Nintendo Confirms Employee Data Exposure Following TinyPulse Cyberattack *

Attackers Could Abuse SQL Server 2025 AI Features for Data Exfiltration *

UEFI Secure Boot Trust Model Weakness Exposes Systems to Pre-Boot Compromise *

SmartApeSG Abuses Okendo Component in Large-Scale E-Commerce Attack *

Node.js Patches Dozen Security Flaws Including DoS and Authentication Bypass Issues *

IBM X-Force Maps the Shared Ecosystem Behind Interlock and Rhysida *

HazyBeacon Malware Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations *

Showboat malware Linux framework evades detection using Pastebin code targeting telecoms *

Attackers Exploit Fake Software Updates to Compromise macOS Systems *

F5 Patches Critical NGINX Vulnerability Enabling Remote Code Execution and Denial-of-Service Attacks *

Cisco Warns of Severe ISE Vulnerabilities Affecting Network Access Control Systems *

Klue Integration Abused to Exfiltrate Salesforce Data *

New usbliter8 Exploit Targets Apple SoCs, Allowing Hardware Level Security Bypass *

Windows Systems Targeted Through Microsoft Fondue.exe Side-Loading Technique *

Crypto-Stealing Rust Malware Spreads Through Fraudulent GitHub Projects and Fake Trust Signals *

Mozilla Addresses Multiple Critical Vulnerabilities in Firefox 152 *

Brazilian Banking Users Targeted in New SmartRAT Malware Attack Using ClickFix Tactics *

China-Themed Loader Chain Delivers Multi-Stage Malware Through Decoy Documents *

Microsoft Uncovers Windows Clipper Malware Campaign Leveraging USB LNK Worm and Tor-Based C2 *

WordPress POST SMTP Plugin Vulnerability (CVE-2023-6875) Exposes 300,000+ Websites to Account Takeover Risks *

Splunk Patches Critical AI Toolkit Vulnerability Leading to Arbitrary Command Execution *

FortiBleed Campaign Exposes Fortinet VPN Credentials *

AI-Generated YouTube Narrators Spread Rust-Based Crypto Clipboard Hijacker *

Critical OpenBSD Vulnerability Enables Complete PAP Authentication Bypass After 27 Years *

GitBait Campaign Abuses GitHub Pages for Financial Sector Phishing Attacks *

ClickFix Attack Deploys Potemkin Loader, RMMProject RAT, and EtherRAT Across 11 Hosts *

Google Cloud Vertex AI Double Agent Vulnerability Enables Sensitive Data Access *

Kodak confirms data breach claimed by ShinyHunters extortion gang *

Sapphire Sleet Deploys Multi-Stage macOS Malware via curl-to-osascript Execution Chain *

Malicious JetBrains Marketplace Plugins Steal AI API Keys from Developers *

Ghostwriter Threat Actors Target Users with Gmail Admin Phishing Emails *

Critical NVIDIA NeMo Vulnerability Enables Unauthorized Command Execution *

Critical Fortinet FortiSandbox Vulnerabilities Under Active Exploitation *

Windows Users Targeted by Fake CAPTCHA and GULoader Malware Campaign *

Researchers Track OnionDrop Loader Delivering Multi Stage Payload Chains *

China-Linked SprySOCKS Backdoor Expands to Windows Targets, Enhancing Espionage Capabilities *

UNC3753 Targets Professional and Financial Organizations Through Social Engineering Attacks *

Novo Nordisk Confirms Cyberattack Exposing Patient Medical Data *

Rokarolla Android Malware Targets PINs, SMS Authentication Codes, and Cryptocurrency Wallets *

GhostTree Malware Campaign Uses Recursive Windows Junctions to Conceal Malicious Files *

Jenkins RCE Vulnerability Being Exploited in the Wild *

Silent Cloud-Based Attack Enables Payroll Redirection Fraud *

NarwhalRAT Delivered via Stealth LNK Execution Chain *

Attackers Exploit Copilot Enterprise Search to Steal Confidential Microsoft 365 Data *

Critical PAN-OS GlobalProtect Flaw Enables Unauthorized VPN Access *

Threat Actor Malware Platform Exposed Through Unsecured PHP Installer Page *

Salesforce Platform Compromise at Infinite Campus Leads to Data Exfiltration *

Sniper Dz Phishing Campaign Targets MENA Users Through Fake Facebook Offers and Browser Alert Scams *

Payroll Pirate Campaign Uses AiTM Phishing to Steal Employee Payroll Credentials *

Microsoft 365 Copilot Vulnerability Enables Potential Exposure of Emails, Files, and MFA Codes *

Chinese Hackers Breach REDCap Servers, Exfiltrate Sensitive Medical Research Data *

Critical Jenkins Vulnerability (CVE-2024-23897) Under Active Exploitation *

DPAPISnoop Enables Extraction and Processing of Windows CredHist Data *

Nintendo Investigating Alleged Data Breach Claim Linked to Third-Party Platform *

Wazuh Vulnerability Enables Alert Manipulation and Security Log Deletion *

SearchJack Adware Campaign Hijacks Browser Searches *

WordPress Plugin Supply Chain Attack Exposes Websites to Malware *

AI Coding Assistants Exploited in New Agentjacking Attack *

152 Chrome Extensions Found Generating Fake Google Search Traffic and Harvesting Data Campaign *

ShinyHunters Exploits Oracle PeopleSoft Zero-Day RCE Vulnerability in Active Attacks *

Maine Suspends Data Breach Reporting Portal Following Fraudulent VRChat and Discord Submissions *

Critical Splunk Vulnerability Enables Unauthenticated Remote Code Execution *

AI Coding Agents Hijacked Through Malicious Error Injection Attack *

Europol Disrupts Audia6 Crypto Investment Fraud Network in International Operation *

GRU-Linked APT28 Uses Moobot Botnet to Target Routers and IoT Devices *

AI Coding Agents Vulnerable to New Agentjacking Arbitrary Code Execution Attack *

Threat Actors Exploit NinjaOne RMM Agent to Obtain Remote Access to Brazilian Organizations *

Kyushu Electric Power Reports Missing SSD Affecting 10.9 Million Customers *

Tchap Messaging Platform Breach Impacts More Than 73,000 French Government Users *

OceanLotus APT Executes Supply Chain Attack Through Compromised FireAnt MetaKit Targeting Stock Investors *

GreatXML Attack Demonstrates Potential BitLocker Bypass Through Windows Recovery Workflow *

VMware-Signed Binary Abuse Enables Malware Execution and Defense Evasion *

Critical Configuration Control Vulnerability Discovered in Ivanti Endpoint Manager Mobile *

Microsoft Teams for Android Vulnerability May Expose Sensitive Information *

DMG-Based Delivery Chain Deploying macOS Infostealer Malware *

Data Breach at Nottingham University Impacts More Than 450,000 Students *

Hackers Exploit SniperDz PhaaS Platform to Launch Large-Scale Phishing Campaigns *

OpenClaw AI Agent Compromised in Phishing Scenario, Leaking Credentials *

Emerging Phishing Method Mimics Browser Windows to Harvest Microsoft 365 Credentials *

Malicious Browser Extensions Target Users of Popular AI Chatbots *

Malicious Surveillance Software Found on Devices of Russian Leadership *

Stealthy .NET Loader Spread via Malspam Using DoubleClick Redirection *

Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader *

Linux Kernel Guest-to-Host Escape Vulnerability Exposed Following Public PoC Release *

Multiple Splunk Enterprise Vulnerabilities Allow Remote Code Execution and Privilege Escalation *

Microsoft Fixes Windows RDP Vulnerabilities That Could Expose Sensitive Data *

Actively Exploited Chromium Vulnerability Puts Chrome and Edge Users at Risk *

Microsoft Discloses Windows CTFMON Zero-Day Enabling Local Privilege Escalation Attacks *

Proto6 Vulnerabilities in protobuf.js Enable RCE and DoS Attacks in Node.js Environments *

Hackers Use Fake Utility Downloads to Deliver Malware Through Trojanized Software *

U.S. Military Networks Face Expanded Targeting From China-Linked JDY Botnet *

Tax-Themed Phishing Emails Deploy Fileless Malware on Windows Systems *

Langflow Path Traversal Vulnerability Enables Unauthenticated Remote Code Execution *

RoguePlanet Zero-Day Exploits Microsoft Defender to Gain SYSTEM Privileges *

Malicious dbmux npm Releases Exploit Developers Through Supply Chain Attack *

Unauthorized Access Incident Linked to Exploited ServiceNow Security Flaw *

OpenClaw AI Agent Credential Leakage Vulnerability Enables Sensitive Data Exposure *

Android.MagicAd Malware Evades Security Measures to Deliver Persistent Background Ads *

Critical Vulnerability in Veeam Backup Servers Allows Authenticated Remote Code Execution *

Apple Introduces AI-Powered Feature to Automatically Replace Compromised Passwords *

The Hidden Security Risk in Modern Enterprise Browsers: AI Browser Extensions *

Microsoft Patch Tuesday Security Advisory – June 2026 *

Account Hijacking Attack Compromises French Government Messaging Platform *

NFCShare Android Malware Distributed via Fake Banking App Updates *

SAP June 2026 Security Updates Address Multiple Critical Vulnerabilities Across Enterprise Products *

LiteLLM Command Injection Vulnerability (CVE-2026-42271) Actively Exploited, Can Lead to Unauthenticated Remote Code Execution *

Critical Linux Kernel Flaw Enables Root Access Across Systems *

Google Releases Emergency Fix for Actively Exploited Chrome Zero-Day Vulnerability *

Fake Parsimonious Python Package Used to Distribute Malware *

Cybercriminals Use Fake Security Tool Websites to Distribute Malware *

Cisco SD-WAN Flaw Under Active Exploitation *

New Analysis Reveals VECT 2.0 Ransomware Causes Permanent Data Damage *

Critical Microsoft Edge Vulnerabilities Could Lead to Remote Code Execution *

UniFi OS Server Authentication Bypass and Command Injection Chain Enables Unauthenticated RCE to Root *

Fortinet Flaws, AI Tools, and Custom C2 Framework Exploited in Large-Scale Intrusion Campaign *

Pink Hacking Group (CL-CRI-1147) Targets Enterprises to Steal Cloud Credentials and Conduct Data Extortion *

VerdantBamboo BSD Variant of BRICKSTORM Targets Linux Appliances *

New Lucid Stealer Malware Targets 18 Browsers, Crypto Wallets, and Discord Tokens with Hidden Remote Access Capability *

Critical Vulnerability in Check Point VPN Products Enables Unauthorized Remote Access *

VMware NSX Vulnerabilities Expose Administrators to Stored XSS Attacks *

Lucid Stealer Expands Capabilities with Integrated Remote Access and Credential Theft *

Dell RecoverPoint for Virtual Machines Zero-Day Vulnerability (CVE-2026-22769) Exploited for Root-Level Persistence *

Vishing and Physical Intrusions Drive UNC3753s Latest Extortion Campaign *

Meta AI Support Hack Leads to 20,000+ Instagram Account Takeovers *

Threat Actors Exploiting Linux Kernel cgroups Vulnerability to Gain Root Access *

CISA Alerts Organizations to Actively Exploited SolarWinds Serv-U Vulnerability *

Hugging Face Transformers Flaw Enables Remote Code Execution *

ActiveMQ Security Gaps Allow Exploitation via Malformed JMS Properties and Overly Permissive Management APIs *

OP-512 Threat Cluster Targets Microsoft IIS Servers with Custom Web Shell Framework *

Fortinet Flaws, AI Tools, and Custom C2 Framework Exploited in Large-Scale Intrusion Campaign *

Android Spyware Asin Targets Arabic-Speaking Users Through Fake News, PDF, and War Map Apps *

Critical Claude Code Flaw Allows Complete GitHub Repository Takeover *

KMW CCTV Authentication Bypass Vulnerability (CVE-2026-5386) Enables Unauthorized Access to Surveillance Feeds *

Critical StrongDM Vulnerability Enables Authentication Token Theft and Session Reuse *

