cybersecurity experts at Palo Alto Networks’ Unit 42 have discovered a new method attackers use to hide...
Cybercriminals are increasingly pretending to be IT staff or trusted authorities to trick employees into giving them...
Cisco has issued critical security updates to address a vulnerability in its Switch Integrated Security Features (SISF),...
The Agenda ransomware group (Qilin) ramped up attacks in early 2025, hitting key sectors worldwide with tools...
Researchers at ANY.RUN have discovered a complex attack using the Diamorphine rootkit to install a crypto miner...
In a targeted cyber espionage campaign, attackers are using fake documents referencing the recent Pahalgam attack to...
Cybersecurity firm Sansec has exposed a sophisticated supply chain attack that compromised 21 popular e-commerce applications, giving...
A serious security flaw has been discovered in Apache ActiveMQ’s .NET Message Service (NMS) library. This vulnerability,...
Quantum computing is moving from theory to reality—and with it comes a serious challenge for today’s encryption...
A serious security flaw in Tesla’s Model 3 was revealed during the 2025 Pwn2Own hacking competition. The...
Commvault, a global company known for data protection and information management, has confirmed a cyberattack on its...
Security researchers have found three serious flaws in the Netgear EX6200 Wi-Fi extender that let hackers access...
In today’s cyber threat landscape, who the Chief Information Security Officer (CISO) reports to is more than...
Cybercriminals have used the Nitrogen ransomware campaign to target victims through fake online ads. Nitrogen Ransomware They...
A serious security flaw, CVE-2025-2783, has been found in Google Chrome, affecting the Mojo inter-process communication (IPC)...
A multi-stage carding attack targeted a Magento eCommerce site running outdated version 1.9.2.4, unsupported since June 2020....
A significant data leak involving Microsoft Defender XDR exposed over 1,700 sensitive documents from many organizations, triggered...
Researchers discovered two critical UAF vulnerabilities in Chrome, actively exploited in the wild, but Google’s MiraclePtr defense...
Threat actors have exploited a zero-day flaw in Ivanti Connect Secure (CVE-2025-0282) to install a web shell...
A major remote code execution (RCE) vulnerability, CVE-2025-34028, has been discovered in Commvault’s on-premise backup and recovery...
NFC Technology Abused in Global ATM and POS Fraud Cybercriminals, mainly from Chinese underground networks, are using...
Cybersecurity researchers have found critical SQL injection vulnerabilities in four TP-Link router models, which could allow attackers...
The Socket Threat Research Team has discovered three malicious open-source packages—two on PyPI and one on npm—designed...
Hackers have been using Cloudflare tunnels since February 2024 to host malware and spread remote access trojans...
A recent report from IBM X-Force reveals that infostealer malware delivered through phishing emails has spiked by...
Cybersecurity researchers recently uncovered a server linked to the KeyPlug malware, used by the threat group RedGolf...
A major security flaw (CVE-2024-13059) was found in the open-source AI tool AnythingLLM. Discovered in February 2025,...
Attackers are now using server-side phishing to target employee and member login portals, making it harder to...
Apple has released iOS 18.4.1 and iPadOS 18.4.1 to fix two zero-day vulnerabilities that were actively exploited...
Google has released an urgent security update for its Chrome browser after two critical vulnerabilities were found,...
As companies shift to zero-trust security models, security awareness has become a key line of defense. CISOs...
Many Microsoft Teams users around the world are currently facing issues with file sharing due to an...
VMware has announced the release of ESXi 8.0 Update 3e, the latest version of its industry-leading hypervisor....
Cisco Talos researchers have found a major smishing campaign targeting U.S. toll road users. Active since October...
A new wave of cyber espionage has highlighted BPFDoor, a stealthy malware used to secretly access and...
A new remote access trojan (RAT) called ResolverRAT is posing a serious threat to businesses around the...
Microsoft has added a major security upgrade to Exchange Server and SharePoint Server by integrating them with...
Dell Technologies has released a critical alert about serious flaws in PowerScale OneFS that could let attackers...
AhnLab Security Intelligence Center (ASEC) discovered a cyber attack targeting Korean users with ViperSoftX malware. ViperSoftX Malware...
Cybersecurity experts have found a new phishing attack that steals Office 365 credentials and installs malware, putting...
Microsoft has released an urgent patch for a serious security flaw—CVE-2025-29810—affecting Windows Active Directory Domain Services (AD...
More than 5,000 Ivanti Connect Secure devices remain exposed to a high-risk remote code execution (RCE) vulnerability,...
CISA has issued a warning about a critical vulnerability (CVE-2025-31161) in CrushFTP that is being actively exploited....
North Korea’s Lazarus Group has ramped up its Contagious Interview campaign by using new npm packages with...
A new cyber threat called Neptune RAT is raising concerns among Windows users, as it targets sensitive...
A new Android spyware app uses a password prompt to prevent uninstallation, making it difficult for users...
Oracle confirmed a data breach affecting its older Gen 1 servers, its second incident in weeks, highlighting...
A ransomware attack targeted MSPs via phishing emails, deploying Qilin ransomware across customer environments. Ransomware Attack Targets...
Kaspersky Lab has discovered a new version of the Triada Trojan targeting Android devices. This variant is...
Cisco has revealed a critical flaw (CVE-2025-20212) in its AnyConnect VPN Server for Meraki MX and Z...
Symantec has discovered a sophisticated phishing campaign targeting Monex Securities (マネックス証券), a leading online securities firm in...
A massive 400GB dataset with info from 2.87 billion X (formerly Twitter) users has appeared on hacker...
With the U.S. tax deadline nearing, scammers are ramping up IRS-themed attacks. McAfee Labs reports a rise...
A newly disclosed flaw in HPE’s Insight CMU v8.2, CVE-2024-13804, allows attackers to bypass authentication and execute...
Recent cyberattacks by the APT group Earth Alux have exposed the use of advanced malware, including the...
Cybersecurity analysts have identified a campaign using a fake Zoom installer to spread BlackSuit ransomware on Windows...
Microsoft Introduces “Quick Machine Recovery” to Simplify Boot Issue Fixes Microsoft has introduced Quick Machine Recovery, a...
Mozilla has released an urgent update for Firefox on Windows to fix a critical vulnerability. This follows...
The Tor Project has quickly released an emergency update, Tor Browser 14.0.8, available only for Windows users....
Researchers from Qatar Computing Research Institute and Mohamed bin Zayed University developed DeBackdoor, a framework to detect...
Elastic Security Labs has discovered a complex malware campaign, REF8685, targeting Iraq’s telecom sector. The campaign uses...
With no official streaming release for the new Snow White, many users are resorting to piracy, making...
Forescout Vedere Labs found 46 vulnerabilities in solar inverters from Sungrow, Growatt, and SMA. Exploiting these flaws...
Cloudflare’s 1-hour outage, affecting services like R2 storage and Cache Reserve, was caused by a faulty credential...
CrushFTP and Next.js face critical vulnerabilities, raising security concerns. Rapid7 warns these flaws could lead to data...
In 2024, AI-related threats grew as cybercriminals increasingly targeted large language models (LLMs). KELA’s “State of Cybercrime”...
In 2024, mobile banking malware affected nearly 248,000 users, a 3.6x jump from 69,000 the previous year....
A critical vulnerability in the popular WordPress plugin GamiPress, identified as CVE-2024-13496, allows unauthenticated SQL injection attacks...
Sygnia uncovered a cyber espionage operation by a China-linked group, “Weaver Ant.” The group targeted a major...
Microsoft experienced a major outage on March 19, 2025, affecting Outlook on the web. The issue was...
Dragon RaaS, a ransomware group blending hacktivism and cybercrime, has become a key player in the “Five...
Menlo Security’s annual Browser Security Report reveals a 130% increase in zero-hour phishing attacks and growing use...
A new cyber threat hides malware in JPEG images to steal credentials. Users download seemingly harmless images,...
Flashpoint’s 2024 report reveals a sharp rise in cyber threats, with 3.2 billion stolen credentials — a...
VPN vulnerabilities have become a major threat to organizations worldwide. Cybercriminals and state-sponsored hackers are increasingly exploiting...
The FBI warns that free file conversion tools are being used to spread malware. The FBI’s Denver...
A recent study revealed a major vulnerability in RSA keys, especially in IoT devices. Researchers found that...
A critical vulnerability, CVE-2025-24016, has been found in the Wazuh SIEM platform, affecting versions 4.4.0 to 4.9.0....
Threat actors behind SocGholish are now using hacked websites to spread RansomHub ransomware. The attack starts with...
GreyNoise has reported a coordinated wave of attacks exploiting Server-Side Request Forgery (SSRF) vulnerabilities across various platforms....
CISA has warned about a Junos OS vulnerability (CVE-2025-21590) in Juniper Networks. This flaw allows high-privileged local...
In 2025, a new wave of DCRat backdoor attacks has emerged, using the Malware-as-a-Service (MaaS) model. Cybercriminals...
A newly discovered XML External Entity (XXE) injection vulnerability in PHP allows attackers to bypass security measures...
CISA has warned about a critical Windows Win32 kernel vulnerability, identified as CVE-2025-24983. This use-after-free flaw in...
A major vulnerability, CVE-2024-31317, has been discovered in Android, allowing attackers to exploit the Zygote process for...
Rust in the Linux kernel enhances memory safety, a key focus in development. Launched in 2021 by...
Apple released iOS 18.4 Beta 3 on March 10, 2025, for developers (build number 22E5222f). While no...
Microsoft’s Time Travel Debugging (TTD) tool, used to record and replay Windows programs, has critical bugs in...
Microsoft says Silk Typhoon is now targeting remote management tools and cloud apps for access, showing a...
Cybersecurity researchers at G DATA have discovered a new malware campaign using fake booking websites to spread...
Cisco has disclosed a vulnerability in Webex for BroadWorks that could let attackers intercept user credentials and...
A serious flaw in the popular GiveWP Donation Plugin has put over 10,000 WordPress sites at risk...
Google is developing Shielded Email, a tool that creates disposable email aliases to protect users’ real Gmail...
Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain...
Chinese hackers exploited a patched Check Point VPN flaw (CVE-2024-24919) to target organizations in Europe, Africa, and...
At Black Hat Asia 2025, experts will reveal a major flaw in modern dashcams, showing how hackers...
Pass-the-Cookie attacks let hackers bypass MFA using stolen browser cookies, putting corporate accounts at risk across Office...
