Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot.
“PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses.
Read more in my article on the Fortra blog.
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
“Untrusted search path in
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
“An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work.
But here’s the uncomfortable truth: Attackers are evolving just as fast.
Every leap forward in AI gives bad actors new tools — deepfake scams so real they trick your CFO, bots that can bypass human review,
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release.
Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry.
The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident.
More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said in a report shared with The Hacker News.
The firmware