Mustang Panda Uses Multi-Stage LNK and PowerShell Chain to Deliver PlugX RAT *

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm *

Foreign Spyware Campaign Targets Phones of Senior Russian Officials *

Operation XENOFISCAL: SideCopy Targets Afghan Government with Xeno RAT *

Critical Oracle WebLogic Flaw Added to CISA KEV Catalog Amid Active Exploitation *

Brute-Force Attack Targets Dashlane Users, Encrypted Vaults Accessed *

Android Zero-Day Vulnerability Actively Exploited in the Wild *

Severe Magento Cache Plugin Vulnerability Allows RCE Attacks *

Analysis of the June 2026 npm Supply Chain Compromise *

IBM WebSphere RCE Vulnerability Allows Code Execution Through Crafted Requests *

Critical MCP Toolbox Flaw Exposes Enterprise Database Systems to Attack Risk *

Spear-Phishing ZIP Files Serve as Initial Vector for Complex Rust-Based Malware Execution Chain *

Magento Cache Plugin Vulnerability Enables Arbitrary File Read and Information Disclosure *

Attackers Leverage Docker and Kubernetes Misconfigurations to Compromise Host Systems *

Critical Plesk Vulnerability (CVE-2025-66430) Allows Root-Level Privilege Escalation *

Malicious npm Package Targets OpenAI Codex Users by Stealing Authentication Tokens *

Iranian Threat Actors Exploit AppDomainManager Hijacking to Bypass EDR Defenses *

Windows 11 KB5089573 Released With Performance Enhancements and Critical Reliability Fixes *

AI-Powered Cyber Threat: GREYVIBE Uses ChatGPT and Gemini to Fuel Cyberattacks *

Microsoft Clarifies “Nightmare-Eclipse” Zero-Day Disclosure Controversy *

PHP Developers Targeted in New Famous Chollima Malware Operation *

Hackers Exploit WP Maps Pro Bug to Gain Full Admin Access on WordPress Sites *

Iran-Linked Hackers Deploy Destructive Wiper Malware Against Critical Infrastructure *

Security Vulnerability in Instagram Meta AI Reportedly Enables Account Password Resets *

Critical Patch Alert Windows Netlogon RCE CVE-2026-41089 Actively Exploited in Wild *

SideCopy Uses Fileless Malware Chain to Compromise Afghan Finance Officials *

Palo Alto Networks Warns of Active Exploitation of CVE-2026-0257 *

JINX 0164 Leverages LinkedIn Based Social Engineering to Deliver macOS Infostealer and CICD Supply Chain Malware *

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks *

Ransomware Abuses Scheduled System Tasks to Evade Detection and Encrypt Systems *

Dutch Authorities Disrupt Massive Malware Botnet with 17 million infected devices *

Malicious Sicoob NuGet Package Steals Banking Credentials from Developer Environments *

Charter Communications Breach Leaks Data of 4.9 Million Customers in ShinyHunters Attack *

Samba RCE Vulnerability Allows Remote Code Execution on Linux Servers *

Seedworm Hackers Leverage Signed Security Binaries in DLL Sideloading Campaign *

Zapocalypse Exploit Chain Risks Complete Zapier Account Compromise *

Fortinet Researchers Uncover Evasive PureLogs Infostealer Targeting Browsers, Crypto Wallets, and VPN Credentials *

World Cup Fans Targeted by GHOST STADIUM Through Fraudulent FIFA Ticketing Platforms *

VaultJacking Attack Puts Google Users at Risk *

Carnival Corporation Detects Unauthorized Activity Leading to Mass Data Breach Disclosure *

How SIEM Helps MSPs Reduce Alert Noise and Respond to Threats Faster *

New Zero-Day Vulnerability in Gogs Allows Remote Code Execution *

Romanian Hacker Sentenced for Breaching Oregon Government Network *

VIP Keylogger Malware Campaign Targets Windows Users Through Phishing Attacks *

ClearFake Campaign Abuses BSC Testnet Smart Contracts to Conceal Malware Infrastructure *

Roundcube Webmail Security Update Fixes Critical Pre-Authentication SQL Injection Flaw *

Veeam Backup & Replication Critical Vulnerabilities Allow Remote Code Execution *

GitHub Releases Enterprise Server 3.20.3 to Patch Severe Flaws *

Grandoreiro Banking Malware and BTMOB Android RAT Intensify Global Attacks *

Iran-Linked MuddyWater Launches Global Cyber Espionage Campaign *

Microsoft Patches Critical Windows Kernel Flaw CVE-2026-40369 Enabling SYSTEM Privilege Escalation *

Gitea Vulnerability Exposes Private Repository Data Through Authorization Bypass *

BTMOB Malware Targets Android Phones with Remote Access Capabilities *

BadHost Vulnerability Exposes Sensitive AI Agent Server Infrastructure *

AI Chatbot Suggestions Found Redirecting Users to Cryptojacking Malware Platforms *

Stealer Backdoor Found in Malicious npm Packages Targeting Developer Systems *

New Windows Security Flaws Expose Systems to SYSTEM-Level Access *

Zero-Click Exploit Chain Hijacks WhatsApp Accounts on Vulnerable iOS 16 Devices *

Glassworm Malware Campaign Targets Developers Through npm, PyPI, GitHub, and VS Code Extensions *

Microsoft Defender for Endpoint Automatic Device Isolation (Preview) Strengthens Enterprise Threat Containment *

Quasar Linux RAT Targets Developers With Stealthy Fileless Supply Chain Attacks *

Security Weakness in Apache CXF May Lead to LDAP Injection *

Silent Supply Chain Attack Through Malicious Go Module Typosquat *

New Vulnerability in Microsoft SharePoint Server Exposes Systems to RCE Attacks *

Memcached SASL Authentication Vulnerability (CVE-2025-46818) Enables Remote Code Execution *

Hackers Use SEO Poisoning to Impersonate Gemini CLI and Deliver Malware *

Critical Flaws in Angular Language Service Extension Could Enable Remote Code Execution *

NightSpire Ransomware Exploits RDP Access to Target Global Organizations *

Payload Ransomware Uses Advanced Encryption to Disrupt Enterprise Networks *

Phishing-as-a-Service Campaigns Abuse RCS and iMessage for Real-Time MFA Bypass *

Critical 7-Zip Memory Corruption Flaws Allow Remote Code Execution and Data Exposure *

PuTTY 0.84 Security Update Fixes SSH Key Exchange Crash and Telnet Prompt Spoofing Issues *

Cisco Fixes Critical CVSS 10.0 Secure Workload REST API Vulnerability Allowing Unauthorized Data Access *

InvisibleFerret Malware Uses .pyd and .so Modules to Bypass Script-Based Detection Mechanisms *

Supply Chain Attack Conceals Linux Malware Under Fake SSH Process *

Telegram-Facilitated MaaS Ecosystems Power Cross-Border Money Mule Laundering Operations *

Laravel Language Packages Hijacked to Deploy Credential-Stealing Malware *

Dutch Authorities Seize 800 Hosting Servers Allegedly Used to Facilitate Cyberattacks *

Iranian APT Uses SEO Poisoning and Fake VPN Installers to Deploy Malware *

Local Persistence of WhatsApp Conversations in Unencrypted Storage on macOS and iOS *

SonicWall Firewall Management Interface Scanning Surge Raises Exploitation Concerns *

Threat Actors Impersonate Gemini CLI and Claude Code to Deliver Fileless PowerShell Infostealer *

Ghost CMS SQL Injection Flaw Exploited in ClickFix Campaign *

Iran-Linked MiniUpdate RAT Campaign Targets Critical Industries *

Underminr Technique Abuses Shared CDNs to Bypass Security Defenses *

Hackers Exploit Azure RBAC Misconfigurations to Escalate Privileges and Access Critical Cloud Resources *

Stealthy npm Lifecycle Malware Targets PHP Composer Ecosystem *

Packagist Supply Chain Attack Targets PHP Development Ecosystem *

Hackers Target npm, PyPI, and Crates with 34 Compromised Packages *

Cybercriminals Exploit F5 BIG IP Weaknesses to Target Enterprise Infrastructure Networks *

Ubiquiti Releases Emergency Patches for Critical UniFi OS Vulnerabilities *

Active Exploitation of CVE-2026-48172 Threatens Shared Hosting Servers *

PyrsistenceSniper Detects 117 Malware Persistence Techniques Across Windows, Linux, and macOS *

Apple App Store fraud prevention systems stop $11B in malicious transactions over six years *

Trend Micro Apex One Zero-Day (CVE-2026-34926) Exploited in Active Attacks *

Drupal Critical SQL Injection Vulnerability (CVE-2026-9082) Under Active Exploitation *

Megalodon Attack Abuses CI-CD Pipelines Across 5,561 GitHub Repositories *

Android Malware Campaign Exploits Carrier Billing to Enroll Users in Premium Services *

KimWolf DDoS Botnet Operator Arrested Following Global Investigation *

Kali365 Targets Microsoft 365 Users Through Advanced Phishing Campaign *

Splunk Fixes Multiple Vulnerabilities Enabling DoS and Data Exposure *

New NGINX RCE Vulnerability “nginx-poolslip” Raises Global Security Concerns *

Critical Apache OFBiz Vulnerabilities Allow Password-Change Bypass and Remote Code Execution Exploit *

Thousands of GitHub Projects Targeted in Fast-Moving CI CD Backdoor Attack *

AI-Assisted Phishing Campaign Targets U.S. Organizations Through Fake Event Invitations *

Critical Chrome Vulnerabilities Enable Remote Code Execution *

TamperedChef Campaign Uses Trojanized Productivity Apps for Malware Distribution *

Linux Kernel Vulnerability Enables Container Escape and Privilege Escalation *

Security Advisory | ShowBoAT Linux Malware Targets Middle Eastern Government and Critical Infrastructure Sectors *

Telcos Targeted by Chinese Hackers Using New Linux and Windows Malware *

Drupal Core Security Vulnerability Enables Denial-of-Service Attacks Through Comment Module *

Microsoft Defender Flaws Under Active Zero-Day Exploitation *

GitHub Internal Repositories Breached via Poisoned VS Code Extension *

Fake Microsoft Teams Downloads Deliver ValleyRAT Malware *

Cyber Attacks Force Nucor to Halt Steel Production *

ExifTool CVE-2026-3102 Exposes macOS Systems to Command Injection Attacks *

Dark Web Data Brokers Mislead Organizations Using Fabricated Corporate Breach Claims *

WantToCry Ransomware Abuses SMB for Remote Encryption *

TeamPCP Supply Chain Attack Compromises Microsoft DurableTask Python Client *

Single-Character Go Package Typosquat Exploited to Deliver DNS-Based Backdoor Malware *

Gremlin Stealer Uses Telegram Dead Drop Resolver to Conceal C2 Infrastructure *

FreePBX Vulnerability Allows Unauthorized Access to User Portals *

Webworm Malware Campaign Leveraging Discord and Microsoft Graph API for Covert C2 Operations *

Trapdoor Malvertising Campaign Exploits 455 Android Apps for Massive Ad Fraud Operations *

Microsoft Exchange Server Spoofing Vulnerability (CVE-2026-42897) Exploited via Crafted Emails *

Critical NGINX Rift Vulnerability Exposes Servers to RCE and DoS Attacks *

Pardus Linux Vulnerability Chain (CVE-2026-5140) Enables Full Root Privilege Escalation *

The Gentlemen Ransomware Emerges as a Major Cross-Platform Cyber Threat *

New macOS Malware Uses Fake Google Update Mechanism for Persistence *

INTERPOL Dismantles Major Scam and Malware Networks *

GitHub Investigates Claimed Source Code Theft by TeamPCP *

UAC-0184 Uses BITSAdmin and Multi-Stage Loaders to Deliver Remcos RAT *

Fake Google Update Campaign Delivers Malware Through Compromised Websites *

Microsoft Edge Password Handling Flaw Exposes Stored Credentials in System Memory *

Exploit Released for Newly Discovered DirtyDecrypt Linux Privilege Escalation Vulnerability *