Cisco has released a critical advisory for a command injection vulnerability (CVE-2025-20161) affecting its Nexus 3000 and...
Recent reports show Google’s SafetyCore service, which scans content on devices, has been quietly installed on Android...
A critical flaw in the Essential Addons for Elementor plugin, affecting over 2 million WordPress sites, exposes...
GRUB2 vulnerabilities expose millions of Linux devices to secure boot bypass and remote code execution. Discovered during...
The TgToxic Android malware, first found in July 2022, has been updated to better steal login credentials...
Palo Alto Networks researchers have discovered a new Linux malware, “Auto-Color,” which poses a serious threat due...
Google and Mandiant warn of rising phishing attacks on U.S. higher education, exploiting academic schedules and institutional...
A critical flaw (CVE-2025-27090) in the Sliver C2 server allows attackers to hijack TCP connections using SSRF,...
A malware campaign spreading XLoader malware uses DLL side-loading by exploiting a legitimate Eclipse Foundation tool, jarsigner,...
A recent phishing campaign by Hackmosphere exposed vulnerabilities among top decision-makers, like CEOs and CTOs. The study...
Researchers discovered that the malware, disguised as a Chrome update, uses Dropbox’s API to steal credentials and...
Researchers found four critical Ivanti EPM vulnerabilities allowing unauthenticated attackers to exploit machine credentials for relay attacks....
A newly discovered vulnerability in LLMs like ChatGPT raises concerns about adversarial attacks, where techniques like prompt...
A recent study from the National University of Singapore and NCS Cyber Special Ops R&D examines how...
SectopRAT (Arechclient2) is a highly obfuscated .NET-based Remote Access Trojan (RAT). Researchers recently found it posing as...
Researchers found malware targeting WordPress sites, using backdoors for remote code execution. The attacks exploit vulnerabilities, highlighting...
RansomHub has rapidly emerged as a major cybercrime syndicate in 2024–2025, expanding its arsenal to target Windows,...
PortSwigger released Burp Suite 2025.2, adding AI integration to the Montoya API for smarter, AI-powered extensions. Bug...
ClearSky Cyber Security has identified a UI vulnerability in Microsoft Windows exploited by Mustang Panda, a threat...
A subgroup of Russia’s state-backed hacker group Seashell Blizzard (Sandworm) has ramped up cyberattacks under a campaign...
OpenAI is advancing its efforts to reduce reliance on Nvidia by developing its first in-house AI chip....
New York Governor Kathy Hochul announced a ban on the use of the China-based AI startup DeepSeek...
Microsoft’s February 2025 Patch Tuesday fixes multiple vulnerabilities, including critical RCE and privilege escalation flaws. Users and...
Fortinet has issued an urgent warning about a critical zero-day vulnerability (CVE-2025-24472) in FortiOS and FortiProxy. The...
A critical SSRF flaw in Microsoft Power Platform’s SharePoint connector let attackers steal credentials and impersonate users...
Apple released iOS 18.3.1 and iPadOS 18.3.1 to fix a zero-day vulnerability exploited in targeted attacks by...
ShadowServer reports a surge in brute-force attacks on edge device logins, with up to 2.8 million IPs...
A recent cybersecurity threat in India targets users of various banks with a sophisticated malware campaign. Discovered...
MacOS users are seeing a sharp rise in password-stealing malware, spread through fake apps and ads. Leading...
IBM released critical updates for Cloud Pak for Business Automation, fixing vulnerabilities that could expose sensitive data,...
A zero-day vulnerability in Microsoft Sysinternals tools exposes Windows systems to DLL injection attacks, allowing attackers to...
The BADBOX botnet has infected over 192,000 Android devices worldwide, expanding from low-cost brands to major ones...
A newly found flaw in Voyager PHP, a Laravel management tool, risks RCE on affected servers. Discovered...
On February 3, 2025, Google released the February Android Security Bulletin, fixing 47 vulnerabilities. One major flaw,...
Silent Push coined “infrastructure laundering” to describe cybercriminals exploiting cloud services for illegal activities. They rent IPs...
A new phishing campaign is targeting high-profile X (formerly Twitter) accounts. SentinelLABS found that attackers aim to...
Trend Micro’s Managed XDR team recently uncovered a malware campaign using GitHub’s release infrastructure to spread Lumma...
DeepSeek, a fast-growing Chinese AI company, has shaken up the industry and caught cybercriminals’ attention. After its...
Google announced it blocked a record 2.28 million policy-violating apps from the Play Store in 2023. It...
Researchers from Georgia Tech and Ruhr University Bochum discovered two new speculative execution attacks, SLAP and FLOP,...
Apple released security updates for iOS, macOS, and more to address a new zero-day vulnerability, reinforcing its...
Microsoft has introduced a new phishing protection feature for Teams to enhance cybersecurity. The feature alerts users...
A new Apache Solr vulnerability, affecting versions 6.6 to 9.7.0, exposes Windows instances to risks of file...
A flaw in Android kiosk tablets at luxury hotels let attackers remotely control room functions, risking guest...
On October 29, 2024, the Mirai botnet launched a record-breaking DDoS attack, peaking at 5.6 terabits per...
Keeping systems and applications up to date is critical for security and performance in today’s rapidly evolving...
A new ransomware, “Helldown,” is exploiting vulnerabilities in Zyxel firewalls to breach corporate networks. Researchers have linked...
A critical Windows File Explorer flaw, CVE-2024-38100, has been exploited, allowing attackers to gain admin-level access through...
A security researcher recently discovered a critical SQL injection vulnerability on Microsoft’s DevBlogs site (https://devblogs.microsoft.com), allowing attackers...
FunkSec, a RaaS operator, utilizes artificial intelligence to evolve threat actor strategies. While AI aids in scaling...
A critical vulnerability in OpenAI’s ChatGPT API allows attackers to launch DDoS attacks on arbitrary websites by...
Security researchers have uncovered multiple Azure DevOps vulnerabilities, enabling CRLF injection and DNS rebinding attacks. Discovered by...
Apple has announced an exciting Information Security Internship in London, designed for tech-savvy students passionate about starting...
A highly sophisticated Linux rootkit, Pumakit, has been identified targeting critical infrastructure sectors like telecommunications, finance, and...
Microsoft Teams now lets users customize banner notification positions to improve focus and productivity. This feature is...
AWS has issued a critical security advisory for vulnerabilities in certain versions of its clients for Amazon...
A Russian developer, supported by the National Technology Initiative, has launched the Apparatus Sapiens AI module to...
Researchers have discovered “Sneaky 2FA,” a phishing kit targeting Microsoft 365 accounts to steal credentials and bypass...
Researchers discovered a misconfiguration in on-premise applications that bypasses Active Directory Group Policy meant to disable NTLMv1,...
Cybercriminals are running advanced phishing attacks on Microsoft 365 users using fake URLs that closely resemble real...
Hackers are targeting Fortinet FortiGate firewalls with exposed management interfaces online. Arctic Wolf reports that between November...
Microsoft has warned of an MFA issue affecting some Microsoft 365 users, blocking access to certain applications...
Juniper Networks disclosed CVE-2025-21598, a critical vulnerability in Junos OS and Junos OS Evolved, allowing remote attackers...
Cybercriminals are exploiting critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept (PoC) exploits for “LDAPNightmare”...
The PRIVESHIELD browser extension automatically creates isolated profiles to group websites based on browsing habits and interactions,...
Google has updated Chrome to version 131.0.6778.264/.265 for Windows and Mac, and 131.0.6778.264 for Linux, fixing critical...
Hackers breached Argentina’s Airport Security Police (PSA) payroll system, exposing sensitive employee information. They accessed salary records...
Cybercriminals created PhishWP, a malicious WordPress plugin, to mimic payment gateways like Stripe for phishing attacks on...
The January 2025 Android Security Bulletin highlights critical vulnerabilities affecting Android devices. Users should update to security...
A critical vulnerability has been found in the UpdraftPlus: WP Backup & Migration Plugin, affecting over 3...
A PoC exploit for the critical OpenSSH vulnerability CVE-2024-6387 has been released, enabling remote attackers to execute...
Apple has agreed to pay $95 million to settle a class-action lawsuit claiming Siri violated users’ privacy...
ASUS warns of critical router flaws (CVE-2024-12912, CVE-2024-13062) allowing arbitrary command execution. Users are urged to update...
Cyberhaven, a cybersecurity company, revealed that its Chrome extension, with over 400,000 users, was targeted in a...
Researchers warn of a public PoC exploit for a critical Oracle WebLogic vulnerability. Oracle WebLogic Vulnerability The...
Microsoft has warned of an issue affecting Windows 11 version 24H2 that blocks critical security updates. The...
Researchers observed increased activity from the “FICORA” and “CAPSAICIN” variants, which exploit vulnerabilities in outdated D-Link routers...
IBM has warned of two security flaws (CVE-2024-47102 and CVE-2024-52906) in its AIX operating system that could...
Adobe released a critical security update for ColdFusion to address a vulnerability that allows attackers to read...
Threat analysts report the “Araneida Scanner,” based on a cracked Acunetix version, is used for illegal activities...
A critical command injection vulnerability in the systeminformation npm package, CVE-2024-56334, exposes millions of systems to RCE...
The “BMI CalculationVsn” app on the Amazon App Store secretly collects sensitive data, like app package names...
Researchers uncovered a malware campaign in the npm ecosystem, where “k303903” used fake packages to spread the...
BADBOX is a cybercriminal operation that infects Android devices, like TV boxes and smartphones, with malware before...
Researchers have observed a rise in malicious activity on the VSCode Marketplace, exposing its vulnerability to supply...
Recent research links The Mask group to a 2022 attack on a Latin American organization, exploiting an...
VIPKeyLogger, similar to the Snake Keylogger, spreads through phishing campaigns via attachments disguised as archive or Microsoft...
The FLUX#CONSOLE campaign exploits .MSC files to deploy backdoor malware, highlighting advanced phishing and Windows feature abuse....
Cybercriminals are using fake CAPTCHA pages to spread password-stealing malware. These fake CAPTCHAs, often appearing as pop-ups,...
Hackers are exploiting a new Apache Struts2 vulnerability (CVE-2024-53677) with a critical CVSS score of 9.5, posing...
Hackers used Microsoft Teams to trick victims into granting remote system access, showcasing advanced social engineering tactics,...
