Subscribe below for free to get these delivered straight to your inbox
Hackers linked to the BlackCat ransomware group exploited a vulnerable antivirus driver to disable security tools and install malware, according to Sophos researchers.
CISA confirms threat actors are actively exploiting critical vulnerabilities in Dassault Systèmes DELMIA Apriso and XWiki. Flaws include a 9.8 CVSS RCE bug.
A new report from Qualys TRU details a spike in automated botnet attacks targeting PHP servers and IoT devices by exploiting known vulnerabilities and misconfigurations.
Google’s Threat Analysis Group reports Italian spyware vendor RCS Lab exploited a Chrome zero-day, CVE-2022-2294, to target users in Italy and Kazakhstan.
CISA adds a critical Adobe Experience Manager flaw, CVE-2025-54253, to its KEV catalog. The bug has a 10.0 CVSS score and is under active exploitation.
CISA added five security flaws to its KEV Catalog, confirming active real-world attacks exploiting vulnerabilities in Oracle E-Business Suite and Microsoft products.
China’s CVERC and 360 Group report finding “irrefutable evidence” of long-lasting NSA cyberattacks against the National Time Service Center, a key facility.
TP-Link released security updates on Oct 22, 2025, addressing four security flaws in Omada gateway devices. Two critical bugs allow remote code execution.
Sansec warns over 250 Magento stores were hit by hackers exploiting CVE-2025-54236, a critical Adobe Commerce flaw. This vulnerability allows customer account takeover. 62% of stores remain unpatched.
China-linked threat actor Salt Typhoon targeted government organizations on three continents by exploiting a Microsoft SharePoint vulnerability for cyber-espionage.
In a critical security alert, WhatsApp has released an urgent patch to address a “zero-click” vulnerability that has been actively exploited in the wild. The flaw, which affects both iOS…
Stay informed on the cybersecurity landscape for December 15-21. This report covers critical ransomware trends, evolving phishing tactics, newly disclosed vulnerabilities, and state-sponsored threats, based on verifiable security intelligence.
A Ukrainian national, Yaroslav Vasinskyi, has pleaded guilty in the U.S. for his role as an affiliate in the Nefilim ransomware operations. This marks a key victory in international efforts…
WatchGuard Firebox firewalls are under active attack exploiting CVE-2025-14733. Learn about the critical vulnerability, its impact, and essential patching and mitigation steps recommended by WatchGuard to secure your network.
New research reveals ‘DIG AI,’ an uncensored AI assistant on the darknet, empowering criminals and terrorists with sophisticated tools for generating malicious code, phishing schemes, and more. This marks a…
Hackers are exploiting Microsoft OAuth device codes to hijack enterprise accounts, bypassing MFA and gaining full access to cloud services. Learn about this sophisticated attack, its impact, and critical mitigation…
CISA adds CVE-2025-14733 to its Known Exploited Vulnerabilities Catalog, signaling active exploitation. Learn why this critical update demands immediate action from federal agencies and all organizations to enhance cybersecurity defenses.
Behr Enterprises has reported a data breach, emphasizing the critical need for enhanced corporate cybersecurity strategies. Learn about the implications for businesses and the importance of data protection.
An Asus supplier has been impacted by a ransomware attack, resulting in the theft of 1TB of data. Learn about the implications of this significant supply chain breach.
Associated Thermoforming has confirmed a data breach, highlighting the critical need for robust data security in the manufacturing sector. Learn about the implications and importance of cybersecurity measures.
Beausejour Co-op has experienced a data breach, underscoring the critical need for robust cybersecurity in the cooperative sector. Learn about the implications for member data and security measures.
Explore the week’s top cybersecurity news: an exploited zero-day in Cisco email security appliances and the release of Kali Linux 2025.4. Understand the impact on network defense and offensive security…
Discover how the massive Kimwolf Android botnet has infected millions of devices, launching powerful DDoS attacks. Learn about mobile security best practices to protect against this widespread threat.
Interlock, a circuit breaker for AI infrastructure with signed audits, was unveiled on Hacker News. It enhances AI security by controlling access to models and data, preventing unauthorized use, and…
Marquis Software’s ransomware breach has exposed 788,000 financial records, highlighting the critical risks to sensitive data. Learn about the impact and implications.
Widespread exploitation of Oracle E-Business Suite has impacted universities and Allianz UK. Learn about the campaign and its implications for enterprise software security.
Ciphero emerges from stealth with $2.5 million in pre-seed funding, co-led by Storm Ventures and Pioneer Fund, to secure AI models and data against growing threats like model poisoning and…
Microsoft introduces Access Fabric, a modern framework converging identity and network access to simplify management and enhance security in hybrid and multi-cloud environments. It leverages Zero Trust principles and granular…
CISOs gain critical insights from the SolarWinds lawsuit dismissal regarding personal liability, disclosure requirements, and the importance of transparent cybersecurity communication with boards and regulators.
Nefilim ransomware affiliate Sébastien Vachon-Desjardins pleaded guilty to computer fraud conspiracy, involved in 17 attacks with $77 million in demands and a 4-year prison sentence.
Scripted Sparrow, a prolific threat actor, sends millions of BEC emails monthly, primarily targeting Microsoft 365 users for credential harvesting. Learn about their tactics and how to protect against these…
Explore the alarming trend of Android malware operations merging dropper, SMS theft, and RAT capabilities at scale, escalating mobile security threats globally.
A study reveals browser agents often disregard user privacy choices, leading to persistent data collection despite opt-outs and challenging online privacy expectations.
Learn how attackers bypass Multi-Factor Authentication (MFA) using stolen session tokens, creating a critical shortcut to unauthorized access and escalating cybersecurity risks.
Operation Africa Cyber Surge II, led by INTERPOL, resulted in 574 arrests and recovered $3.1 million in illicit funds across Africa, showcasing a major crackdown on cybercrime.
The University of Sydney has disclosed a data breach impacting 27,000 individuals, including students and staff, due to an unauthorized intrusion into a third-party vendor’s system.
Iranian APT group Infy (Prince of Persia) has resurfaced with an updated malware campaign, signaling continued and evolving cyber espionage activities. Learn more about their latest tactics.
Microsoft and NVIDIA detail their collaborative research using deep learning and NVIDIA GPUs to create a real-time malware detection system that analyzes files in milliseconds.
A new IDC InfoBrief, sponsored by Microsoft, shows a significant market shift from point solutions to integrated Cloud-Native Application Protection Platforms (CNAPP).
Learn about Europe’s updated regulatory framework for securing critical infrastructure, focusing on the risk-based approach of the NIS2 and CER Directives.
A factual overview of how generative AI is enhancing the Security Operations Center (SOC) by summarizing incidents, analyzing scripts, and creating KQL queries.
The 10th November Threat Intelligence Report details the month’s top cyber threats. Analysis covers prevalent malware like Qbot and Formbook and key attack vectors.
Facepunch, creators of Garry’s Mod and Rust, has officially released their S&box game engine as open source under the MIT license to accelerate development.
You must be logged in to post a comment.