53 Malware and Phishing Servers Seized by INTERPOL’s Operation Ramz *

PostgreSQL Security Updates Patch Multiple High-Severity Vulnerabilities Across Versions 14–18 *

Four-Faith Router Flaw Actively Exploited for Global Botnet Recruitment *

Critical Entra ID Flaw Enabled Service Principal Hijacking *

JavaScript Malware Campaign Drops Crypto Clipper via PowerShell *

Critical Marimo Vulnerability Enables Remote Code Execution *

Attackers Abuse VS Code Marketplace to Spread Backdoor via Nx Console Extension *

Multiple Critical Vulnerabilities in n8n Lead to Full RCE Risk *

FunnelKit Flaw Puts WooCommerce Stores at Risk *

Mythos Introduces Automated PoC Exploit Creation for Vulnerability Research *

OtterCookie Malware Steals Developer Secrets, SSH Keys, Cloud Credentials, and API Tokens *

Hackers Exploit Cloudflare Storage Services to Steal Network Files *

Paper Werewolf APT Campaign Uses Fake Adobe Installer to Deploy EchoGather RAT *

New Gremlin Stealer Iteration Uses In-Memory Decryption of .NET Resource Payloads for Evasion *

Gamaredon Deploying GammaDrop and GammaLoad Through Phishing Attacks *

Four Malicious npm Packages Deliver Credential-Stealing Malware Across Developer Environments *

Critical macOS M5 Vulnerability Chain Enables Full Root Access *

WordPress Plugin Vulnerability Exposes Websites *

PureLogs Infostealer Campaign Using PNG Steganography *

Fast16 Malware Used for Nuclear Weapons Simulation Sabotage Prior to Stuxnet *

Critical n8n Security Flaws Enable Remote Code Execution and Credential Exposure *

Avada Builder Vulnerabilities (CVE-2026-4782 & CVE-2026-4798) Expose Over One Million WordPress Sites *

Tycoon 2FA Exploits OAuth Device Code Flow *

Apple M5 Security Breach Demonstrates AI’s Growing Role in Cyber Exploitation *

VPN Bypass Issue in Android 16 Can Leak Users’ Actual IP Addresses *

Malicious JPEG Files Exploit Critical PHP Memory Safety Vulnerabilities *

Grafana Labs GitHub breach caused by CI and CD misconfiguration enabling token theft *

JDownloader Website Breach Distributes Malicious Installers to Windows and Linux Users *

OpenClaw Vulnerabilities Permit Sandbox Bypass and Credential Exfiltration *

TanStack Supply Chain Attack Impacts OpenAI Employee Devices and Triggers macOS Certificate Rotation *

Gunra Ransomware’s Double-Extortion Campaign Targets Global Enterprises *

Developer Secrets Targeted by Stealer Backdoor in 3 Node-IPC Versions *

High-Severity SQL Injection Vulnerabilities Affect Amazon Redshift Database Drivers *

Pwn2Own Berlin 2026 Exposes Critical Zero-Day Flaws in Microsoft, NVIDIA, and AI Platforms *

Multiple Security Flaws in cPanel Put Hosting Environments at Risk *

Microsoft Exchange Server XSS Vulnerability Under Active Exploitation *

NGINX Vulnerability Allows Remote Code Execution *

TencShell Malware Exploits Screen Control and UAC Bypass in Advanced Cyberattack *

Microsoft Enhances Vulnerability Detection with MDASH AI System *

Critical Cisco SD-WAN Vulnerability Allows Remote Attackers Administrative Access, Threatens Network Security *

WordPress Plugin Flaw Puts 200,000+ Sites at Risk *

Malicious npm Package Versions Target AWS, Azure, GitHub, and SSH Secrets *

Fragnesia CVE-2026-46300 Linux Kernel LPE Exploits Page Cache Corruption for Root Access *

Sandworm Shifts from IT Breaches to Misconfigured Edge Devices in Critical Infrastructure Attacks *

PraisonAI Authentication Bypass Vulnerability (CVE-2026-44338) Enables Unauthorized Access to AI Agent Platform *

Critical Vulnerability in Windows DNS Client Enables Remote Code Execution *

New Exim Security Flaw Risks Remote Code Execution on Email Servers *

Chinese APT Exploits Microsoft Exchange Server Vulnerabilities for Large-Scale Cyber Espionage *

Attackers Can Exploit MongoDB Vulnerability for Unauthorized Code Execution *

Composer Vulnerability Leaks GitHub Actions Tokens Through CI Logs in PHP Projects *

Fortinet and Cisco Edge Devices Under Active Exploitation *

Android 17 AI-Powered Security Protects Smartphones Against Fraud, Malware, And Evolving Cyber Threats *

Signal Rolls Out New Warnings Against Social Engineering Threats *

Fortinet Releases Urgent Security Updates for Critical RCE Flaws *

UK Slaps $1.3M Fine on Water Supplier Over Massive Data Breach *

GemStuffer Campaign Abuses RubyGems Packages to Exfiltrate U.K. Council Portal Data *

Android Intrusion Logging Feature Enhances Spyware Forensics on Android Devices *

Foxconn North American Factory Cyberattack Linked to Nitrogen Ransomware Group *

Repeated Exploitation of Microsoft Exchange Impacts Azerbaijani Energy Firm *

Microsoft Patch Tuesday Security Advisory – May 2026 *

Infostealer Malware Increasingly Linked to Enterprise Credential Compromise *

Global Enterprises Targeted in BYOVD-Based Ransomware Attacks *

Microsoft Teams Spoofing Vulnerability Impacts Android Enterprise Communications *

Cybercriminals Abuse Fake FinalShell and Xshell Downloads for Malware Delivery *

Microsoft Windows 11 Cumulative Security Updates Address Multiple Vulnerabilities Across Supported Versions *

Cushman & Wakefield Reports Data Breach Impacting Over 310,000 Accounts *

Instructure Pays Ransom Following Threat of Massive Canvas Data Exposure *

Critical Claude Chrome Extension Flaw Enables Silent Data Theft from Google Services *

RubyGems Under Active Attack as Harmful Packages Flood Repository *

Zoom Workplace and Zoom Rooms Vulnerabilities Enable Privilege Escalation Attacks *

iOS 26.5 Introduces End-to-End Encrypted RCS Messaging for iPhone and Android *

Attackers Abuse Vercel AI Platform for Mass Phishing Site Generation *

SAP S4 HANA SQL Injection Vulnerability Enables Unauthorized Database Access *

Mini Shai-Hulud Attack Targets CI/CD Pipelines Across Major Dev Ecosystem *

Fake TronLink Chrome Extension Steals TRON Wallet Credentials Through Dynamic Phishing *

Magecart Campaign Exploits Google Tag Manager for Stealth Credit Card Theft *

Cline AI Agent Vulnerability Enables Remote Code Execution Attacks *

OpenAI Daybreak Uses GPT-5.5 Cyber Models to Strengthen Enterprise Vulnerability Management *

Nexcorium DDoS Malware Leveraging TBK DVR Flaw (CVE-2024-3721) *

Fake JPEG Launches Fileless Intrusion Chain Using Trojanized ScreenConnect *

PureRAT Conceals PE Payloads Inside PNG Files for Fileless Attacks *

Critical RCE Flaw in Weaver E-cology Puts Enterprise Systems at Risk *

NVIDIA Reports GeForce User Data Exposure Incident *

Google Detects First AI-Generated Zero-Day Cyber Exploit *

Windows SMB File Shares Vulnerable to Encryptionless GhostLock Attacks *

Critical PHP SOAP Extension Vulnerability Enables Remote Code Execution *

Microsoft 365 Copilot Vulnerabilities Could Expose Sensitive Organizational Data *

GhostLock Attack Exploits Windows SMB Exclusive File Handles to Execute File-Locking DoS Disruption Without Encryption *

Ollama Out-of-Bounds Read Vulnerability (CVE-2026-7482) Enables Remote Process Memory Leak *

Sandboxie Escape Vulnerability Leads to SYSTEM-Level Privilege Escalation *

ODINI Malware Uses CPU-Generated Magnetic Signals to Exfiltrate Data from Air-Gapped Systems *

TrickMo Android Banking Malware Uses TON Blockchain for Stealthy Communications *

Malicious Hugging Face Repository Distributes Rust-Based Info Stealer via Fake OpenAI Model *

macOS Malware Campaign Uses Google Ads and Claude Shared Chats for Payload Delivery *

ODINI Malware Uses Magnetic Fields to Steal Data from Isolated Systems *

Cybercriminals Use AI to Intensify Attacks Across African Sectors *

OpenClaw Malware Campaign Distributes Fake Installers and Infostealer Payloads *

Stealthy Vidar Infostealer Infection Chain Targets Credentials Using Fake Activation Tools *

Germany Shuts Down Rebooted Crimenetwork Dark Web Marketplace *

Hackers Weaponize JDownloader Downloads With RAT Malware *

TCLBANKER Malware Spreads via WhatsApp and Outlook Worms *

Zara breach exposes support tickets and order metadata after BigQuery cloud compromise *

Trellix Source Code Repository Breach Linked to RansomHouse Hackers *

Fake Call History Apps Scam Campaign Targets Android Users Through Fraudulent Google Play Apps *

React Server Components Next.js Vulnerabilities Expose Applications to RCE and DoS Attacks *

Attackers Abuse Signed Logitech Installer to Deploy TCLBANKER Malware *

Dirty Frag Linux Kernel Vulnerability Enables Root Privilege Escalation Across Major Distributions *

Grok and Bankrbot Exploited Through AI Prompt Injection Leading to Crypto Theft *

Rancher Fleet Vulnerability Exposes Kubernetes Clusters to Full Admin Takeover *

New Banking Trojan TCLBanker Uses WhatsApp and Outlook for Automated Spread *

ACSC Alerts Organizations to ClickFix Malware Campaign Delivering Vidar Stealer *

Critical Spring Cloud vulnerabilities expose enterprise systems to severe cyberattack and data breaches *

Day Zero Readiness: Closing the Gaps That Cripple Incident Response *

VoIP Infrastructure Becomes Key Tool in Modern TOAD Scam Operations *

Ollama Vulnerability Exposes Servers to Unauthorized Access and Model Abuse *

Android Spyware Campaign Abuses Fake Call Log Apps to Harvest Payment Data from Millions *

MuddyWater Chaos Campaign Exploits Microsoft Teams for Credential Theft and Data Exfiltration *

Ivanti Endpoint Manager Mobile Zero-Day Vulnerability Exploited in Active Attacks *

Multiple Critical vm2 Vulnerabilities Enable Remote Code Execution Attacks *

Malicious Google Ads Used to Hijack GoDaddy ManageWP Credentials *

Multiple Redis Flaws Raise Serious Remote Exploitation Concerns *

Google Chrome 148 Security Update Fixes 127 Vulnerabilities Including Critical Memory Corruption Flaws *

Malicious NuGet Packages Target .NET Cryptocurrency Developers *

Cisco Network Flaw Exposes Devices to Denial-of-Service Attacks *

Palo Alto Networks Warns of Actively Exploited PAN-OS Remote Code Execution Flaw *

MuddyWater Chaos Campaign Exploits Microsoft Teams for Credential Theft and Data Exfiltration *

China-Linked UAT-8302 Expands Global Cyber-Espionage Campaign Using Shared APT Toolsets *

Google Expands Android Binary Transparency to Prevent Supply Chain Attacks *

Chaos RaaS Emerges After BlackSuit Takedown, Continuing Double Extortion OperationsChaos ransomware has surfaced shortly after the takedown of the BlackSuit operation, indicating a rapid regrouping of threat actors. The new ransomware-as-a-service (R *

Stealthy C2 Communications via QUIC and WebSockets in Salat Malware *

Calendar Phishing Campaign Abuses Event Invites for Credential Theft *

Critical Fanwei E-cology10 Flaw Enables Session Hijacking and Credential Theft *

Argo CD Vulnerability (CVE-2026-42880) Exposes Kubernetes Secrets from etcd Clusters *

Severe Zero-Auth Issue Allows Unauthorized Cross-Tenant Access at DoD Contractor *