Dell Technologies has issued a security advisory for critical vulnerabilities that could be exploited by attackers. Customers...
Researchers at Elastic Security Labs discovered PUMAKIT, a Linux malware using stealth and unique privilege escalation to...
A new vulnerability in Facebook Messenger for iOS could disrupt group calls by exploiting emoji reactions. Discovered...
Researchers have found vulnerabilities in the infotainment systems of some Skoda and Volkswagen cars, which could let...
Microsoft is investigating a widespread outage that impacted access to Microsoft 365 web apps and the admin...
Realst malware targets Web3 professionals using fake companies like “Meetio” with AI-generated content. Victims are lured into...
Microsoft’s final Patch Tuesday of 2024 addresses 71 vulnerabilities, including 16 critical ones and a zero-day. This...
A critical vulnerability in Qlik Sense for Windows may allow remote code execution. It affects all versions...
Cipla, an Indian pharmaceutical company, has reportedly been attacked by the Akira ransomware group. The hackers claim...
Google has launched Vanir, an open-source tool to simplify and automate security patch validation. First previewed at...
SonicWall warns of critical flaws in SMA 100 series appliances, enabling remote code execution, authentication bypass, and...
A newly discovered vulnerability in HCL Software’s DevOps Deploy and Launch platforms, CVE-2024-42195, allows attackers to insert...
Researchers reported CVE-2023-49785, a critical ChatGPT Next Web (NextChat) vulnerability, raising cybersecurity concerns over its SSRF exploitation...
APT36, a Pakistani cyber-espionage group, now uses ElizaRAT, a Windows RAT with advanced evasion and C2 features,...
Hackers exploit wevtutil.exe for LOLBAS attacks, enabling command execution, payload downloads, and persistence while bypassing security. wevtutil.exe...
CVE-2024-44308, a critical Safari vulnerability, has been actively exploited, impacting iOS, visionOS, and macOS. Affected Software and...
Amazon has improved cloud security with AI/ML threat detection in GuardDuty. This new feature enhances threat detection...
HPE has released a security alert about a critical flaw in its IceWall product, CVE-2024-11856, which lets...
Uniswap Labs has launched a $15.5 million bug bounty to secure its new protocol, Uniswap v4—the largest...
Cybersecurity researchers have uncovered a large-scale DDoS campaign attributed to a threat actor known as “Matrix.” Despite...
PixPirate malware is targeting users in Brazil, India, Italy, and Mexico, posing as a fake authentication app...
NVIDIA has issued a critical security update for a major vulnerability in its Unified Fabric Manager (UFM)...
ProjectSend, an open-source file-sharing web app, is actively being exploited after CVE-2024-11680 was assigned on November 25,...
GodLoader malware, discovered by Check Point, stealthily infects Windows, macOS, Linux, Android, and iOS, using the Godot...
The Russian-aligned group RomCom exploited two critical zero-day vulnerabilities in Mozilla Firefox and Windows in a sophisticated...
A major data breach has caused widespread concern, as a database with sensitive financial details of over...
Meta has removed over 2 million accounts involved in malicious activities, including complex fraud schemes like “pig...
The Python-based NodeStealer has evolved, now targeting Facebook Ads Manager budgets, stealing credit card info, and browser...
Helldown, a new ransomware group, has been exploiting vulnerabilities to breach networks and compromise victims since August...
Two malicious Python packages pretending to be tools for ChatGPT and Claude were found on PyPI, the...
Trend Micro has revealed a critical vulnerability in Deep Security 20 Agent that could allow remote code...
Recent threat analysis examined outbound traffic and binaries in container environments. Researchers, using honeypot data and threat...
A new vulnerability, CVE-2024-31141, was found in Apache Kafka Clients, allowing attackers to escalate privileges and gain...
A critical unpatched vulnerability has been found in Citrix Virtual Apps and Desktops, now being actively exploited....
Zoho released a security update for a critical SQL injection flaw in ADAudit Plus (CVE-2024-49574), fixed in...
CISA issued an urgent alert for two Palo Alto Networks vulnerabilities, CVE-2024-9463 and CVE-2024-9465, which are actively...
Chinese hacker group SilkSpecter launched a phishing campaign targeting Black Friday shoppers in Europe and the USA,...
Critical flaw found in ‘Really Simple Security’ WordPress plugin, risking 4M+ sites. CVE-2024-10924 allows potential remote attacks...
A recently discovered zero-day vulnerability, CVE-2024-43451, is being actively exploited, targeting Windows systems across multiple versions. Identified...
Google Cloud will start issuing CVEs for critical vulnerabilities in its services, aiming to boost transparency and...
Dell Technologies has revealed critical vulnerabilities in its Enterprise SONiC OS (versions 4.1.x and 4.2.x), which could...
Amazon confirmed that employee data was exposed due to a breach at a third-party vendor, which exploited...
Researchers have found that Fakebat malware is again being spread through malicious Google Ads, targeting users searching...
Researchers found five malicious npm packages targeting Roblox developers, stealing credentials and personal data. These packages, including...
Hackers exploit Excel documents due to their popularity and built-in vulnerabilities. With VBA macros now blocked by...
CheckPoint security experts recently warned about fake copyright claims spreading Rhadamanthys stealer malware. Stealer malware is designed...
A critical vulnerability in Cisco Unified Industrial Wireless Software, affecting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points,...
Recent research has identified a new Android malware strain, initially mistaken for TgToxic, now called ToxicPanda. Although...
The threat actor known as IntelBroker, along with EnergyWeaponUser, has claimed responsibility for a major data breach...
The “ClickFix” tactic exploits fake Google Meet and Zoom pages to deliver advanced malware, mimicking legitimate video...
Palo Alto Networks’ Unit 42 recently found that hackers are using AV and EDR bypass tools from...
Researchers have shown an exploit for the Spectre Flaw, targeting the Indirect Branch Predictor Barrier (IBPB) vulnerability....
The Meta malvertising campaign, active for over a month, spreads SYS01 InfoStealer by disguising it within ElectronJs...
Evasive Panda deployed a new C# tool, CloudScout, in early 2023 to target a Taiwanese government entity....
Google has released a Chrome update addressing critical vulnerabilities, safeguarding millions of users. The latest Stable version,...
Recent cyberattacks by Akira and Fog threat actors have targeted multiple industries by exploiting a vulnerability (CVE-2024-40766)...
WrnRAT is a new malware that cybercriminals deploy by disguising it as popular gambling games like Badugi,...
Multiple vulnerabilities in the Realtek SD card reader driver, RtsPer.sys, affect laptops from major brands like Dell...
WhatsUp Gold, a popular network monitoring tool, has a critical vulnerability in versions before 2024.0.0, exposing organizations...
Cisco issued a critical advisory for a vulnerability in its Adaptive Security Appliance (ASA) Software that could...
Stored XSS vulnerability in Roundcube Webmail is exploited in attacks on ex-USSR government agencies. Researchers identified the...
GitLab released patches (17.5.1, 17.4.3, and 17.3.6) for both Community and Enterprise Editions, fixing a critical HTML...
Lazarus APT exploited a Chrome zero-day using a crypto-themed game as bait, showcasing the group’s evolving financial...
Broadcom has issued critical security updates for severe vulnerabilities in VMware vCenter Server that allow remote code...
Phishing attacks trick individuals into revealing sensitive info by impersonating trusted entities, often through urgent emails with...
Kaspersky reports nearly 10 million personal and corporate devices were compromised by data-stealing malware in 2023, a...
PNG files are popular and widely used on the internet, making them a tempting target for threat...
Hackers posed as ESET to spread wiper malware via phishing emails starting October 8, 2024. The emails,...
Bumblebee malware has reemerged, threatening corporate networks globally, following its first sighting since Europol’s May 2024 Operation...
A group of hackers reportedly sells sensitive data stolen from Cisco, allegedly by IntelBroker in collaboration with...
The ErrorFather campaign, a new variant of the Cerberus banking trojan, emerged in September 2024. It uses...
Infostealer malware, like the recently identified PureLogs, poses significant risks due to its low cost and ease...
Hackers exploit a zero-day vulnerability (CVE-2024-43047) in Qualcomm chipsets, risking millions of Android users globally. The flaw...
Researchers revealed six new vulnerabilities, including a critical one in Foxit PDF Reader that allows arbitrary code...
A critical use-after-free vulnerability in Firefox and Firefox Extended Support Release (ESR) is being actively exploited in...
CISA warns of two critical Microsoft zero-day vulnerabilities, CVE-2024-43572 and CVE-2024-43573, actively exploited in the wild. CVE-2024-43572...
Hackers infiltrated JAXA, compromising top officials’ accounts, including President Hiroshi Yamakawa, in a series of cyberattacks since...
Attackers used the EternalBlue vulnerability to access the observatory farm, create a hidden admin share, and run...
A critical vulnerability in the Cacti network monitoring tool, discovered in version 1.2.28, could allow attackers to...
A researcher identified a method to exploit Visual Studio by executing arbitrary code during the debugging of...
FakeUpdate, a fake browser update scam, is now targeting users in France, aiming to deploy the WarmCookie...
Perfctl, a stealthy malware, is actively targeting millions of Linux servers worldwide. Discovered by Aqua Nautilus researchers,...
The Browser Company has launched a Bug Bounty Program for its Arc Browser after quickly resolving a...
Google released a Chrome update fixing critical vulnerabilities that could allow arbitrary code execution. Version 129.0.6668.89/.90 is...
XWorm is a malware known for its obfuscation techniques and ability to evade detection, posing a significant...
Hackers are exploiting Docker Swarm, Kubernetes, and SSH servers, targeting Docker API vulnerabilities as the entry point...
Developers of the Linux printing system CUPS recently disclosed several vulnerabilities that could allow attackers to execute...
The newly emerged Gorilla Botnet has launched over 300,000 DDoS attacks across 100+ countries from September 4...
Diehl Defence anti-aircraft missiles are successfully intercepting Russian attacks on Kyiv, with a 100% hit rate. Germany...
Phishing attackers used an HTML smuggling technique to deliver malware. The attack began with a phishing email...
NIST released new password security guidelines in Special Publication 800-63B, improving cybersecurity and user experience. One of...
CAPTCHAs, or Completely Automated Public Turing tests, are used online to verify users are human, not bots....
A critical vulnerability in TeamViewer’s Windows Remote client, CVE-2024-7479 and CVE-2024-7481, allows attackers to elevate privileges on...
