Posts

Mozilla Says It’s Finally Done With Two-Faced Onerep
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
Wind farm worker sentenced after turning turbines into a secret crypto mine
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that?
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
The Cloudflare Outage May Be a Security Roadmap
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The AI Fix #77: Genome LLM makes a super-virus, and should AI decide if you live?
Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities
Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale
A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research
Microsoft Mitigates Record 5.72 Tbps DDoS Attack Driven by AISURU Botnet
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
5 Reasons Why Attackers Are Phishing Over LinkedIn
⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time
Microsoft Patch Tuesday, November 2025 Edition
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign
Fortinet FortiWeb Flaw Actively Exploited in the Wild Before Company's Silent Patch
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
Google Sues to Disrupt Chinese SMS Phishing Triad
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Smashing Security podcast #443: Tinder’s camera roll and the Buffett deepfake
Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know
[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR
Russian hacker admits helping Yanluowang ransomware infect companies
Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy
WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks
The AI Fix #76: AI self-awareness, and the death of comedy
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
CISO's Expert Guide To AI Supply Chain Attacks
Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
New Browser Security Report Reveals Emerging Threats for Enterprises
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Hack halts Dutch broadcaster, forcing radio hosts back to LPs
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
Enterprise Credentials at Risk – Same Old, Same Old?
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme
The rising tide of cyber attacks against the UK water sector
Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
From Tabletop to Turnkey: Building Cyber Resilience in Financial Services
Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
Cloudflare Scrubs Aisuru Botnet from Top Domains List
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
Securing the Open Android Ecosystem with Samsung Knox
Why SOC Burnout Can Be Avoided: Practical Steps
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The AI Fix #75: Claude’s existential battery crisis, and why ChatGPT is a terrible therapist
A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Ransomware Defense Using the Wazuh Open Source Platform
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit
Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel
Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations
⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
The MSP Cybersecurity Readiness Guide: Turning Security into Growth
CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do
The human cost of the UK Government’s Afghan data leak
Spam text scammer fined £200,000 for targeting people in debt, after sending nearly one million messages
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
LinkedIn gives you until Monday to stop AI from training on your profile
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble
New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics
Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc
Discover Practical AI Tactics for GRC — Join the Free Expert Webinar
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack
Aisuru Botnet Shifts from DDoS to Residential Proxies
New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves
New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human
Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains
The AI Fix #74: AGI, LLM brain rot, and how to scam an AI browser
Why Early Threat Detection Is a Must for Long-Term Business Growth
Is Your Google Workspace as Secure as You Think it is?
Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware
SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats
X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Secure AI at Scale and Speed — Learn the Framework in this Free Webinar
Why Organizations Are Abandoning Static Secrets for Managed Identities
“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
Cybercriminals turn on each other: the story of Lumma Stealer’s collapse
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
Canada Fines Cybercrime Friendly Cryptomus $176M
Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
Bridging the Remediation Gap: Introducing Pentera Resolve
Why You Should Swap Passwords for Passphrases
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams
The AI Fix #73: Google Gemini is a gambling addict, and how to poison an AI
Securing AI to Benefit from AI
John Bolton charged over classified emails after Iranian hack of his AOL account
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
Identity Security: Your First and Last Line of Defense
Email Bombs Exploit Lax Authentication in Zendesk
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks
Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform
Beware the Hidden Costs of Pen Testing
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac
Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months
F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
NCSC warns companies to prepare for a day when your screens go dark
How Attackers Bypass Synced Passkeys
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
Patch Tuesday, October 2025 ‘End of 10’ Edition
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
The AI Fix #72: The AI hype train, space data centers, and lifelike robot heads
What AI Reveals About Web Applications— and Why It Matters
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing
Moving Beyond Awareness: How Threat Hunting Builds Readiness
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
BreachForums seized, but hackers say they will still leak Salesforce data
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks
SaaS Breaches Start with Tokens - What Security Teams Must Watch
From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Salesforce data breach: what you need to know
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
No Time to Waste: Embedding AI to Cut Noise and Reduce Risk
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
ShinyHunters Wage Broad Corporate Extortion Spree
BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers
Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them
The AI Fix #71: Hacked robots and power-hungry AI
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
Discord users’ data stolen by hackers in third-party data breach
New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
5 Critical Questions For Adopting an AI Security Solution
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
Japan running dry: Ransomware attack leaves nation days away from Asahi beer shortage
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
Automating Pentest Delivery: 7 Key Workflows for Maximum Impact
How to Close Threat Detection Gaps: Your SOC's Action Plan
Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
Smashing Security podcast #437: Salesforce’s trusted domain of doom
Your favourite phone apps might be leaking your company’s secrets
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
Learn How Leading Security Teams Blend AI + Human Workflows (Free Webinar)
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
Hackers Exploit Milesight Routers to Send Phishing SMS to European Users
2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising
New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
From fake lovers to sextortionists: 260 scammers arrested in Africa
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
Stop Alert Chaos: Context Is the Key to Effective Incident Response
Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
The AI Fix #70: AI behaves… until it knows you’re watching
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events
U.K. Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust
Evolving Enterprise Defense to Secure the Modern AI Supply Chain
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
The State of AI in the SOC 2025 - Insights from Recent Study
⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
CTEM's Core: Prioritization and Validation
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus
How One Bad Password Ended a 158-Year-Old Business
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
INC ransomware: what you need to know
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
The AI Fix #69: How we really use ChatGPT, and will AI agents crash the economy?
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
How to Gain Control of AI Agents and Non-Human Identities
⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
How CISOs Can Drive Effective AI Governance
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
“Pompompurin” resentenced: BreachForums creator heads back behind bars
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
From mischief to malware: ICO warns schools about student hackers
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
Smashing Security podcast #435: Lights! Camera! Hacktion!
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
Rethinking AI Data Security: A Buyer's Guide
From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
The AI Fix #68: AI telepathy, and rights for robots
Luxury fashion brands Gucci, Balenciaga and Alexander McQueen hacked – customer data stolen
Self-Replicating Worm Hits 180+ Software Packages
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids
Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit
British rail passengers urged to stay on guard after hack signals failure
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal
US Facebook users can now claim their share of $725 million Cambridge Analytica settlement
3CX Breach Was a Double Supply Chain Compromise
US charges three men with six million dollar business email compromise plot
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients’ session notes
Giving a Face to the Malware Proxy Service ‘Faceless’
Army helicopter crash blamed on skipped software patch
Why is ‘Juice Jacking’ Suddenly Back in the News?
As Tax Day approaches, Microsoft warns accounting firms of targeted attacks
Pentagon leak suspect Jack Teixeira arrested at gunpoint
Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
Plenty of juice-jacking scare stories, but precious little juice-jacking
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Ukrainian hackers spend $25,000 of pro-Russian blogger’s money on sex toys
Smashing Security podcast #316: Of Musk and Afroman
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
That ticking noise is your end users’ laptops
A Serial Tech Investment Scammer Takes Up Coding?
Managed Services: A Better Understanding
German Police Raid DDoS-Friendly Host ‘FlyHosting’
5 Great Reasons You Must Outsource IT and Cybersecurity
Technology Solutions Providers: Providing the Peace of Mind You Deserve
Warning! Top Cybersecurity Concerns You Need to Consider
Preparing for the Unexpected: A Quick Guide to BCDR

Sitemap

Posts

Pages

Categories

Latest Posts