Ransomware Affiliate Convicted for Coordinating Double-Extortion Attacks *

Email Data of 119K Users Exposed in Vimeo Third-Party Breach *

OpenClaw Malicious Skills Campaign Targets Agentic AI Ecosystem *

Salesforce Marketing Cloud Vulnerabilities Enable Cross-Tenant Email Data Exposure *

Developers Targeted by QLNX Malware in Credential Theft Operations *

Multi-Stage AiTM Phishing Attack Targets 35,000 Users with Code-of-Conduct Lures *

Cerberus Anti-theft Identified as Stalkerware Leveraging Google Firebase for Remote Control *

WhatsApp Vulnerability Allows Malicious URL Execution via Instagram Reels *

Trojanized DAEMON Tools Updates Used to Deploy Advanced Multi-Stage Cyberespionage Malware *

ScarCruft Campaign Delivers BirdCall Android Malware via Fake Game Platforms *

CloudZ Malware Exploits Microsoft Phone Link to Intercept SMS and One-Time Passwords *

Personal information of 119,000 users exposed in Vimeo data breach *

Code-of-Conduct Phishing Campaign Uses AiTM to Bypass MFA and Compromise Accounts *

Fake Notepad++ for macOS Campaign Exploits Brand Trust to Deliver Malware *

Compromised Gaming Site Used to Distribute BirdCall Spyware on Android Devices *

Zero-Click Android Vulnerability in adbd Grants Remote Command Execution *

Apache HTTP Server Remote Code Execution Vulnerability *

Severe Security Issues in Qualcomm Chipsets Enable Remote Code Execution *

Authorities Shut Down 9 Crypto Fraud Hubs in Massive International Crackdown *

Cisco Strengthens AI Supply Chain Security with Model Provenance Kit *

Amazon SES Exploited by Phishing Campaigns to Bypass Detection Mechanisms *

Mass Facebook Account Hijacking Campaign Uncovered *

AI Hackers Now Discover 0-Days Faster Than Humans Can Respond *

Critical RCE Vulnerability in Weaver E-cology Exploited Before Public Disclosure *

Unauthorized Repository Access Leads to Source Code Exposure at Trellix *

Silver Fox Leverages RustSL Loader to Deliver ValleyRAT and ABCDoor via Tax-Themed Phishing Campaigns *

Canvas LMS Data Breach Confirmed Following ShinyHunters Claim *

Bluekit Phishing Kit Streamlines End-to-End Attacks with Automation and MFA Bypass *

Critical Vulnerabilities in Apache MINA Allow Remote Code Execution Attacks *

Microsoft Defender Misidentifies DigiCert Certificates as Trojan:Win32/Cerdigent.A!dha *

FreeBSD DHCP Client Vulnerability Enables Remote Code Execution *

Email Bombing and Fake IT Support Phishing Attack Targets Enterprises Globally *

Trellix Source Code Breach Raises Supply Chain Security Concerns *

MOVEit Transfer and Cloud Vulnerability Allows Authentication Bypass Attacks *

Hackers Inject Malware into SAP npm Packages to Exfiltrate Secrets *

Artificial Intelligence Accelerates Zero-Day Discovery and Threat Execution *

Telegram Mini Apps Exploited for Crypto Scams and Malware Delivery *

ConsentFix v3 automated OAuth phishing attack targeting Microsoft Azure environments *

Instructure Confirms Data Breach Following Claimed Attack by ShinyHunters *

Windows 11 Update Gives Admins Full Control Over Default App Removal *

Cybercriminals Can Now Rebrand and Resell Android Spyware with Ease *

Enhancing Threat Intelligence Workflows with Criminal IP and Securonix Integration *

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines to Steal Credentials *

Multiple Vulnerabilities in Exim mail server Enable Crashes Through Malicious DNS Data *

PyTorch Lightning Supply Chain Attack via PyPI Package Compromise *

China-Linked Cyber Espionage Campaign Targets Asian Governments and NATO Entity *

ShadowPad Malware Campaign via WSUS Exploit *

DeepDoor RAT Exploits Windows Systems to Steal Credentials and Maintain Persistent Access *

Wireshark Vulnerabilities Causing Denial-of-Service Risks *

AI-Powered Ransomware Surge Hits 7,831 Victims Worldwide *

SMS Pumping Scam Hidden Behind Fake CAPTCHA Tricks Users *

Wireshark Update Fixes Critical Code Execution and DoS Vulnerabilities *

The First 24 Hours of Exposure How Attackers Find and Exploit New Assets *

Stealth Python Backdoor Abuses Tunneling Service to Steal Browser and Cloud Credentials *

Critical zero-day vulnerability in cPanel & WHM actively exploited, PoC released *

Python-Based Fileless Backdoor Uses Public Tunneling Service for Stealthy Credential Exfiltration and Remote Access *

Phoenix PhaaS Platform Enables Large-Scale Smishing Campaigns *

Critical “Copy Fail” Vulnerability in Linux Enables Full Root Access on Widely Used Systems *

ProFTPD SQL Injection Vulnerability (CVE-2026-42167) *

Multiple SonicOS Vulnerabilities Threaten Firewall Integrity and Availability *

ASUSTOR ADM Vulnerability (CVE-2026-6644) Enables Root Command Execution via PPTP VPN Feature *

Compromised WordPress Plugin Delivers Silent Payloads Through Update Checker *

Jenkins Patches Multiple Vulnerabilities Allowing Denial-of-Service and Information Disclosure Attacks *

Attackers Abuse Qinglong Task Scheduler RCE Vulnerabilities for Cryptomining *

Lazarus Group Targets macOS with Mach O Man Malware *

Supply-Chain Attack Targets SAP npm Ecosystem to Exfiltrate Secrets *

Arbitrary Code Execution via AI Agent Interaction with Malicious Git Repositories in Cursor IDE *

Lazarus macOS Malware Campaign (“Mach-O Man”) Targets High-Value Users *

CISA Alerts on Active Exploitation of ConnectWise ScreenConnect Vulnerability *

NVIDIA FLARE SDK Critical Vulnerability Enables Authentication Bypass and Potential Full System Compromise *

Spring AI Vector Stores Impacted by Injection Vulnerabilities (CVE-2026-40967 & CVE-2026-40978) *

Cursor AI Vulnerability (CVE-2026-26268) Enables Silent Remote Code Execution via Malicious Repositories *

BlueNoroff Fileless PowerShell Campaign Targets Organizations with Stealthy Malware Execution *

SlotAgent Malware Campaign Hides API Calls to Evade Detection and Steal Credentials *

Emerging BlobPhish Threat Uses Blob URLs to Deliver Fileless Phishing Pages *

Chrome Update Fixes Critical Vulnerabilities Leading to RCE Exploitation *

Urgent cPanel Update Addresses Critical Access Control Flaw *

Vimeo Confirms User Data Exposure Following Anodot Security Breach *

LofyGang Returns with Minecraft ‘Slinky’ Hack to Spread LofyStealer Malware *

Critical GitHub Flaw (CVE-2026-3854) Enables Remote Code Execution via Single Git Push *

Checkmarx Verifies GitHub Data Breach Linked to LAPSUS$ Hackers *

Zero-Window Reality: Building Resilience After Mythos *

Teen Hacker Linked to Scattered Spider Arrested in Global Cybercrime Case *

Silver Fox Malware Campaign Targets Users via Trojanized Installers and Phishing Lures *

Windows Shell Vulnerability (CVE-2026-32202) Actively Exploited in the Wild *

Critical Flaw in Hugging Face LeRobot Exposes Systems to Remote Code Execution *

Multiple RCE Vulnerabilities in Apache Camel Threaten Critical Integration Systems *

VECT 2.0 Ransomware Acts as a Data Wiper, Causing Irreversible File Destruction *

Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally *

Critical Flaw in Notepad++ Find Feature Can Crash Application, Leak Memory Data *

Fake Banking KYC Android Malware Campaign Exploits WhatsApp to Hijack Accounts *

PyPI Package Compromise Distributes Malware to Steal Environment Variables and Credentials *

Sandworm Campaign Leverages SSH-over-Tor for Covert Persistent Access *

Windows RDP Bitmap Cache Exposes Sensitive Session Data to Attackers *

Serious LiteLLM Bug Enables Unauthorized Database Access via SQL Injection *

Security Experts Reveal Early ‘fast16’ Malware Attacks on Engineering Software *

Chinese Hacker Extradited to U.S. for Silk Typhoon Cyberespionage Attacks *

European Commission Proposes New Rules to Make Google Share Search Data With Competitors Under Digital Markets Act *

Microsoft Gives Enterprises Power to Disable Copilot in Windows 11 *

Surge in Social Media Scams Drives Billions in Losses, FTC Warns *

Medtronic Confirms Data Breach Following Hackers’ Claim of 9 Million Records Stolen *

Linux ELF Malware Generator Evades Machine Learning Detection Using Semantic-Preserving Transformations *

Multi-Stage Malware Campaign Uses Obfuscation and Trusted Services for Evasion *

Bitwarden CLI Compromise Incident Raises Supply Chain Security Concerns *

Malware Spread Through Fake Income Tax Notices *

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks *

73 Malicious VS Code Extensions Discovered Spreading GlassWorm v2 Malware *

ClickFix Variant Uses Native Windows Tools for Stealth Malware Execution *

Vidar Malware Hides Second-Stage Payloads in JPEG and TXT Files to Avoid Detection *

Microsoft Store App Under Fire for Silent Data Exfiltration Activities *

Nessus Agent Vulnerability on Windows Enables Privilege Escalation *

Malware-Laced Excel Attacks Target Pharma Sector *

Cybersecurity Alert Vibing Malware Like Behavior in Productivity App *

Carlson VASCO-B GNSS Vulnerability (CVE-2026-3893) Allows Unauthorized Remote Control of Critical Functions *

Microsoft Confirms Outlook.com Disruption Impacting Email Services *

Attackers Exploit Multiple Bugs to Compromise CODESYS Applications *

Pentest AI Agents Toolkit Enhances Offensive Security Workflows *

Metabase Enterprise RCE Vulnerability Exploited with Publicly Available Proof-of-Concept *

Critical Privilege Escalation Flaw in Microsoft Entra ID Agent Identity Platform *

CISA Flags Four Actively Exploited Vulnerabilities, Orders Federal Action by May 2026 *

Itron Inc. Reveals Cyber Intrusion Affecting Internal IT Network *

Deceptive CAPTCHA Scheme Exploits Users for Premium SMS Fraud *

Attackers Exploit File Upload Vulnerability in Breeze Cache WordPress Plugin *

UNC6692 IT Helpdesk Impersonation via Microsoft Teams Enables Enterprise Malware Deployment *

FIRESTARTER Backdoor Breaches Cisco Firepower, Persists Beyond Security Patches *

UK reports Chinese cyber groups using distributed proxy networks to avoid detection *

NGate Android Malware Variant Exploits NFC via Trojanized Payment App *

Claude Mythos Uncovers 271 Zero-Day Vulnerabilities in Firefox *

Void Dokkaebi Campaign Uses Fraudulent Job Interviews for Malware Delivery *

Python Asyncio Vulnerability (CVE-2026-3298) Enables Out-of-Bounds Write on Windows *

Social Engineering Campaign Exploits Microsoft Teams to Deploy SNOW Malware *

Rituals Confirms Data Breach Impacting Customer Information *

Trigona Ransomware Campaign Leveraging Custom Exfiltration Tool for Data Theft *

GopherWhisper APT Campaign Using SaaS Platforms for Covert C2 *

Microsoft Confirms Microsoft Edge Update Bug Blocking Microsoft Teams Meeting Access *

Bitwarden CLI NPM Package Compromised to Steal Developer Credentials *

Kyber Ransomware Targets Windows and ESXi Systems *

Mirai Operators Abuse D-Link Router Flaw for Botnet Infections *

Caller as a Service Fraud Expands Organized Scam Operations *

New Compromises Surface in Vercel Systems Linked to Context.ai Breach *

GopherWhisper Cyber Espionage Campaign Targets Mongolian Government Systems *

Rituals Reports Data Breach Impacting Customer Information *

Fake TradingView AI Agent Portal is Delivering Needle Stealer Malware through Malicious TradingClaw Site *