Recently, Google alerted organizations about North Korean IT workers acting on behalf of hackers. Organizations today face...
Researchers at BitSight TRACE found multiple 0-day vulnerabilities in ATG systems used to manage fuel storage tanks,...
Cisco revealed a critical vulnerability, CVE-2024-20439, in its Smart Licensing Utility, allowing unauthorized access due to a...
Apple’s macOS 15 Sequoia update has broken several key security tools, sparking user frustration across social media...
A new malware campaign is gaining traction online, using fake CAPTCHA sites to trick users into installing...
The Walt Disney Company will stop using Slack for internal communication following a hack that leaked over...
A critical 0-click RCE vulnerability (CVE-2024-20017) in MediaTek Wi-Fi 6 chipsets, used by devices like Ubiquiti, Xiaomi,...
A threat actor has allegedly claimed a breach of Federal Bank, exposing sensitive data of hundreds of...
HZ RAT, a remote access trojan (RAT) that has targeted Windows devices since 2020, has recently been...
A hacking group has claimed responsibility for breaching the Dell employee database, asserting access to sensitive information...
CISA has issued six advisories highlighting vulnerabilities in various industrial control systems. The advisories cover: These advisories...
Researchers discovered a large Chinese state-sponsored IoT botnet, “Raptor Train,” which compromised over 200,000 SOHO and IoT...
A threat actor is reportedly selling a database from Bharat Petroleum Corporation Limited (BPCL). DarkWebInformer first reported...
Amazon Prime Day scams refer to fraudulent schemes that exploit the retailer’s sell-off day. While the event...
Apple has released iOS 18, fixing 32 security vulnerabilities. The update is available for iPhone XS and...
North Korean hackers are targeting LinkedIn users with advanced malware called RustDoor. This highlights the growing use...
Threat actors are exploiting Selenium Grid’s default lack of authentication in two active campaigns, deploying exploit kits,...
Millions of D-Link routers are vulnerable to critical security flaws. Urgent firmware updates have been released, and...
Adobe’s September 2024 updates fixed 28 vulnerabilities, including a critical ColdFusion flaw (CVSS 9.8). Other affected products...
Hackers are exploiting a critical Apache OFBiz vulnerability (CVE-2024-45195) that allows unauthenticated remote code execution, threatening organizations...
Kali Linux 2024.3, the latest version of Offensive Security’s Debian-based distribution for ethical hacking, has been released....
Cody Thomas created Apfell in 2018, an open-source macOS post-exploitation framework that later evolved into Mythic, a...
Recent research has uncovered new Android Spyware targeting mnemonic keys, vital for cryptocurrency wallet recovery. Disguised as...
Hackers target SMBs because they often have weaker security and lack cybersecurity awareness. Without regular security audits...
Zyxel released critical hotfixes to fix a command injection vulnerability in two of its NAS products, NAS326...
Cybersecurity researchers at Fortinet recently discovered that hackers have been exploiting GeoServer RCE vulnerability to deploy malware,...
Critical vulnerabilities have been found that could let attackers execute commands on systems. These issues, listed in...
SonicWall revealed a critical RCE vulnerability (CVE-2024-40766) in SonicOS on August 22, 2024. Initially, no exploitation was...
Recent research shows Predator spyware has resurfaced with improved evasion techniques, despite US sanctions. It’s still active...
The Tor Project has released Tor Browser 13.5.3, featuring important security updates and usability improvements. You can...
Lazarus Group, a notorious North Korean-linked hacker group active since 2010, has intensified its attacks in 2024....
ToddyCat is an APT group active since December 2020, targeting government and military entities in Europe and...
Emansrepo, a Python infostealer, is spread through phishing emails with fake purchase orders. The attack has evolved,...
The D-Link DAP-2310 Wireless Access Point is vulnerable to remote code execution, allowing attackers to gain unauthorized...
DeadXInject, the group behind AresLoader and AiDLocker ransomware, is now offering ManticoraLoader, a new Malware-as-a-Service (MaaS) targeting...
Researchers have identified a sophisticated phishing campaign using a .NET-based Snake Keylogger variant. This attack uses weaponized...
Proofpoint researchers have uncovered a cyberattack campaign, “Voldemort,” using Google Sheets as a C2 platform. Targeting Windows...
A malicious AutoIT executable opens Gmail login pages and steals clipboard data, captures keystrokes, and controls system...
A sophisticated malware is threatening organizations in the Middle East by disguising itself as the legitimate Palo...
A critical vulnerability in App::cpanminus (cpanm), a popular tool for installing Perl modules, has been identified. Known...
The eight Android and iOS apps fail to protect user data by transmitting sensitive information, such as...
Attackers can exploit Windows drivers to bypass security by exploiting vulnerabilities or using stolen signatures to load...
A recently disclosed vulnerability in the Apache Portable Runtime (APR) library, identified as CVE-2023-49582, could expose sensitive...
Microsoft 365 users report emails with images being wrongly flagged as malware and quarantined, identified as Issue...
Patelco Credit Union revealed a ransomware attack compromising member and employee data, raising concerns about security and...
Researchers discovered a new malware campaign called BeaverTail, targeting job seekers in a North Korean cyber espionage...
Google has released Chrome 128 (128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac) to address a...
Cybercriminals are using Google search ads to distribute malware disguised as legitimate ads for Slack. This advanced...
ESET researchers recently identified new Android malware called “Ngate” that allows hackers to withdraw money from victims’...
Recent Log4j attacks use obfuscated LDAP requests to execute malicious scripts, establish persistence, and exfiltrate data. Multiple...
Researchers uncover new attack vectors in MIFARE Classic cards by analyzing the CRYPTO-1 algorithm and vulnerabilities, demonstrating...
UULoader malware delivers payloads like Gh0st RAT and Mimikatz, targeting Korean and Chinese speakers through malicious installers....
A critical security vulnerability affects Dell SupportAssist for Home PCs, specifically in installer version 4.0.3. Dell SupportAssist...
A critical vulnerability (CVE-2024-5932) in the GiveWP plugin exposes over 100,000 WordPress sites to remote code execution...
RipperSec, a pro-Palestinian Malaysian hacktivist group that started on Telegram in June 2023, has quickly grown to...
A critical vulnerability in the Windows TCP/IP stack enables unauthenticated remote code execution (RCE) through specially crafted...
A critical vulnerability in Microsoft apps for macOS allowed hackers to surreptitiously spy on Mac users’ activities....
A new threat called Styx Stealer has emerged, targeting users by stealing sensitive data like saved passwords,...
Recent research revealed a vulnerability in the Android package of many Google Pixel smartphones. Devices shipped globally...
The notorious Lazarus hacker group exploited a zero-day vulnerability in Microsoft Windows, targeting the Ancillary Function Driver...
In July 2022, Microsoft patched a PPL bypass flaw, but a new exploit called “BYOVDLL” has been...
Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting users via email and phone. Attackers are exploiting...
A ransomware group, RansomHub, has introduced EDRKillShifter, a tool designed to disable EDR systems. This advancement highlights...
IBM recently revealed critical vulnerabilities in QRadar Suite Software and IBM Cloud Pak for Security. Exploitation of...
Threat actors frequently exploit browser flaws to gain unauthorized access and conduct various illicit activities. Recently, Oligo...
SAP has issued a major security update addressing critical authentication bypass and server-side request forgery vulnerabilities, with...
A critical vulnerability in 1Password for macOS allows attackers to bypass security measures and access vault items....
A vulnerability, CVE-2024-38856, has been found in Apache OFBiz, allowing unauthenticated remote code execution. A patch is...
Recently, Trend Micro researchers uncovered a sophisticated malvertising campaign targeting social media users with a multi-step deception...
Cybersecurity experts have uncovered sophisticated Android spyware, LianSpy, targeting users to steal sensitive data. It uses advanced...
A Russia-linked threat actor used a car ad to phish diplomats and deliver the HeadLace backdoor, likely...
Voice Over Wi-Fi (VoWiFi) is commonly used for making voice calls over Wi-Fi, improving call quality and...
Researchers found a flaw in Ubiquiti G4 Wi-Fi cameras that exposes critical data. They believe a similar...
Hackers are exploiting a critical vulnerability (CVE-2024-6220) in the WordPress plugin 简数采集器 (Keydatas) that allows unauthenticated users...
Microsoft has patched critical vulnerabilities in Edge. Users should update to the latest version to ensure security....
A critical flaw in GeoServer, an open-source Java software, exposes thousands of servers to risk. The vulnerability,...
Guardio Labs recently identified “EchoSpoofing,” a critical vulnerability in Proofpoint’s email protection service used by 87% of...
Cybersecurity firm TrustedSec has introduced a new tool named Specula, which leverages a longstanding vulnerability in Microsoft...
Microsoft is investigating a global outage affecting access to some Microsoft 365 and Azure services. Microsoft 365...
Attackers are using Gh0stGambit to spread Gh0st RAT malware to Chinese users via a fake Google Chrome...
Progress, the company behind MOVEit Transfer, has issued a critical security alert for a newly discovered vulnerability...
Hackers exploit malicious Python packages to attack developer environments, inject harmful code, and steal sensitive information or...
A critical local privilege escalation vulnerability (CVE-2024-41637) was found in RaspAP, an open-source project for turning Raspberry...
Indian iPhone users are inundated with SMS phishing scams posing as India Post delivery notifications, aimed at...
The hacktivist group USDoD claims to have leaked CrowdStrike’s “entire threat actor list” and an “entire IOC...
Google Chrome now has a new download system with alerts for potentially harmful files, enhancing user security....
A new threat, Jellyfish Loader, has been identified as a .NET-based shellcode downloader disguised as a Windows...
“Krampus,” a new malware loader, is gaining popularity on the dark web, according to MonThreat on X...
Malicious Python packages uploaded by “dsfsdfds” to PyPI stole sensitive data from user systems and sent it...
Researchers at Sucuri recently discovered that website swap files can be exploited to install a persistent credit...
Cisco disclosed a significant flaw in the upload module of RV340 and RV345 VPN routers, allowing remote,...
Since July 4, 2024, SocGholish (FakeUpdates) has shown new behavior. The infection chain starts with a compromised...
SonicWall has disclosed a critical heap-based buffer overflow vulnerability in SonicOS IPSec VPN, identified as CVE-2024-40764, which...
New research reveals a novel approach to hiding malware in APK installers. Adversaries manipulate the file header...
