New Email Attack Hits Office 365 Users and Delivers Malware
Cybersecurity experts have found a new phishing attack that steals Office 365 credentials and installs malware, putting many organizations at risk. The attack, discovered by Cofense Phishing Defense Center, uses [...]
Windows Active Directory Flaw Leads to Unauthorized Privilege Escalation
Microsoft has released an urgent patch for a serious security flaw—CVE-2025-29810—affecting Windows Active Directory Domain Services (AD DS). This vulnerability allows attackers to escalate privileges and potentially take full control [...]
Ivanti RCE flaw affects over 5,000 devices
More than 5,000 Ivanti Connect Secure devices remain exposed to a high-risk remote code execution (RCE) vulnerability, CVE-2025-22457, according to data from the Shadowserver Foundation. This flaw, caused by a [...]
CISA Warns of Active CrushFTP Authentication Bypass Exploit
CISA has issued a warning about a critical vulnerability (CVE-2025-31161) in CrushFTP that is being actively exploited. This flaw allows attackers to bypass authentication, putting systems at serious risk. The [...]
Lazarus Hides Malicious npm Code Using Hex Encoding
North Korea’s Lazarus Group has ramped up its Contagious Interview campaign by using new npm packages with hex-encoded strings to evade detection. These packages deliver BeaverTail infostealers and RAT loaders, [...]
FHN 