Npm Supply Chain Attack Turns Hugging Face into Malware Delivery and Data Exfiltration Hub *

Severe Vulnerability in Pack2TheRoot Leads to Full System Compromise *

Malicious Xinference PyPI Packages Deliver Infostealer Targeting Developer Credentials *

Checkmarx KICS Docker Repository Compromised in Supply Chain Attack *

LMDeploy SSRF Vulnerability (CVE-2026-33626) Actively Exploited to Access Internal Services *

Mozilla Firefox 150 Fixes Critical Use-After-Free Vulnerabilities Enabling RCE *

SmartLoader and StealC Malware Distributed Through 109 Fraudulent GitHub Repositories *

Inside the Rise of Fintech Based Money Mule Operations in France *

Critical Spring Authorization Server Vulnerability (CVE-2026-22752) *

SIM Farm-as-a-Service Operation Spanning 87 Panels Across 17 Countries Exposed *

Severe Bamboo Security Bug Enables Unauthorized Command Execution *

Amazon–Anthropic AI Compute Expansion *

Auraboros RAT: Open C2 Panel Exposes Powerful Spy Toolkit *

Malicious Google Ads Campaign Targets Crypto Users with Wallet Drainers *

CrowdStrike LogScale Vulnerability Exposes Servers to Arbitrary File Read Attacks *

Emergency .NET 10.0.7 Patch Issued by Microsoft for Critical Elevation of Privilege Vulnerability *

Harvester Uses Microsoft Graph API to Deploy GoGra Backdoor on Linux Systems in South Asia *

Namastex Supply Chain Breach Enables CanisterWorm Propagation Across npm and PyPI *

BlueHammer Windows Zero-Day Vulnerability Enables SYSTEM Privilege *

Cyberattack on ANTS Raises Concerns Over Citizen Data Exposure *

CISA Warns of Active Threats Exploiting Cisco Catalyst SD-WAN Manager Vulnerabilities *

Lotus Data Wiper Attack on Venezuelan Energy Sector *

Apache Syncope RCE Vulnerability Enables Unauthorized Remote Code Execution *

Ofcom Investigates Telegram and Other Platforms Over Online Safety Violations *

BlackCat Ransomware Insider Incident *

Microsoft Detects Sapphire Sleet Targeting macOS Through AppleScript and Social Engineering Attacks *

Attackers Exploit GitHub Issue Notifications for OAuth Phishing Targeting Developers *

Reducing Fraud at Every Customer Touchpoint Without Disruption *

Prompt Injection via GitHub Comments Affects Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent *

JanaWare Ransomware Targets Turkish Users Using Customized Adwind RAT *

Windows Snipping Tool Vulnerability Exposes NTLM Hashes via Malicious URI Exploitation *

OAuth Phishing Campaign Exploits Legitimate Authentication Flows to Hijack Accounts *

Gh0st RAT and CloverPlus Deployed in Coordinated Dual-Malware Attack Campaign *

SGLang Remote Code Execution Vulnerability (CVE-2026-5760) via Malicious GGUF Models *

iTerm2 Bug Turns Simple File Viewing into Code Execution Risk *

North Korea-Linked UNC1069 Targets Crypto Professionals via Fake Meetings *

Intel Utility Hijacked via AppDomain to Deploy Stealth Malware *

Android Banking Malware Campaign Targeting Financial Data *

Coordinated Cyber Operations by Iran’s MOIS Hidden Behind Multiple Personas *

Abuse of Microsoft Teams and Quick Assist Enables Enterprise Compromise *

Iranian State Actor Operates Coordinated Cyber Campaign Leveraging Rebranded Threat Clusters *

British Cybercriminal Admits Role in SIM Swap Crypto Theft Attacks *

Reported API Vulnerability in Lovable AI App Builder Exposes Thousands of Projects *

Malware Using Microsoft-Signed Binaries Achieves Persistence and Command-and-Control *

Hackers Using FUD Crypter to Evade Detection and Deploy Malware *

MiningDropper Malware Targets Android Devices with Multi-Stage Payload Delivery *

Claude Opus-Assisted Chrome Exploit Chain Demonstration (CVE-2026-5873) *

Critical Vulnerability in Protobuf Library Allows Arbitrary JavaScript Code Execution *

New Nexcorium Botnet Targets TBK DVR Vulnerability for IoT Attacks *

Trusted Security Organizations Worldwide Gain Access to GPT-5.4-Cyber *

NIST Prioritizes High-Risk Vulnerabilities in Major NVD Policy Shift *

Vercel Security Breach Linked to Third-Party AI Tool and Data Sale Claims *

TP-Link Routers Targeted by Mirai Malware Exploiting CVE-2023-33538 *

Apple Account Alert Abuse Used for Phishing Attacks *

Google Expands Gemini AI to Combat Malicious Ads at Scale *

AI SOC Limitations Highlight Need for Deeper Security Automation *

Email-Borne Worm Threat Wave Targets Industrial Systems via Phishing Campaigns *

Phishing-Delivered Backdoor Worms Drive Elevated ICS Infection Rates Globally *

FortiSandbox Security Flaw Allows Arbitrary Command Execution Following PoC Release *

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Attacks *

Attackers Exploit SEO Poisoning to Install RMM Tool via Trusted Microsoft Executable *

CISA Warns of Active Exploitation of Apache ActiveMQ Vulnerability *

Cisco Webex Flaw Enables User Impersonation Attacks *

JanelaRAT Banking Trojan Targets Latin American Users with Advanced Session Hijacking Techniques *

Malicious Zoom SDK Update Powers Sapphire Sleet Advanced macOS Intrusion Chain *

Critical Flowise Vulnerability Allows Remote Command Execution via MCP Adapters *

Critical Vulnerabilities Exposed in EU Age Verification App *

Cyber-Enabled Cargo Theft Targeting Trucking Industry *

UAC-0247 Attackers Target Hospitals and Governments for Credential and WhatsApp Data Harvesting *

Censys Warns of 6 Million Public-Facing FTP Servers Exposed to Security Risks *

Two U.S. Nationals Sentenced in $5 Million DPRK IT Worker Fraud Scheme *

Banking Malware JanelaRAT Intensifies Attacks Across Latin America *

New ZionSiphon Malware Aims to Disrupt Water Infrastructure Operations *

Operation PowerOFF Uncovers 75K DDoS Users and Dismantles 53 Malicious Domains *

Critical wolfSSL Vulnerability Enables Forged Certificate Acceptance via Weak Signature Validation *

FBI Takedown of W3LL Phishing Network *

AgingFly Malware Targets Ukraine Critical Sectors *

Deterministic Agentic AI Architecture Enhances Reliability and Control *

Malicious Chrome Extensions Target User Accounts and Data *

PHP Composer Perforce VCS Driver Command Injection Vulnerabilities Enable Arbitrary Code Execution *

Rockstar Games Analytics Data Leaked Following Third-Party Security Incident *

Microsoft Patch Tuesday Security Advisory – April 2026 *

PlugX USB Worm Activity Spreads Globally Through DLL Sideloading and USB Propagation *

PowMix Botnet Targets Czech Employees with Stealthy Randomized C2 Communication *

Critical nginx-ui Vulnerability (CVE-2026-33032) Allows Complete Nginx Server Compromise *

Critical Cisco ISE Vulnerabilities Enable Remote Code Execution *

Hackers Exploit n8n Workflow Automation Platform via Malicious npm Package *

Microsoft Defender Vulnerability Exploited via Newly Published PoC Code *

Google Cloud Storage Abuse for Malware Delivery *

Critical Splunk RCE Vulnerability (CVE-2026-20204) Exposes Enterprise and Cloud Systems *

MuddyWater-Style Reconnaissance Campaign Targets 12,000+ Systems Across Middle East *

Block the Prompt, Not the Work: The End of “Doctor No” *

Transportation Security in the Age of Connected Vehicles *

AI-Powered Pushpaganda Campaign Abuses Google Discover for Scareware and Ad Fraud *

n8n Webhook Abuse Campaign Enables Malware Delivery via Phishing Emails *

Command Injection Vulnerabilities in Composer (PHP Package Manager) *

Basic-Fit Hit by Massive Data Breach Impacting Users Worldwide *

Major WordPress Supply Chain Attack: Trusted Plugins Used to Deploy Hidden Backdoors *

RokRAT Malware Delivered Through Facebook Social Engineering by APT37 *

BitLocker Security Flaws (CVE-2025-55333, CVE-2025-55338) Allow Unauthorized Access to Encrypted Drives *

Okta Under Attack: Credential-Based Intrusions Target Identity Infrastructure *

Agentic AI Browsers Introduce Critical Security Risks Enabling Prompt Injection Attacks *

Mirax Android RAT Abuses Meta Ads to Deploy Proxy Enabled Malware at Scale *

Extortion Attempt Follows Confirmed Data Breach at McGraw-Hill *

Chrome Introduces DBSC to Prevent Session Hijacking *

Strengthening Identity Security Through a Practical Zero Trust Approach *

Critical Security Flaws Addressed in New Nginx 1.29.8 and FreeNginx Releases *

ShinyHunters Leak Rockstar Games Data Following Cyberattack *

Critical wolfSSL Vulnerability Enables Forged Certificate Acceptance via Weak Signature Validation *

Advanced Storm Infostealer Steals Sessions Without Local Detection *

Booking.com Data Breach Exposes User Reservation Details, Triggers Security Alerts *

Phishing Campaigns Leverage GitHub and Jira Notification Systems to Evade Detection *

Analyzing the Trade-off Between Processing Power and Memory Availability *

EncryptInterceptor Bypass Vulnerability Impacts Apache Tomcat Systems *

Social Engineering Campaign by APT37 Distributes RokRAT via Fake Profiles *

EDR Killers Become Core Tool in Modern Ransomware Attacks *

Hackers Abuse MSBuild LOLBin to Bypass Detection in Fileless Windows Attacks *

Axios Flaw Exposes Applications to RCE and Cloud Credential Theft *

Iranian APT Campaign Targets Critical Infrastructure and Government Entities *

Marimo Pre-Auth RCE Vulnerability (CVE-2026-39987) Under Active Exploitation *

Claude and ChatGPT Exploited Through Prompt Injection to Leak Sensitive Data *

Fraudulent BTS Tour Ticket Scams Target Fans Globally *

Adobe Acrobat Reader Zero-Day Vulnerability (CVE-2026-34621) *

Global Crypto Fraud Crackdown: Operation Atlantic *

Attackers Use CPUID Breach to Deliver STX RAT via Altered Downloads *

Storm-2755 AiTM Campaign Hijacks Microsoft 365 Sessions to Redirect Payroll Funds *

Chrome Device-Bound Sessions to Prevent Cookie Theft *

Diagnosing High CPU and Memory Utilization in Google Chrome Using Built-in Task Manager *

GlassWorm Campaign Uses Malicious VS Code Extension to Infect Developer IDEs *

Critical EngageSDK Vulnerability Impacts Millions of Crypto Wallets *

Hack-for-Hire Campaign Linked to Bitter Targets Journalists in MENA *

ChainShell Attack: MuddyWater Leverages Russian MaaS Tools *

MuddyWater Adopts Russian MaaS Tools for Advanced Cyber Espionage Campaigns *

HPE Aruba Private 5G Security Vulnerability Exposes Systems to Credential Theft *

Critical Flaws in TP-Link Archer AX53 Router Allow Full System Takeover *

Critical GitLab Vulnerabilities Enable DoS and Unauthorized Server-Side Actions *

STX RAT Evades Detection with Hidden Remote Access and Data Theft Capabilities *

Stolen Credentials Turn MFA into Another Target for Attackers *

Massive Data Breach at Tianjin Supercomputing Center Exposes Sensitive Information *