Threat actor ‘Hana’ claims to have breached Dettol India, affecting 453,646 users, according to a FalconFeedsio post...
A recent CrowdStrike update has caused widespread Blue Screen of Death (BSOD) errors on Windows machines. The...
HTTP Request Smuggling exploits differences in how web servers and intermediaries handle HTTP request sequences. Attackers craft...
X-Labs identified ransomware targeting Turkish businesses through PDF attachments in emails from the internet[.]ru domain. These PDFs...
In early 2024, Cofense researchers discovered Poco RAT, a malware specifically targeting Spanish-speaking individuals in the mining...
In 2022, HardBit Ransomware 4.0 emerged, differing from typical groups by avoiding leak sites and double extortion....
Pinterest, with over 518 million users, faces a potential data leak. Hacker “Tchao1337” claims to have leaked...
Hackers target Juniper Junos due to its extensive use in business networking, making it a prime target...
Imagine receiving an email that appears completely legitimate. This is the deceptive capability of the new FishXProxy...
McAfee Labs researchers have identified a sophisticated malware delivery method, “ClickFix,” using advanced social engineering to trick...
Microsoft’s July security update addresses 142 vulnerabilities, including one already being exploited. This update is part of...
International cybersecurity agencies have issued a warning about APT40, a PRC state-sponsored cyber group linked to the...
Ransomware-as-a-service (RaaS) has evolved into a sophisticated, enterprise-like model. From 2022 to 2023, ransomware ads on the...
Researchers discovered that attackers can exploit improperly configured Jenkins Script Console for criminal activities like cryptocurrency mining....
A critical vulnerability, CVE-2024-29510, has been discovered in the Ghostscript rendering platform. This format string flaw affects...
The first half of 2024 has witnessed a notable surge in info-stealing malware masquerading as AI tools...
A new multi-stage trojan, “Orcinius,” exploits Dropbox and Google Docs. It starts with an Excel spreadsheet containing...
eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated campaign in which threat actors exploit the ScreenConnect...
A vulnerability in an unauthenticated endpoint allowed threat actors to identify phone numbers associated with Authy accounts....
Hackers are targeting and weaponizing AnyDesk, Zoom, Teams, and Chrome due to their widespread use across multiple...
A newly discovered OpenSSH vulnerability, dubbed regreSSHion, allows remote attackers to gain root privileges on Linux systems...
Transparent Tribe (aka APT36), active since 2016, uses social engineering to target Indian government and military personnel....
Google has launched kvmCTF, a new vulnerability reward program targeting the Kernel-based Virtual Machine (KVM) hypervisor. Announced...
Cybercriminals are exploiting Binance smart contracts as intermediary C2 servers, favoring them due to their resilience against...
A new malicious code execution technique, GrimResource, targets Microsoft Management Console. Attackers exploit an old cross-site scripting...
A critical vulnerability in OpenSSH, affecting versions 8.5p1 to 9.7p1, has been discovered, potentially exposing millions of...
Hackers exploit Chrome extensions to embed malware, gather personal data, display pop-ups, change URLs, and manipulate the...
Threat actors leverage RATs for sustained access to compromised systems, facilitating prolonged espionage and exploitation. North Korean...
A PoC exploit for the SQL Injection vulnerability CVE-2024-5276 in Fortra FileCatalyst Workflow has been released, affecting...
A critical vulnerability, CVE-2024-5806, in MOVEit Transfer software poses severe risks to organizations relying on it for...
A threat actor has publicly claimed a zero-day vulnerability in the widely-used Google Chrome browser. The account...
A new threat actor has surfaced, claiming a zero-day vulnerability in the Linux GRUB bootloader for local...
Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes...
A Microsoft Power BI vulnerability allows unauthorized access to sensitive data in reports, affecting tens of thousands...
Hackers frequently target ESXi systems due to their extensive use in managing enterprise virtualized infrastructure, making them...
A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by...
Hackers are increasingly exploiting Progressive Web Apps (PWAs) for sophisticated phishing attacks to steal user credentials, as...
Cybersecurity researchers have uncovered a sophisticated malware campaign by the Void Arachne group, targeting Chinese-speaking users with...
Google has released a new Chrome browser update, version 126.0.6478.114/115 for Windows and Mac, and 126.0.6478.114 for...
The Spinning YARN attackers have initiated a fresh cryptojacking campaign, focusing on publicly exposed Docker Engine hosts....
A critical vulnerability in several D-Link wireless router models allows unauthenticated attackers to gain administrative access. The...
Recent research uncovered websites deploying Lumma Stealer disguised as browser updates. These sites, posing as tutorial pages...
On Patch Tuesday, June 11, 2024, Microsoft fixed numerous flaws, including a remote code execution vulnerability in...
WARMCOOKIE is a new Windows backdoor delivered via a phishing campaign called REF6127. It can take screenshots,...
A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code...
SSH and RDP provide remote server access (Linux and Windows respectively) for administration. Both protocols are vulnerable...
Hackers target Apple due to its large user base and wealthy customers, including business people and managers...
Malware distributors exploit MSI installers because Windows OS inherently trusts them to run with administrative rights, bypassing...
A popular ZKTeco biometric terminal has critical vulnerabilities, including an SQL injection flaw via QR codes. This...
A new prompt injection vulnerability, CVE-2024-5184, has been found in EmailGPT, the service and Chrome plugin that...
A PoC exploit has been released for the critical Veeam Backup Enterprise Manager authentication bypass vulnerability, CVE-2024-29849,...
Apache RocketMQ, a widely used messaging system for handling high volumes of data and critical operations, often...
The new ‘Fog’ ransomware targets US education and recreation businesses. Attackers used compromised VPN credentials from two...
Cisco disclosed a major security vulnerability in its Webex Meetings platform, affecting some customers in its Frankfurt...
Phishing attackers distribute email attachments with malicious HTML files designed to exploit users into running the code...
Zyxel has identified and released security patches for critical vulnerabilities affecting their NAS326 and NAS542 devices. These...
In South Korea, attackers distribute malware disguised as cracked software, including RATs and crypto miners, and register...
Hackers exploit the widespread use and trust of Word documents, easily deceiving users into opening them. These...
Since Russia’s invasion of Ukraine on February 24, 2022, tensions have been high globally. Following the invasion,...
A critical vulnerability in the Citrix Workspace app for Mac, tracked as CVE-2024-5027, could allow attackers to...
Microsoft Office provides tools for creating professional reports, college essays, CVs, and notes on Office 365. It...
A new privilege escalation vulnerability (CVE-2024-29072, severity 8.2 High) has been discovered in multiple versions of Foxit...
A new ransomware strain called Embargo, written in Rust, has surfaced with its Darknet infrastructure. Using double...
Hackers frequently target routers, the gateways connecting devices and networks to the internet, because they are often...
A recent study by University of Maryland security researchers revealed a major privacy vulnerability in Apple’s Wi-Fi...
A critical vulnerability in Git, known as CVE-2024-32002, has recently emerged, posing substantial risks to users of...
Researchers discovered REF4578, an intrusion set that exploits vulnerable drivers to disable EDRs for crypto mining and...
Microsoft is focusing on security in Windows, introducing Secured-Core PCs against hardware to cloud attacks and expanding...
Zabbix, a widely used network monitoring tool in corporate IT infrastructure globally, is susceptible to SQL injection...
Recently, cybersecurity researchers at Symantec uncovered a fresh Linux backdoor actively targeting users through installation packages. All...
Apple has rolled out security updates to tackle a zero-day vulnerability in its Safari web browser, exploited...
Wireshark, the leading network protocol analyzer, has just released version 4.2.5, introducing numerous new features and enhancements....
Researchers have uncovered four significant vulnerabilities in the ThroughTek Kalay Platform, utilized by 100 million IoT-enabled devices....
Google has released a critical security update for its Chrome browser upon uncovering a zero-day vulnerability actively...
Recent email campaigns distribute DanaBot malware through two document types: those exploiting equation editor and those with...
iTunes has an arbitrary code execution vulnerability, potentially enabling attackers to execute malicious code. Apple has issued...
Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY...
A zero-day vulnerability in Microsoft Edge, identified as CVE-2024-4671, has been actively exploited by malicious organizations, as...
Cacti, a widely used network monitoring tool, has released a critical security update addressing various vulnerabilities, notably...
Two critical vulnerabilities in F5 Next-Gen Big IP have been uncovered, enabling threat actors to attain full...
Dell Technologies recently disclosed a data breach involving a company portal containing limited customer information related to...
A critical vulnerability, CVE-2024-4040, has been actively exploited in the wild in CrushFTP. This flaw permits attackers...
Hackers exploit weaponized shortcut files because they can execute malicious code without targeting specific users. Given their...
The MorLock ransomware group has escalated its assaults on Russian businesses, resulting in disruptions and financial setbacks....
Security researcher Bassem Essam uncovered a critical cross-site scripting (XSS) vulnerability in the widely-used Yoast SEO WordPress...
A major update for Trend Micro’s Antivirus One software has been launched. This update tackles a critical...
The MITRE Corporation, a non-profit organization managing research and development centers for the U.S. government, has revealed...
Researchers have unveiled a new malware strain named “Cuckoo,” combining features of spyware and infostealers, designed to...
A directory traversal vulnerability (CVE-2024-23334) in aiohttp versions before 3.9.2 permits remote attackers to access sensitive files...
Multiple vulnerabilities in ArubaOS affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and...
Cuttlefish is a recently discovered malware platform that has been active since at least July 2023. It...
Gemini 1.5 Pro represents the latest iteration of the Gemini AI malware analysis platform, poised to revolutionize...
A new RAT malware targeting Android devices has been discovered, capable of executing additional commands compared to...
Researchers have discovered a new infection chain linked to the DarkGate malware. This Remote Access Trojan (RAT),...
BlackBerry initially reported a new iOS LightSpy malware, but Huntress researchers discovered it as a macOS variant...
XLab researchers uncover “Wpeeper,” a new Android malware infiltrating systems to execute various malicious commands, posing a...
A severe SQL injection vulnerability has been discovered in Grafana, a popular open-source platform extensively used for...
A new threat has surfaced, impacting millions of devices globally. The PlugX USB worm, a sophisticated malware,...
The FROZEN#SHADOW attack campaign employs SSLoad malware alongside Cobalt Strike Implants to seize control of the entire...
Since November 2023, the Cactus ransomware gang has been exploiting vulnerable Qlik Sense servers, leveraging multiple vulnerabilities...
Autodesk Drive serves as a cloud-based data-sharing platform for organizations, facilitating document and file sharing. It accommodates...
Avast researchers recently uncovered GuptiMiner, an aged malware. It leverages the eScan antivirus update system to surreptitiously...
GitLab has issued security patches (16.11.1, 16.10.4, and 16.9.6) for both Community and Enterprise Editions, emphasizing the...
CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low...
The OpenMetadata platform has critical vulnerabilities reported by Microsoft Security Blog, enabling attackers to exploit Kubernetes workloads...
Oracle VirtualBox had a critical vulnerability (CVE-2024-21111) allowing Privilege Escalation and Arbitrary File Move/Delete, rated 7.8 (High)....
Russian threat group APT29 targeted German political parties with a new backdoor, WINELOADER, via spear-phishing emails containing...
Hackers frequently exploit PyPI packages to inject malicious code into widely-used Python libraries, seeking vulnerabilities. Recently, FortiGuard...
Cybercriminals frequently deploy Linux ransomware in server environments, targeting organizations with critical data for potentially higher payouts....
Microsoft’s Active Directory (AD) acts as the backbone of your organization’s network, regulating access to network and...
Tor Browser 13.0.14 is now available, featuring crucial security enhancements for the widely-used privacy-centric web browser. Tor...
The cybersecurity community warns of the rising threat of a “mobile NotPetya” event, a self-propagating mobile malware...
Hackers exploit LockBit 3.0 ransomware for its advanced encryption, successfully locking victims’ files for ransom. Its stealthiness...
Two recently discovered SharePoint techniques empower malicious actors to circumvent conventional security measures and extract sensitive data...
A recently discovered malware dubbed LightSpy has been found to target both Android and iOS users. LightSpy,...
Palo Alto Networks alerts customers to a critical command injection vulnerability in PAN-OS GlobalProtect feature, scoring the...
Hackers are employing malware-infected devices for scanning target networks rather than conducting direct scans. This strategy allows...
LG has addressed four critical vulnerabilities found in numerous TV models, dating back to 2023, which could...
On April Patch Tuesday, Microsoft addressed 149 bugs, one of its largest security updates, spanning various products...
Andres Freund discovered a backdoor in the liblzma library, part of the XZ data compression tool. The...
Cybersecurity researchers uncover a complex multi-stage attack employing invoice-themed phishing decoys to distribute various malware, including Venom...
Google has revealed the detection of two Android zero-day security vulnerabilities in its Pixel smartphones, with patches...
Since 2021, a fake e-shop scam campaign has targeted Southeast Asia, with increased activity observed by CRIL...
Progress Flowmon is a network monitoring and security solution developed by Progress, a software company. It is...
Cybercriminals are exploiting YouTube, a platform adored by millions, to orchestrate advanced malware attacks. These perpetrators, capitalizing...
A sophisticated variant of StrelaStealer malware, tailored for Spanish-speaking users, is targeting popular email clients Outlook and...
Microsoft has rolled out new tools in Azure AI Studio to aid generative AI app developers in...
Bitdefender has patched a vulnerability across its popular products like Internet Security, Antivirus Plus, Total Security, and...
In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert concerning the...
Recently, cybersecurity analysts at Netcraft uncovered threat actors actively exploiting the Dracula phishing service to target USPS...
Wireshark continues to reign supreme, providing unmatched tools for troubleshooting, analysis, development, and education. The latest release,...
Researchers have revealed a vulnerability in Apple Silicon processors called GoFetch, enabling attackers to extract secret keys...
Apple users are being targeted by a sophisticated phishing campaign aimed at seizing control of their Apple...
Originally focused on Latin America, the banking trojan Mispadu has broadened its scope to Europe, employing phishing...
Security specialists have unearthed a group of Android VPN apps that surreptitiously convert user devices into proxy...
Cybercriminals leverage 2FA (Two-Factor Authentication) phishing kits to bypass the added security layer provided by 2FA. These...
A malvertising campaign distributing a fake PuTTY client has been discovered, aiming to deploy the dangerous Rhadamanthys...
Mozilla has swiftly responded to two zero-day vulnerabilities exploited during the recent Pwn2Own Vancouver 2024 hacking contest...
First identified in 2020, the Sysrv botnet leverages a Golang worm to infect devices, deploying cryptominers through...
Over 170,000 users have been affected by a sophisticated attack targeting the Python software supply chain. The...
Security researchers have discovered a sophisticated method, named “DHCP Coerce,” that exploits the Dynamic Host Configuration Protocol...
With the rise in digital device usage, personal data security has become increasingly important. Side-channel attacks exploit...
In April 2023, Microsoft announced a multi-year initiative to unify authenticated, user-facing Microsoft 365 apps and services...
AndroxGh0st targets Laravel applications, scanning and extracting login credentials for AWS and Twilio from .env files. AndroxGh0st,...
Researchers at Perception Point have discovered a new malware campaign dubbed PhantomBlu, which targets US organizations. The...
A PoC has been published for a critical RCE vulnerability found in Fortra’s FileCatalyst software. RCE Vulnerability...
A critical vulnerability was found in miniOrange’s Malware Scanner and Web Application Firewall plugins, allowing unauthenticated attackers...
Google has announced an upgrade to its Safe Browsing technology, enhancing Chrome users’ protection against phishing, malware,...
A vulnerability categorized as improper input validation was discovered in Zoom Clients for Windows, Zoom VDI Client...
Threat actors frequently target GitHub users because of the abundance of valuable code repositories and sensitive information...
Hackers are using weaponized LNK files to deploy AutoIt malware, causing concern in the cybersecurity community. The...
A new tool discovered on the Dark Web indicates a change in cybercriminal tactics for illicitly accessing...
PixPirate, an Android banking malware, is pioneering stealth techniques to evade detection. IBM Trusteer researchers have unveiled...
A recent email spam campaign is distributing infostealer malware disguised as an Adobe Reader Installer. The spam...
In addition to ChatGPT and Gemini AI, two of the most popular publicly available Artificial Intelligence systems,...
The cybercriminal group BianLian, recognized for their ransomware assaults, has garnered attention from the information security community....
Vulnerability in Over 150,000 Fortinet Devices Enables Remote Execution of Arbitrary Code by Hackers
Vulnerability in Over 150,000 Fortinet Devices Enables Remote Execution of Arbitrary Code by Hackers
A critical security flaw, identified as CVE-2024-21762, has been uncovered in Fortinet’s FortiOS and FortiProxy secure web...
PUA:Win32/Softcnapp is a generic detection name used by Microsoft Defender to identify unwanted programs. It can occasionally...
CHAVECLOAK is a type of malware, specifically a banking trojan, known for targeting users, particularly in Brazil,...
GitLab has released updated versions for its Community Edition (CE) and Enterprise Edition (EE) platforms, addressing critical...
The malicious actor, known as “z0miner,” has been discovered targeting Korean WebLogic servers to disseminate various forms...
Two zero-day vulnerabilities have been uncovered in iOS and iPadOS 17.4 versions, enabling threat actors to circumvent...
Malware leverages the Notepad service to target systems like Windows and Linux, exploiting the ubiquity of Notepad...
Two fresh security vulnerabilities have surfaced in JetBrains TeamCity On-Premises, a prevalent CI/CD solution. Designated as CVE-2024-27198...
A recently identified DNS threat actor known as Savvy Seahorse is employing advanced tactics to lure victims...
In the realm of cybersecurity, SMS Bomber attacks are emerging as a modern threat with significant and...
The pandemic has spurred significant shifts in business models. With the rise of digital transformation, increased efficiency,...
A new Linux variant of Bifrost, called Bifrose, was detected employing a clever evasion tactic by utilizing...
A newly discovered phishing kit has been observed impersonating the login pages of prominent cryptocurrency services as...
Cybercriminals are leveraging the flexibility of SVG (Scalable Vector Graphics) files for the dissemination of the GUloader...
Cyber adversaries utilize ZIP files as a means to weaponize them, leveraging the ease of concealing malicious...
Recent discoveries by Phylum indicate that a series of counterfeit npm packages identified on the Node.js repository...
Threat actors exploit SSH credentials to gain unauthorized access to systems and networks, executing malicious activities by...
Researchers at Patchstack have issued a warning regarding an unauthenticated site-wide stored XSS vulnerability, identified as CVE-2023-40000,...
A newly identified, sophisticated malware coded in C# has emerged. Dubbed Xeno RAT, this malware boasts advanced...
Researchers uncovered an advanced cyberattack involving a dormant Python Package Index (PyPI) package called Django-log-tracker, which was...
The narrative surrounding the takedown of the LockBit ransomware on February 19 is still evolving. Following nearly...
Microsoft has commenced testing Wi-Fi 7 compatibility within the Windows 11 Insider Preview Build 26063. Initially available...
Information has surfaced regarding a recently patched high-severity security vulnerability in Apple’s Shortcuts app, allowing a shortcut...
Five vulnerabilities have been discovered within the Joomla content management system that could be exploited to execute...
MrB ransomware, a variant of Dharma ransomware, was identified on February 21, 2024. It encrypts files with...
Two recently discovered Wi-Fi authentication bypass vulnerabilities in open-source software could potentially expose numerous enterprise and home...
ConnectWise has remedied a critical vulnerability rated CVSS 10 in its ScreenConnect product, a desktop and mobile...
A recent malware campaign has been detected, focusing on gaining initial access through Redis servers, aiming to...
Cybersecurity experts have uncovered a critical vulnerability in the decentralized social network Mastodon, potentially enabling unauthorized access...
Meta Platforms announced it has taken measures to combat malicious activities originating from eight firms in Italy,...
SYSDF is a ransomware program belonging to the Dharma malware family. Typically targeting small businesses, it encrypts...
“A recent report by Trustwave SpiderLabs reveals the emergence of Ov3r_Stealer, a Windows malware propagated through deceptive...
A malicious Python script named SNS Sender is being promoted as a tool for threat actors to...
Security researchers have uncovered a critical vulnerability in Shim, a commonly used Linux bootloader. This flaw has...
Zoom, the well-known video conferencing platform, recently patched 7 security vulnerabilities in a recent update. These vulnerabilities...
The public release of ChatGPT caused a sensation back in 2022, and it’s fair to say it’s...