EngageLab SDK Vulnerability Exposes 50M+ Android Users to Data Access Risk *

UAT-10362 Targets Taiwanese NGOs with Spear-Phishing and Malware Campaign *

Automated Pentesting Tools Facing Modern Security Limitations *

Cybercriminals Use VENOM Toolkit to Bypass MFA and Capture Microsoft Logins *

ChipSoft Ransomware Attack Disrupts Dutch Healthcare Systems *

Hackers Use Pixel-Large SVG Trick to Hide Credit Card Stealer in Websites *

Critical GitLab Vulnerabilities Enable DoS and Unauthorized Server-Side Actions *

Magento Under Attack as SVG-Based Skimmer Steals Payment Data *

Cross-Platform Phishing Campaign Targets High-Profile Journalists and Government Critics *

Hackers Exploit Smart Slider 3 Pro Update Mechanism to Push Malicious WordPress and Joomla Versions *

LucidRook Malware Spread Through Spear-Phishing Attacks on Taiwanese NGOs *

Eurail Data Breach Impacts 300,000 Individuals, Exposes Sensitive Traveler Data *

Chrome WebML Flaws Expose Systems to Arbitrary Code Execution Attacks *

Hackers Impersonate Linux Foundation Leaders to Target Open-Source Developers via Slack *

CISA Flags Actively Exploited Ivanti EPMM Vulnerabilities as High Risk to Enterprises *

GitLab Vulnerabilities Allow Cross-Site Scripting and Denial-of-Service Attacks (Multiple CVEs) *

SonicWall Vulnerabilities Allow SQL Injection and Privilege Escalation Attacks *

Undetected ActiveMQ Flaw Allows Hackers to Execute Commands Remotely *

Hackers Target Adobe Reader Zero-Day Vulnerability Enabling Data Theft and RCE *

Windows 11 Update Causes BitLocker Recovery Issue *

All-in-One AI Platform Emerges as a Cost-Saving Alternative to Multiple Subscriptions for $100 *

Cyber Attacks by Iran-Backed Hackers Hit U.S. Critical Systems *

Multiple Critical Security Vulnerabilities Found in IBM Verify Access and Identity Systems *

EvilTokens Phishing Campaign Exploiting Microsoft 365 OAuth Tokens *

New Chaos Malware Variant Expands to Cloud Attacks with SOCKS Proxy Capability *

APT28 PRISMEX Malware Campaign Targets Ukraine and NATO Allies *

Snowflake Customers Impacted by Data Theft Following SaaS Integrator Breach *

Anthropic Introduces Claude Mythos Preview for AI-Powered Zero-Day Vulnerability Detection *

Masjesu Botnet Exploits IoT Devices to Launch High Volume DDoS Attacks *

Docker Registry Authorization Bypass Vulnerability (CVE-2025-4095) Allows Unauthorized Image Access on macOS *

OpenSSL Releases Patches for Multiple Cryptographic and Parsing Flaws *

BPFDoor Malware Evolves with Stealthy Stateless C2 and ICMP Relay Techniques *

Russian State-Linked Hackers Exploit Routers for Global Espionage and AiTM Attacks *

Critical CUPS Vulnerabilities Enable Remote Code Execution and Root Privilege Escalation *

Windmill Vulnerabilities Expose Systems to Remote Code Execution Attacks *

Attackers Use Fake Gemini Package to Extract AI Tokens *

Recurring Credential Incidents and Their Hidden Impact *

GPUBreach GPU Attack Leads to Full System Compromise *

Mass Exploitation of ComfyUI Instances Fuels Cryptomining Botnet Campaign *

Phishing Campaigns Leverage LogMeIn Resolve and ScreenConnect for Remote Access Exploitation *

Fake TradingView Premium Malware Campaign Targets Crypto Users *

Windows Targeted by Tor-Enabled ClickFix Attack Delivering Node.js RAT *

Critical Android Zero-Click DoS and Hardware Security Flaws Impact Framework and StrongBox Components Worldwide *

Storm-1175 Targeting Cloud Identity Systems *

Serious ShareFile Security Flaws Risk Unauthorized Server Access *

Critical Flowise Vulnerability (CVE-2025-59528) Enables Remote Code Execution and Active Exploitation *

Windows Defender Zero-Day Exploit Enables Security Bypass *

GroupOffice Vulnerability CVE-2026-34838 Allows Arbitrary Code Execution *

WordPress Plugin Vulnerability Allows Arbitrary File Upload and Server Takeover *

Malicious PyPI Package Abuses AI Proxy Layer to Capture Claude Prompts and Leak Telemetry *

South Korea Targeted by LNK Malware Campaign Using GitHub Infrastructure *

Critical Dgraph Database Authentication Bypass Vulnerability *

North Korea Uses Modular Malware to Frustrate Attribution and Takedowns *

Fake ChatGPT Ad Blocker Extension Found Harvesting Private Chats *

Hackers Compromise ILSpy WordPress Site to Spread Malware *

Critical Flaws in Apache Traffic Server Could Disrupt Enterprise Networks *

CISA Lists TrueConf Vulnerability in KEV Due to Active Exploitation *

Trojanized Strapi Plugins on npm Enable Silent Data Theft and Persistent Access *

Claude Access Limited as Anthropic Disables Third-Party Integrations Including OpenClaw *

Hidden LinkedIn Code Allegedly Detects Installed Software on User Systems *

Hims & Hers Data Breach Linked to Zendesk Support Ticket System Exposure *

Top Privileged Access Management (PAM) Solutions and Security Strategies for 2026 *

Top IAM Companies Driving Identity Security in 2026 *

New QR Code Phishing Scam Targets Drivers with Fake Court Notices *

Emergency Update Released for Actively Attacked FortiClient EMS Flaw *

New SparkCat Malware Variant Targets iOS and Android Apps, Steals Crypto Wallet Recovery Phrase Images *

TeamPCP Attack on European Commission Cloud Results in Cross Entity Data Leak *

Microsoft Initiates Forced Upgrade Cycle for Windows 11 24H2 Systems to Windows 11 25H2 for Unmanaged Devices *

NoVoice Malware Campaign on Google Play *

RFQ Themed Multi Stage Malware Campaign Delivers Fileless Cobalt Strike Payload *

Apple iOS 18.7.7 Update Fixes Critical DarkSword Web Exploit and Multiple Security Flaws *

Handala Hackers Allege Compromise of Israeli Defense Firm *

Akira-Style Ransomware Campaign Targets Windows Users Across South America *

RFQ-Themed Malware Campaign Uses HTML Attachments to Steal Credentials *

Critical Progress ShareFile Vulnerabilities Chained for Pre-Authentication Remote Code Execution Attacks *

FBI Issues Alert on Potential Data Exposure via Chinese Mobile Apps *

Critical F5 BIG-IP Flaw Leaves Thousands of APM Instances at Risk *

Critical Vulnerability in Cisco Smart Software Manager On-Prem Enables Unauthenticated Root Command Execution *

Cybercriminals Use Vacant Homes to Intercept Mail in Hybrid Attacks *

Critical PX4 Autopilot Vulnerability Enables Full Drone Takeover via MAVLink Exploitation *

Reservation Hijack Scam Exploiting Hotel Booking Systems for Payment Fraud *

Public Exploit Code Targets nginx-ui Backup Restore Flaw *

Casbaneiro Banking Trojan Spread Through Sophisticated Phishing Operations *

Suspected Data Breach at Cisco Linked to ShinyHunters Threat Group *

Vim Modeline Vulnerability Enables Arbitrary OS Command Execution *

Ethereum Powered EtherRAT Malware Uses EtherHiding for Stealthy Blockchain Based C2 *

Microsoft Teams EXIF Data Removal Feature Enhances Privacy *

CERT-UA Impersonation Campaign Delivers AGEWHEEZE Malware to One Million Emails *

Critical nginx-ui Backup Vulnerability Demonstrated Through PoC Code *

WhatsApp-Based Malware Attack Uses UAC Bypass to Compromise Windows Devices *

Privilege Escalation Flaw in Google Vertex AI Exposes Critical Cloud Resources *

Critical CrewAI Vulnerabilities Enable Prompt Injection, RCE, and Sandbox Escape Risks *

Critical Unauthenticated RCE in Oracle WebLogic Server Actively Exploited in the Wild Alongside Legacy Vulnerabilities *

Attackers Use Telegram-Based ResokerRAT for Stealthy Access and Data Capture *

Vertex AI Data Exposure Vulnerability *

Attackers Abuse Windows Utilities to Bypass AV and Launch Ransomware *

XLoader Malware Enhances Obfuscation Techniques and Conceals C2 Communications Using Decoy Servers *

Apple Introduces macOS Terminal Alert to Prevent ClickFix Attacks *

Operation TrueChaos: TrueConf Zero-Day Exploited in Targeted Government Attacks *

Critical Vulnerability in Vertex AI Risks Exposure of Google Cloud Data and Artifacts *

PNG File Vulnerabilities Enable Sensitive Data Leakage via Embedded Data Channels *

Tax Filing Scams Used to Deliver Malware in 2026 Campaigns *

New EvilTokens Phishing Kit Exploits Microsoft Authentication Mechanisms *

Axios npm Supply Chain Attack Delivers RAT via Malicious Dependency Injection *

ClickFix Variant Using Rundll32 and WebDAV for Defense Evasion *

India Enforces Ban on Chinese CCTV Devices to Strengthen Cybersecurity and Data Sovereignty *

North Korean Actor Exploits Stolen Identity and AI Tools in Employment Scam *

Notepad++ v8.9.3 Released with Security Fixes and Stability Improvements *

Grafana Vulnerabilities Expose Systems to Remote Code Execution Attacks *

Exposure of TheGentlemen Ransomware Toolkit Reveals Active Attack Infrastructure and Stolen Credentials *

Security Flaws in ChatGPT and Codex Fixed by OpenAI *

CareCloud Data Breach Exposes Patient Information *

CrySome RAT Upgrade Advanced .NET Malware with AV Evasion and Hidden VNC Functionality *

WordPress Plugin Flaw Exposes Sensitive Files *

Personal Emails of FBI Director Compromised in Iran?Linked Cyberattack *

Russian CTRL Toolkit Spread Through Malicious LNK Files Hijacks RDP via FRP Tunnels *

New Homoglyph Techniques Enable Advanced Domain Spoofing Attacks *

Telnyx Python SDK Supply Chain Attack Delivers Malware via WAV Steganography *

Critical Stored XSS Flaw Found in Jira Work Management *

DeepLoad Malware Leveraging ClickFix for Stealthy Credential Theft *

Citrix NetScaler Vulnerability (CVE-2026-3055) Targeted by Active Reconnaissance Campaigns *

VoidLink Demonstrates Real-World Impact of AI-Assisted Malware Creation *

TA446 Spear-Phishing Campaign Leverages One-Click DarkSword iOS Exploit for Covert Device Compromise *

BlankGrabber Malware Targets Windows Systems to Steal Sensitive Data *

Unauthorized Access Detected in European Commission Cloud Services *

Malicious Browser Extensions Enable “Prompt Poaching” Attacks on AI Users *

BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers *

Personal Email of FBI Director Kash Patel Compromised in Hack *

New Infinity Stealer Malware Exploits ClickFix Lures to Steal Data from macOS Systems *

Smart Slider Plugin File Read Vulnerability *

Financial Institutions Targeted by PXA Stealer Through Malicious ZIP Files *

Trivy Supply Chain Compromise (CVE-2026-33634) Enables CI/CD Secret Exfiltration *

Threat Actors Deploy BRUSHWORM and BRUSHLOGGER Against Financial Firm in South Asia *

TeamPCP Targets Telnyx Python Library to Expand Supply Chain Intrusions *

Silver Fox Spear-Phishing Campaign Delivers ValleyRAT via Tax-Themed HR and Finance Lures in Japan *

Threatsday Bulletin Highlights PQC Transition and Rising AI Security Vulnerabilities *

Red Hat Alerts Users to Malware Hidden in Widely Used Linux Tool, Enabling Unauthorized Access *

VoidLink Rootkit: A New Hidden Threat in Linux Systems *

Leak Bazaar Platform Enables Sale of Stolen Data from Global Breaches *

Stealthy Telecom Espionage Campaign Exploiting Exposed VPN and Edge Devices *

Ajax football club Data Breach Exposes Fan Information and Enables Ticket Hijacking *