The HijackLoader malware has incorporated additional defense evasion tactics. Increasingly, other threat actors are leveraging this malware...
Fortinet has issued a warning regarding a critical vulnerability found in its FortiOS SSL VPN system, which...
In a recent security update, GitLab has released a patch addressing a critical vulnerability that could permit...
The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, specifically iOS...
A recently discovered ransomware, named “Kasseika,” employs Bring Your Own Vulnerable Driver tactics to incapacitate antivirus software...
Fortra has revealed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software—an authentication bypass that...
Apple has issued security updates to tackle the first zero-day vulnerability of the year, which has been...
Security researchers recently discovered two new malicious packages on the npm open source package manager. These packages...
CISA has set a deadline of one to three weeks for addressing three vulnerabilities associated with Citrix...
Cybersecurity researchers caution about a significant rise in threat actor activity exploiting a recently patched flaw in...
An ASEC investigation has uncovered the latest tactics employed by the notorious LockBit ransomware. Under the guise...
A recently launched campaign aimed at vulnerable Docker services installs both an XMRig miner and the 9hits...
Recent research reveals a substantial number of vulnerable SonicWall firewall instances susceptible to remote code execution (RCE)...
Atlassian recommends that its customers update their Confluence Data Center and Server to safeguard against the exploitation...
Cybersecurity experts have rediscovered the eight-year-old Azorult malware, known for stealing information and harvesting sensitive data. The...
In the latest release notes, Google discloses a newly discovered 0-day vulnerability already being exploited in the...
In recent years, zero-day exploits and attacks have emerged as prominent threats. Leveraging unknown vulnerabilities within software,...
On January 11, 2024, GitLab issued an update containing a crucial security fix for a vulnerability. This...
The malicious campaign leverages the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen to propagate Phemedrone Stealer. Employing...
SentinelOne’s malware hunters flagged a recently uncovered Python-based hacking tool employed by cybercriminals to hijack cloud platforms...
Cisco has successfully addressed a high-severity security vulnerability in Unity Connection. This flaw had the potential to...
On Wednesday, cybersecurity researchers at Volexity issued a warning, revealing that suspected Chinese nation-state hackers are currently...
In 2023, the threat actor known as Water Curupira has been actively disseminating the PikaBot loader malware...
Two vulnerabilities in Adobe ColdFusion have been targeted in real-world attacks, as cautioned by the Cybersecurity &...
An innovative SMTP Smuggling technique has been reported with the capability to circumvent current security protocols. Additionally,...
Ivanti has resolved a critical vulnerability in its Endpoint Manager (EPM) solution, designated as CVE-2023-39336, carrying a...
Security researchers have delved into the intricacies of SpectralBlur, an emerging macOS backdoor believed to be associated...
Fortinet researchers identified three malicious packages in the PyPI repository—modularseven, driftme, and catme. These packages, attributed to...
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) highlighted that Juniper has issued security...
A purportedly new method allows hackers to exploit the OAuth2 authorization protocol to compromise Google accounts. This...
Microsoft has disabled the MSIX installer protocol in Windows in response to its exploitation in real-world cyberattacks....
A recent Unit 42 investigation uncovered a dual privilege escalation chain affecting Google Kubernetes Engine (GKE). Stemming...
Researchers uncovered a novel Android backdoor named Xamalicious at the end of 2023. This malware demonstrates significant...
The digital landscape is witnessing a rise in sophisticated ransomware attacks, specifically remote encryption attacks. While the...
A recently identified phishing campaign is using decoy Microsoft Word documents as a lure to deploy a...
Scammers exploit a feature of Twitter posts, deceiving users and putting digital assets at risk. This deceptive...
Google has issued emergency updates to address yet another Chrome zero-day vulnerability that has been actively exploited...
In the course of a security assessment of its game development studios, Microsoft identified four vulnerabilities in...
Comcast has officially acknowledged a significant security breach affecting its Xfinity division, with approximately 36 million customers...
Kinsta, a leading WordPress hosting provider, has alerted its customers to a troubling cybersecurity development. Cybercriminals are...
QakBot malware has re-emerged in phishing campaigns, following a disruption of the botnet by law enforcement during...
FortiGuard unveiled security updates on December 12, 2023, to mitigate multiple critical vulnerabilities present in its FortiOS,...
On Thursday, Google declared its plans to initiate testing of a new feature named “Tracking Protection” from...
Security experts have uncovered a collection of 116 malicious packages within the Python Package Index (PyPI) repository,...
Google Emphasizes Clang Sanitizers in Strengthening Android’s Cellular Baseband Security and Mitigating Vulnerabilities What are Clang sanitizers?...
iOS 17.2 and iPadOS 17.2 have been launched by the company, featuring enhancements that resolve twelve security...
Researchers Uncover 21 New Sierra Vulnerabilities Affecting Over 86,000 Exposed Online Devices. Sierra AirLink Routers Users of...
COLDRIVER, the threat actor, persists in carrying out credential theft operations targeting entities strategically significant to Russia,...
Atlassian has issued software patches to rectify four critical vulnerabilities in its software. Successful exploitation of these...
Apple responded to the active exploitation of two zero-day vulnerabilities in the wild by swiftly issuing emergency...
There’s evidence of a CACTUS ransomware campaign exploiting recently revealed security vulnerabilities in Qlik Sense, a cloud...
Google has unveiled RETVec (Resilient and Efficient Text Vectorizer), a new multilingual text vectorizer designed to enhance...
The cybersecurity community has expressed concerns as they’ve detected exploitative activities focusing on ownCloud, leveraging the CVE-2023-49103...
Annually, the holiday season kicks off with the significant retail shopping events in the U.S., Black Friday...
SysJoker, a multi-platform malware, has been identified in a novel iteration, showcasing a comprehensive code overhaul implemented...
An alert has been released by CISA regarding several vulnerabilities affecting Adobe ColdFusion. The alert emphasizes that...
Phishing campaigns distributing malware families like DarkGate and PikaBot are employing tactics reminiscent of attacks associated with...
Successful management of cyber risks in small businesses centers on adherence to workplace regulations and the attainment...
Malicious cyber actors exploit MySQL servers through a botnet known as ‘Ddostf,’ utilizing it as a DDoS-as-a-Service...
Four distinct groups exploited a zero-day vulnerability in the Zimbra Collaboration email software in real-world attacks, aiming...
VMware has just released an advisory (VMSA-2023-0026) addressing a critical authentication bypass vulnerability found in the VMware...
Google Files Lawsuit Against Fraudsters Exploiting Bard’s Genetics Artificial Intelligence Hype to Deceptively Distribute Malware. Today, a...
The OracleIV botnet malware employs various strategies, with a central emphasis on executing DDoS attacks through floods...
A sub-cluster of the notorious Lazarus Group has created deceptive infrastructure mimicking skills assessment portals for inclusion...
Cybersecurity researchers have issued a warning about a Windows variant of a malware called BiBi-Windows Wiper. This...
The latest iteration of GootLoader malware, known as GootBot, enables lateral movement within compromised systems while successfully...
“Researchers Discover BlueNoroff RustBucket Malware Variant Targeting MacOS” – A recent report from Jamf Threat Labs sheds...
A recently emerged business offering a “Dropper-as-a-Service” (DaaS) known as “SecuriDropper” bypasses Android’s “Restricted Settings” function to...
The Mozi malware operation came to a sudden halt in August when an unidentified individual delivered a...
The hacking group known as Arid Viper (also identified as APT-C-23, Desert Falcon, or TAG-63) is purportedly...
Cybersecurity experts have discovered a fresh batch of malicious packages distributed through the NuGet package manager, employing...
A recent cyber campaign attributed to the Lazarus hackers from North Korea appears to have focused on...
A critical vulnerability, known as CVE-2023-46747, has been uncovered in F5 BIG-IP products, allowing unauthenticated remote code...
Safari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks
Safari Vulnerability Exposes Apple iPhones and Macs Powered by A and M-Series CPUs to Security Risks
A team of researchers has developed an innovative side-channel attack called iLeakage, which takes advantage of a...
The backdoor infiltrated Cisco devices by exploiting two zero-day flaws in IOS XE software has been altered...
The TriangleDB implant, designed for infiltrating Apple iOS devices, incorporates four distinct modules: one for capturing audio...
Security researchers have uncovered three critical remote code execution (RCE) vulnerabilities within the SolarWinds Access Rights Manager...
Threat actors are currently exploiting critical vulnerabilities in Citrix NetScaler and WinRAR, posing a significant risk to...
Security researchers conducted an analysis of the Android trojan called SpyNote, revealing numerous spyware capabilities associated with...
Cybercriminals are increasingly employing counterfeit browser updates that imitate genuine notifications from Google Chrome, Mozilla Firefox, and...
His team at Patch Stack recently uncovered a fresh vulnerability in the WordPress plugin “User Submitted Posts,”...
Microsoft has unveiled a fresh bug bounty program that centers around enhancing the AI-powered Bing experience, offering...
In October 2023, Microsoft unveiled its latest Patch Tuesday, addressing a comprehensive 103 security vulnerabilities. Within this...
Google’s research team introduced the v8CTF, a capture-the-flag (CTF) challenge centered around the V8 JavaScript engine used...
The September 2023 Global Threat Index from Check Point cybersecurity researchers has unveiled notable shifts in the...
In the contemporary era dominated by technology and social media, email marketing continues to stand out as...
Online, proof-of-concept exploits have emerged for a critical vulnerability in GNU C Library’s dynamic loader, granting local...
Cisco has issued updates to rectify a critical security vulnerability affecting Emergency Responder, which permits unauthorized remote...
According to the “2023 State of the Threat” report by Her Secureworks, the number of victims reported...
A recent phishing campaign dubbed “EvilProxy” has come to light, with its sights set on the Microsoft...
The Lazarus hacking group, associated with North Korea, launched a cyberattack on a Spanish aerospace company by...
On Wednesday, Cisco issued a warning to its customers, urging them to address a zero-day vulnerability in...
The Android banking Trojan Zanubis has adopted a new disguise, posing as the official application of the...
Malicious actors are actively taking advantage of a critical vulnerability in Openfire messaging servers, using it to...
Researchers have exposed a robust clandestine ecosystem focused on crafting malware for IoT device exploitation. Researchers at...
A recently discovered malware variant named ZenRAT has surfaced, camouflaged within fraudulent Bitwarden installation bundles. ZenRAT Malware...
Researchers have uncovered a new distribution campaign for the Xenomorph malware, focusing on Android users in the...
A recently discovered backdoor malware, known as “Deadglyph,” has been detected in a cyberattack targeting a government...
Mobile malware, as its name implies, is specialized malicious software crafted specifically to infiltrate mobile devices such...
An imitation proof-of-concept (PoC) exploit targeting a WinRAR RCE vulnerability that was recently patched has been discovered...
Mastodon has taken action to resolve two vulnerabilities, specifically CVE-2023-42451 and CVE-2023-42452. Additionally, a zero-day vulnerability, denoted...
Google has confirmed that due to a recent court ruling, it is currently not possible to simultaneously...
XWorm is a recent addition to the remote access trojan family, quickly establishing itself as one of...
A recent analysis of the Android banking trojan Hook has uncovered its foundation in its predecessor, ERMAC....
An innovative cloud-native cryptojacking campaign has targeted lesser-known Amazon Web Services (AWS) offerings like AWS Amplify, AWS...
Researchers have recently uncovered a novel ransomware variant known as 3AM. Their inquiry unveiled that the initial...
The Free Download Manager website has been consistently redirecting Linux users to malware-infected destinations over an extended...
“The latest release, Notepad++ version 8.5.7, includes security updates to address several buffer overflow vulnerabilities identified in...
“HijackLoader, a recently emerged malware loader, is rapidly gaining popularity within the cybercriminal community for distributing a...
Secure Entry in Gmail is a crucial mode that enables users to safeguard against missing essential emails....
In recent updates, there have been emerging reports about threat actors associated with the Akira ransomware focusing...
A fresh malvertising campaign has come to light, disseminating an updated variant of macOS stealer malware known...
A recently updated variant of the Mirai botnet malware is now targeting Android TV set-top boxes, which...
The banking and logistics sectors are currently facing an assault from an updated version of malware known...
Google has released its monthly security patches for Android to tackle various vulnerabilities, one of which is...
“In the ongoing SocGholish infection chains, a revised BLISTER malware loader is now deployed to distribute Mythic,...
Based on a report from VIPRE, the use of malicious links in phishing emails reached 85%, and...
Today, LogicMonitor, a network monitoring company, confirmed that certain users of its SaaS platform have been impacted...
In the coming years, Signal’s applications became compromised, while Telegram, containing the BadBazaar spyware, was uploaded to...
A recently detected malspam campaign has been identified as distributing a readily available malware known as DarkGate....
Dubbed “Ransomed,” this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The...
Within the realm of digital communication and collaboration, the Zimbra Collaboration Suite has long stood as a...
The ALPHV ransomware group, known as BlackCat, aims to intensify ransom payment pressure on victims by offering...
Cybersecurity analysts have revealed an intricate network of interconnected ransomware variants, all of which can be traced...
Since the beginning of August 2023, over twelve malicious packages have been found in the npm package...
“Cybersecurity experts at ESET reveal the discovery of a malevolent toolkit called Spacecolon, which has been utilized...
A fresh iteration of the XLoader malware targeting macOS disguises itself under the name ‘OfficeNote’ productivity application....
The Bronze Starlight hacking group has ingeniously employed a legitimate Ivacy VPN code-signing certificate to focus on...
A security vulnerability of significant severity has been revealed in the WinRAR utility, posing a potential risk...
A new iteration of the BlackCat ransomware was recently unveiled by Microsoft’s researchers. Termed ‘Sphynx’, this variant...
Malicious actors could exploit existing vulnerabilities within the PowerShell Gallery to execute supply chain attacks targeting users...
Two significant security flaws, designated as CVE-2023-32560, have been unearthed in Ivanti Avalanche. This enterprise mobility management...
Researchers from UC Irvine and Tsinghua University have created a potent cache poisoning attack named “MaginotDNS.” This...
Fortinet has raised an alert regarding the Gafgyt botnet malware, which is currently targeting a vulnerability in...
The amateur hacker group Lapsus$—mostly teenagers with limited technical training—has skillfully breached major targets like Microsoft, Okta,...
Microsoft introduces the August 2023 Patch Tuesday update, encompassing 87 security enhancements addressing 23 vulnerabilities. Among these...
Since June 4, 2023, an unidentified threat actor has been employing a Yashma ransomware variant to target...
As of late June 2023, the QakBot (aka QBot) malware operators have established 15 new command-and-control (C2)...
PaperCut NG and PaperCut MF are widely adopted software solutions for managing print services on servers. CVE-2023-39143...
Microsoft addressed a critical vulnerability in its Power Platform after criticism for a delayed response. Tenable reported...
IT professionals were targeted by a malicious package named “VMConnect,” which impersonated the VMware vSphere connector module...
Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.
Malicious apps employ sneaky versioning techniques to evade detection by Google Play Store scanners.
Threat actors use versioning to bypass Google Play Store’s malware detection and target Android users. In its...
Palo Alto Networks Unit 42 found a new phishing campaign distributing a Python variant of NodeStealer. The...
The Chat GPT and other AI models have undergone numerous modifications to prevent malicious users from exploiting...
Cybercriminals are fabricating counterfeit websites containing software installers that have been infected with a downloader malware named...
The Flipper Zero team recently introduced “Flipper Apps,” its very own mobile app store. This new store...
The renowned WordPress form plugin, Ninja Forms, has been identified to have three vulnerabilities that might grant...
Lazarus, a state-backed North Korean hacker group, targets Windows Internet Information Service (IIS) web servers to use...
Azimuth Group, an Italian asset management company, oversees a substantial portfolio of over $87.2 billion in assets....
Wiz security researchers have revealed that Chinese hackers, known as Storm-0558, successfully stole Microsoft’s consumer signing key....
Estee Lauder has recently experienced a significant ransomware breach, joining the list of prominent companies targeted by...
New findings from Palo Alto Networks Unit 42 reveal that in 2023, Mallox ransomware activities have surged...
The cybersecurity landscape has been recently shaken by the emergence of BundleBot, a sophisticated malware strain that...
Adobe has addressed three vulnerabilities in ColdFusion, including a zero-day vulnerability. Adobe fixed three vulnerabilities in ColdFusion,...
Artificial Intelligence (AI) has introduced revolutionary advances, including generative AI, which shows great potential for creative use....
Microsoft and the Ukrainian CERT issued a warning about Russian state hacking group Turla launching new attacks....
Citrix ADC and Citrix Gateway, renowned for their role in facilitating secure application delivery and remote access...
AVrecon malware infects 70,000 Linux routers, forming a botnet for bandwidth theft and a hidden residential proxy...
The Computer Emergency Response Team (CERT-UA) of Ukraine has issued a warning regarding the rapid actions of...
Zimbra Collaboration Suite (ZCS) has issued an urgent advisory, urging administrators to apply a manual patch for...
A fake PoC about a Linux kernel vulnerability on GitHub exposed researchers to malware. A backdoor with...
The Triada malware infiltrates Android devices through a counterfeit Telegram app. Thankfully, the version of Telegram infected...
SonicWall has issued an urgent warning to its customers, urging them to promptly patch several critical vulnerabilities...
Today, Microsoft Corp. released software updates to address a total of 130 security vulnerabilities in its Windows...
Recently, a critical vulnerability was discovered in ShareFile, a cloud-based file sharing application. This vulnerability, identified as...
Progress is notifying customers about a newly discovered critical SQL injection vulnerability, identified as CVE-2023-36934, in its...
Rekoobe, a backdoor malware, specifically targets vulnerable Linux servers commonly utilized by the Chinese APT31. Rekoobe Malware...
The “TeamsPhisher” cybersecurity tool provides a means for both pen testers and malicious actors to send harmful...
Recent reports have brought to light crucial technical details regarding a critical vulnerability impacting various versions of...
A new version of the DDoSia attack tool has been released by the threat actors, featuring an...
A vulnerability found in the Ultimate Member plugin has the potential to exploit thousands of WordPress sites,...
The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. They put up advertisements to...
Cybersecurity researchers recently uncovered a concerning discovery regarding a modified iteration of the widely-used messaging application, Telegram,...
Last year, the North Korean hacking group Andariel utilized a previously undisclosed malware named EarlyRat to carry...
Security researchers have recently discovered ThirdEye, an information stealer designed for Windows operating systems. This stealthy malware...
Cybersecurity experts have recently disclosed the intricate workings of Fluhorse, an Android malware family. The malware “represents...
Akira, a ransomware operation, has recently shifted its focus from Windows systems to VMware ESXi virtual machines,...
Arcserve has recently launched a security update to resolve a severe authentication bypass vulnerability known as CVE-2023-26258,...
A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been discovered,...
The BIND 9 DNS software suite, an integral part of the Domain Name System (DNS), has recently...
A new strain of the JavaScript dropper has been observed delivering next-stage payloads such as Bumblebee and...
Cybersecurity researchers have recently informed that a vulnerability in the latest version of Microsoft Teams allows attackers to inject...
The Chinese hackers which are tracked as APT15 are involved in a new campaign that uses a backdoor with the name “Graphican“. The...
ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps...
More than 101.000 ChatGPT user accounts have been stolen by infostealer malware over the past year, according...
Security researchers warn that malware developers are adopting a handy obfuscation tool to get malware past antiviruses....
Cybersecurity scams continue to be on the rise. As scammers get smarter, it’s important to stay up...
Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS)...
A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate...
The principle of least privilege (POLP), also named the “principle of least authority” (POLA) or “the principle...
Diicot shares its new name with the Romanian anti-terrorist police unit and uses the same style of...
Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful...
Russia-linked state-sponsored cyber-espionage group Gamaredon (Armageddon, UAC-0010) continues its relentless attacks against government entities, and organizations in...
A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. What...
A fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malwastrains since...
Fortinet has patched a critical flaw in its Fortigate devices, with admins urged to apply firmware updates...
Gmail is tightening its implementation of an email security protocol after a researcher discovered a flaw allowing...
Cisco has recently fixed a high-severity vulnerability found in its Cisco Secure Client (previously known as AnyConnect...
A new PowerShell malware script, named “PowerDrop”, has been discovered to be used in attacks targeting the...
A recent malware campaign has been discovered that exploits the Satacom downloader as a means to deploy...
The Cyclops group has developed multi-platform ransomware that can infect Windows, Linux, and macOS systems. The Cyclops...
TrueBot downloader trojan botnet activity has increased significantly in the past month, researchers say. What is TrueBot?...
Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and...