Claude Extension Zero-Click XSS Prompt Injection Vulnerability *

Coruna iOS Kit Revives Operation Triangulation Exploits, Expands into Widespread Threat Campaigns *

Critical Privilege Escalation Vulnerability Discovered in IDrive Windows Client *

GoHarbor Addresses Critical Harbor Flaw Allowing Full Registry Compromise *

High-Severity Ivanti EPMM Vulnerabilities Exploited for Rapid Database Extraction *

Critical NVIDIA Flaws Enable Remote Code Execution and DoS Attacks *

New Synology DSM Vulnerability Enables Remote File Access Without Authentication *

GhostClaw Malware Campaign Targets macOS via Malicious GitHub Repositories *

New Attack Campaign Leveraging Kiss Loader with Early Bird APC Injection *

Fake Screenshot Lures Drive New Wave of Social Engineering Attacks *

Malicious npm Packages Abuse Post-Install Scripts to Deliver RAT Using Deceptive Install Output *

Bubble AI App Builder Abused to Steal Microsoft Account Credentials via Phishing Campaign *

Users Advised Patching Critical TP-Link Router Vulnerability *

Paid AI Accounts Targeted in Underground Markets *

GitHub Expands Security Coverage by Introducing AI-Driven Bug Detection *

PolyShell Attacks Target 56% of Vulnerable Magento Stores with Malicious Implants *

Citrix Patches Critical NetScaler Flaws Resembling CitrixBleed Attacks *

New Torg Grabber Infostealer Exploits ClickFix to Target Crypto Wallet Users *

FCC Ban on Foreign-Made Routers Over Cybersecurity and Supply Chain Risks *

AI-Driven GitHub Campaign Uses Trojanized OpenClaw Repositories to Deliver Infostealer Malware *

Malvertising Campaign Abuses ScreenConnect and Huawei Driver for EDR Evasion *

Tycoon2FA Attackers Restart Cloud Account Phishing Operations After Infrastructure Recovery *

Supply Chain Attack Hits LiteLLM PyPI Package, Stealing Sensitive Credentials *

ICE Cloud Malware Campaign Targeting Exposed MS-SQL Servers by Larva-26002 *

CanisterWorm Kubernetes Wiper Targets Iran-Based Infrastructure *

PTC Windchill and FlexPLM Vulnerability Poses Imminent Cyber Threat *

Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution *

Critical Security Flaws Found in Dell Wyse Management Suite *

Citrix NetScaler Security Flaws Enable Data Disclosure and Session Hijacking Risks *

Critical Vulnerabilities in TP-Link Archer Routers Enable Full Device Compromise *

Critical NetScaler Vulnerabilities Allow Unauthorized Access & Memory Leak *

Crunchyroll Data Breach Exposes Alleged 100 GB of User Data *

CISA Alerts on Active Exploitation of Craft CMS Code Injection Vulnerability *

Eight Attack Vectors in AWS Bedrock AI Platform Enable Data Exfiltration and Agent Hijacking Risks *

Over 500,000 End-of-Life Microsoft IIS Servers Exposed Online, Creating Critical Global Security Risk *

CanisterWorm Turns Trusted npm Packages into Malware Distribution Channels *

CISA Warns of Actively Exploited Apple Vulnerabilities *

LAPSUS$ Alleged AstraZeneca Data Breach and Private Sale of Sensitive Data *

MioLab Infostealer Targets macOS With ClickFix Tactics and Wallet Stealing Capabilities *

Google Ads Abuse Delivers Tax Scam Malware Using BYOVD Technique for Defense Evasion *

Fake Download Sites Push AsyncRAT Through SEO Poisoning Tactics *

Prolonged Spy Campaign Targets Libya’s Critical Sectors Using AsyncRAT *

Oblivion RAT Masquerading Campaign Targets Android Devices with Fake App Updates *

Bamboo Data Center and Server Flaw Allows Remote Code Execution *

Critical Oracle RCE Vulnerability Impacts Identity Manager and Web Services Manager *

Quest KACE SMA Vulnerabilities Exploited to Compromise Systems *

CISA Warns of Actively Exploited Apple Flaws Enabling Full Device Compromise *

Critical QNAP QVR Pro Vulnerability Allows Remote Attackers to Gain System Access *

Critical UNISOC Modem Flaw Enables Remote Code Execution via Cellular Calls *

Critical Langflow Vulnerability CVE-2026-33017 Enables Unauthenticated Remote Code Execution *

Android Sideloading Security Update and Rising Malware Threats *

FBI Alerts on Large-Scale Phishing Campaign by Russian Hackers Targeting Signal and WhatsApp *

Magento PolyShell Vulnerability *

Trivy Vulnerability Scanner Compromise Raises Supply Chain Security Concerns *

Sophisticated PureLog Infostealer Spread via Phishing and Google Ads Malvertising *

CISA Alerts Active Exploitation of Cisco Secure Firewall Management Center Zero-Day in Ransomware Attacks *

Allure Security Funding Boost Strengthens AI-Based Online Brand Protection *

Navia Data Breach Exposes Personal and Health Data of Millions via Vulnerable API Access *

Iranian Open Server Exposure Uncovers 15-Node Botnet and Relay Network *

Browser Permission Phishing Campaign Targets Biometric Data *

Claude AI Vulnerabilities Enable Data Exfiltration via Prompt Injection Attacks *

Pyronut Malicious Python Package Attack Overview *

Cyber Espionage Campaign Exploits Judicial Trust to Deliver Rust Malware *

Horabot Resurfaces in Mexico with Phishing and Email Worm Campaigns *

IoT Botnet Behind 30 Tbps DDoS Attacks Disrupted by Authorities *

Cisco Firewall Vulnerability Enables Unauthenticated RCE and Ransomware Deployment *

LeakNet Enhances Ransomware Attacks Using ClickFix Lures and Stealthy Deno Loader *

Backdoored Open VSX Extension Campaign Targets Developers via GitHub Downloader *

Warlock Ransomware Exploits Vulnerable Drivers to Evade Security Defenses *

WaterPlum Targets VSCode with New ‘StoatWaffle’ Supply Chain Malware *

Major Data Breach at Aura Impacts 900,000 Contacts *

Critical ScreenConnect Vulnerability Requires Immediate Upgrade and Security Hardening *

UIDAI Launches Bug Bounty Program to Strengthen Aadhaar Ecosystem Security *

Fancy Bear Server Leak Exposes Operational Data and Malware Infrastructure *

CISA Mandates Urgent Patching of Actively Exploited Zimbra XSS Vulnerability *

FortiClient EMS SQL Injection Vulnerability (CVE-2026-21643) *

Rust-Based RAT Deployment via Multi-Stage LNK and PowerShell Attack Chain Targeting Judicial Environments *

A Critical Telnetd Vulnerability Enables Pre-Authentication Remote Code Execution with Root Privileges *

Ubuntu Desktop Flaw Allows Local Users to Escalate Privileges to Root Access *

Critical Flaw in Kubernetes NFS CSI Driver Puts Storage Directories at Risk *

Microsoft Exchange Online Mailbox Outage Disrupts Email Access for Users *

Windows Security Alert: RegPwn Enables Full SYSTEM Access via Registry Abuse *

Payload Ransomware Threat Targets Windows and ESXi Systems with Babuk-Style Encryption *

Authlib Security Flaws Open Door to Padding Oracle and Token Forgery Attacks *

File Browser Vulnerability Exposes Systems to Privilege Escalation and RCE *

Angular XSS Flaw Puts Thousands of Web Applications at Risk *

UK Companies House Security Bug Allows Unauthorized Access to Business Records *

CISA Warns of Active Exploitation Targeting Wing FTP Server Vulnerability *

FBI Investigation into Malware-Infected Steam Games Targeting Cryptocurrency Theft *

Shadow AI Usage Exposes Organizations to Data Leakage Risks *

GlassWorm Exploits Stolen GitHub Tokens to Inject Force-Push Malware into Python Repositories *

ClickFix-Based Command Paste Attacks Facilitate MacSync Infostealer Deployment on macOS *

Android 17 Advanced Protection Mode Blocks Misuse of Accessibility Services *

Coordinated Wiper Attacks Target Organizations to Destroy Critical Data *

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage *

IBM X-Force Discovers Slopoly Malware Used in Hive0163 Ransomware Attacks *

Google Looker Studio Vulnerabilities LeakyLooker Expose Sensitive Cloud Data *

Critical RCE Vulnerability Prompts Microsoft to Block Automated Installation in Windows 11 and Server 2025 *

Fake FileZilla Downloads Used to Distribute Credential-Stealing Malware *

RondoDox Botnet Growth Fueled by Exploitation of 174 Vulnerabilities via Residential IPs *

KakaoTalk Account Takeover Campaign Targets Users Through Credential Harvesting *

FortiGate Firewalls Hacked by Automated Scripts to Steal Network Configurations *

OpenClaw AI Agents Exposed to Indirect Prompt Injection Attacks *

BetterLeaks Empowers Dev Teams to Prevent Credential Exposure Globally *

Critical LangSmith Vulnerability Enables Account Takeover and Token Theft *

Poland’s National Centre for Nuclear Research Targeted by Cyberattack *

Microsoft Releases KB5084597 Hotpatch Fixing RRAS Remote Code Execution Vulnerabilities in Windows 11 Enterprise *

Global Authorities Disable 45,000 Malicious IPs Linked to Cybercrime Campaigns *

The Claude Code Trap: Bitdefender Unmasks Fake Google Ads Hijacking Developer Terminals *

New Critical AdGuard Home Vulnerability Lets Attackers Bypass Authentication *

Perplexity Computer Token Exposure Raises Security and Billing Concerns *

Fileless Remcos RAT Campaign Uses JavaScript and PowerShell for Stealth Attacks *

Law Enforcement Dismantles SocksEscort ResidentialProx y Botnet Exploiting Compromised Routers *

Poland’s Nuclear Research Centre Targeted by Cyberattack *

Hackers Breach Loblaw IT Network, Access Customer Data *

SEO Poisoning Campaign Delivers Trojan VPN Software to Steal Credentials *

Veeam Backup & Replication Security Update Fixes Critical Vulnerabilities *

Two Chrome Zero-Day Vulnerabilities (CVE-2026-3909 & CVE-2026-3910) Actively Exploited to Execute Malicious Code *

1 Click ZITADEL XSS Vulnerability Enables Full Account Takeover *

Critical MediaTek Flaw Allows Android Lock Screen PIN Extraction in Under 45 Seconds *

CrackArmor Exploit Threatens Root Access on Millions of Linux Systems *

OpenSSH GSSAPI Key Exchange Vulnerability Causes Remote SSH Process Termination *

Starbucks Data Breach Exposes Personal Data of Customers *

Critical CVE-2025-0113 Found in Cortex XDR’s Broker VM Architecture *

TaxiSpy Android Banking Trojan Enables Remote Access and Credential Theft *

SocksEscort Residential Proxy Network Leveraged AVRecon Malware to Exploit Global Router Infrastructure *

TELUS Digital Hit by Data Breach After Hacker Group Claims Massive Theft *

High-Severity SQL Injection Flaw in Elementor Ally Plugin Exposes 250K+ WordPress Sites *

Apple Releases Security Patch for Coruna Exploit on Older iOS Devices *

Ericsson U.S. Discloses Data Breach Following Third-Party Service Provider Hack *

Six Android Malware Families Target Pix Payment System to Steal Banking Credentials *

Email and Teams Summaries in Microsoft 365 Copilot Vulnerable to Cross-Prompt Injection *

Hardware Flaw in MediaTek Chip Exposes Android Devices to PIN and Data Theft *

Veeam Backup & Replication Critical RCE and Privilege Escalation Flaws Expose Backup Servers *

Hive0163 Deploys AI-Assisted Slopoly Malware to Maintain Persistent Access in Ransomware Attacks *

Mutable Tag Vulnerability in Xygeni GitHub Action Puts CI/CD Pipelines at Risk (CVSS 9.4) *

macOS Users Targeted by ClickFix Campaign Deploying MacSync Infostealer *

CISA Warns of Critical Remote Code Execution Vulnerability in n8n *

Chrome Security Update Fixes 29 Vulnerabilities *

CastleRAT Campaign Abuses Deno Runtime for Fileless Malware Attacks *

Palo Alto Cortex XDR Broker Vulnerability Enables Privilege Escalation and Unauthorized Access *

Stryker Global Network Disruption Following Cyberattack by Iran-Linked Handala Hacktivist Group *

Critical Command Injection Flaw Discovered in Splunk Enterprise and Cloud Platforms *

Malicious npm Package “pino-sdk-v2” Harvests Developer Secrets via Discord Exfiltration *

CVE-2025-20154 Security Flaw in Cisco Network OS Can Crash Devices Remotely *

Zombie ZIP Method Helps Malware Evade Antivirus and Security Scanners *

Android Malware BeatBanker Poses as Starlink App to Steal Data and Control Devices *

BlackSanta Attack Delivers ISO Payloads Enabling DLL Sideloading and PowerShell Based Execution *

HPE Issues Warning on Critical AOS-CX Flaw Impacting Enterprise Network Devices *

Global Infrastructure Disruption Triggers Service Degradation on Instagram Platform *

UNC6426 Gains AWS Administrative Access Through Compromised NPM Package *

Microsoft Patch Tuesday Security Advisory – March 2026 *

Microsoft Active Directory Elevation of Privilege Vulnerability Enables Domain Takeover *

APT-C-23 Uses Fake Red Alert App for Mobile Espionage *

Fortinet FortiManager fgtupdates Flaw Allows Remote Attackers to Execute Arbitrary Commands *

Cloudflare Pingora Flaws Enable HTTP Request Smuggling and Cache Poisoning Attacks *

LeakyLooker Flaws in Google Looker Studio Expose Risk of Cross-Tenant SQL Queries *

Fake Claude Code Installation Pages Used to Spread Amatera Infostealer Malware *

Threat Actors Leverage Malformed ZIP Archives to Evade Detection by Antivirus and EDR Platforms *

KadNap malware hijacks routers enabling anonymous proxy infrastructure for cybercriminal operations *

Critical Security Flaw in Gogs Allows Silent Overwrite of Git LFS Objects *

Critical SAP Security Flaws Allowing RCE Patched in Latest Update *

CISA Warns of Actively Exploited Ivanti Endpoint Manager Authentication Bypass Vulnerability *

Iran-Linked Seedworm Hackers Target U.S. Critical Infrastructure with New Dindoor Backdoor *

Chinese APT Campaign Targets Qatar Using PlugX Malware *

Cyber Espionage Campaign CL-UNK-1068 Targets Asian Critical Infrastructure *

Malicious AI Browser Extensions Steal Data from Nearly 900,000 Users *

Hikvision Improper Authentication Flaw Allows Privilege Escalation in Multiple Devices *

Apache ZooKeeper Vulnerability Exposes Sensitive Data to Attackers *

macOS Infostealer SHub Delivered via Fake CleanMyMac Site Using ClickFix Terminal Trick *

Chinese Hackers Exploit Web Servers to Steal Data from Asian Critical Infrastructure *

Chrome Extension Takeover Leads to Code Injection and Data Theft *

UNC4899 Breaches Crypto Firm by AirDropping Trojanized File to Developer’s Work Device *

Abuse of .arpa DNS and IPv6 Tunnels Enables Phishing Campaigns to Evade Defenses *

ClipXDaemon Malware Hijacks Cryptocurrency Clipboard Data on Linux Systems *

Critical Authorization Flaws Discovered in Vaultwarden Password Manager *

Malicious imToken Chrome Extension Steals Crypto Wallet Seed Phrases and Private Keys *

Hackers Reportedly Selling Exploit for Windows Remote Desktop Services Zero-Day Vulnerability *

Nginx-UI Vulnerabilities Enable Remote Command Execution and Data Exposure *

Critical Command Injection Vulnerability Discovered in AVideo Platform *

Critical ExifTool Flaw Lets Malicious Images Execute Code on macOS *

Claude Opus 4.6 AI Identifies 22 Security Vulnerabilities in Mozilla Firefox *

Microsoft Detects Large Scale Data Theft via Fake AI Assistant Browser Extensions *

Termite Ransomware Intrusions Linked to ClickFix Social Engineering and CastleRAT Malware *

Stealth Linux Rootkits Exploit Kernel Features for Evasion and Persistence *

Transparent Tribe Leverages AI to Mass-Generate Malware Implants in Cyber Campaign Targeting India *

Cisco Catalyst SD-WAN Manager Vulnerabilities (CVE-2026-20128, CVE-2026-20122) Under Active Exploitation *

MacCMS Websites Compromised in Global RingH23 Malware Campaign *

China-Nexus Malware Campaign Targeting Telecommunications Providers *

Global Hacktivist Campaign Triggers 149 DDoS Attacks Amid Middle East Tensions *

Coruna iOS Exploit Kit Targets iOS 13–17.2.1 with 23 Exploits Across Five Chains *

Dust Specter APT Targets Iraqi Officials with AI-Assisted Malware Campaign *

AkzoNobel Confirms Cyberattack on U.S. Facility *

Google Patches Android Zero-Day Vulnerability (CVE-2026-21385) Actively Exploited in Targeted Attacks *

UK Warns of Potential Iranian Cyberattack Risks Amid Middle East Conflict *

Fake Google Security Page PWA Phishing Campaign *

Cloud Imperium Games Reports Cyberattack Exposing Player Account Data *

Cyberattack on UH Cancer Center Exposes Personal Data of 1.2 Million *

LexisNexis Confirms Cyberattack After Hackers Publish Stolen Data *

OpenStack Vitrage Remote Code Execution Vulnerability *

Authorities Warn: Sloppy Lemming APT Targets Government Networks *

Hackers Exploit .arpa Domain Space to Bypass Email Security Filters *

D-Shortiez Malvertising Exploits WebKit Back-Button for Forced Redirects *

India-Linked SloppyLemming Uses Rust Malware and ClickOnce Lures Against Government and Telecom Networks *

Starkiller Phishing Framework Leverages Live Login Proxies to Evade MFA Protections *

Google Services Abuse Enables Credential Harvesting via Firebase Hosting and Translate Proxy Phishing Infrastructure *

Critical UXSS Flaw in DuckDuckGo Android Autoconsent JS Bridge Allows Cross-Origin Code Execution *

OneUptime Authenticated Command Injection Flaw Could Lead to Server Compromise *

Persistent Session Tokens and Infinite Password Reset Window Vulnerabilities Discovered in Vikunja *

CVSS 10 Flaw in OneUptime Probe Allows Full System Takeover *

Angular Server-Side Rendering Flaw Lets Attackers Trigger Unauthorized Requests from Applications *

Unencrypted Direct TPMS Broadcasts Enable Persistent Vehicle Tracking Across Major Brands *

Browser Extension Attack Bypasses Security Headers for Stealth Script Execution *

ClawJacked Vulnerability Allows Malicious Websites to Hijack Local OpenClaw AI Agents via WebSocket *

Anthropic Confirms Claude AI Service Down in Worldwide Outage *

Malicious npm Packages Leveraging Pastebin Steganography and Vercel C2 to Target Developers *

Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software *

Ivanti Connect Secure Zero-Day Exploited by RESURGE Malware *

Phishing Campaign Abuses Windows WebDAV to Deploy RAT Malware *

Pixel Perfect Extension Exploited to Inject Malicious Scripts and Strip Security Headers *

OCRFix Botnet Combines ClickFix Phishing and EtherHiding to Obfuscate Blockchain C2 Infrastructure *

Mysterium VPN Warns of Massive Credential Exposure via Misconfigured .env Files Worldwide *

Interview Trap: Malicious Next.js Repos Turn Coding Tests into Developer Hacking Tools *

ManoMano Data Breach Allegedly Impacts 38 Million Users *

Critical Remote Compromise Risks Identified in Gardyn Smart Garden Systems *

Dohdoor Malware Expands Operations Against Critical U.S. Institutions *

Zyxel Multiple Command Injection Vulnerabilities Enable Remote Code Execution *

North Korean APT37 Deploys Advanced Malware to Compromise Air-Gapped Systems *

Microsoft Defender Identifies Trojanized Gaming Utility Malware Campaign *

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments *

Critical RCE Vulnerability in Juniper Networks PTX Routers Allows Full Device Compromise *

OpenClaw and the Enterprise Security Risks of Autonomous AI Agents *

Aeternum C2 Malware Exploits Polygon Blockchain for Decentralized Command Infrastructure *

Trojanized Gaming Utilities Deliver Java-Based Remote Access Trojan *

Marquis Seeks Damages from SonicWall Over Alleged Cloud Security Failure *

DoH-Based Backdoor Campaign Uses DLL Sideloading and Process Hollowing Against Education and Healthcare Networks *

Malicious NuGet Package Impersonates Stripe Library to Steal API Keys *

ResidentBat Android Malware Grants Persistent Mobile Access to Belarusian KGB *

ServiceNow Patches Critical AI Platform Vulnerability Enabling Unauthenticated RCE *

Wireshark 4.6.4 Update Fixes Multiple Security Flaws *

27-Year-Old Telnet Vulnerability Actively Exploited in Modern Attacks *

Advanced Persistent Threat Utilizing Cloud-Based Command Channels *

New FreeBSD Vulnerabilities Allow Jail Escapes and Kernel Panics *

Windows CLFS Driver Vulnerability (CVE-2026-2636) Can Trigger System Crash *

Critical Zero-Day in Cisco SD-WAN Actively Exploited Since 2023 for Root-Level Access *

SURXRAT Android RAT Enables Full Device Surveillance and Data Exfiltration *

New Steaelite RAT Enables Unified Data Theft and Ransomware Operations *

CISA Confirms Active Exploitation of FileZen Vulnerability (CVE-2026-25108) *

Chinese AI Distillation Campaign Targeting Anthropic Claude Model *

Conduent Suffers Massive Data Breach, 8TB Stolen, 25+ Million Americans Impacted *

Threat Actors Leverage WMI for Stealthy Persistence on Compromised Windows Systems *

Stealthy NuGet Malware Exploits ASP.NET Identity to Exfiltrate Login Data *

Critical VMware Aria Operations Vulnerabilities Allow Unauthenticated Remote Code Execution *

Automated AI Exploits Enable Rapid Active Directory Domination *

ShinyHunters Extortion Group Claims Data Breach at Odido Impacting Millions *

CarGurus Data Breach Exposes 12.4 Million User Accounts *

UnsolicitedBooker Cyber Espionage Campaign Targets Central Asian Telecom Sector With LuciDoor and MarsSnake Backdoors *

Medusa Ransomware Used by Lazarus Group in Healthcare Attacks Across Middle East and U.S. *

Ukrainian Government and Finance Networks Hit by Malware Intrusions and Unauthorized Access Operations *

Wynn Resorts Employee Data Breach Confirmed After Extortion Threat *

GitHub Codespaces Copilot Exploited in RoguePilot Attack to Extract Sensitive Access Tokens *

Phishing and Stealer Malware Fuel Record Ransomware Activity in Financial Networks *

Threat Actors Leverage AI Tools to Achieve Full Domain Compromise in Just 30 Minutes *

ASP.NET Developers Targeted by Credential-Stealing NuGet Packages *

AI-Driven Attacks Target FortiGate Devices Using DeepSeek and Claude *

Malicious OpenClaw Tactics Enable AMOS Infection via Social Engineering *

ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft *

Starkiller Phishing Framework Leverages Live Reverse Proxy to Bypass MFA Controls *

Critical Vulnerability in HPE Telco Service Activator Enables Access Restriction Bypass *

Critical jsPDF PDF Object Injection Flaw in addJS Enables Malicious Actions Across Enterprise Applications *

Malware Campaign Exploits Iran Protest Narrative to Deploy RAT Spyware *

Fraudulent IPTV Apps Distribute Widespread Android Malware Targeting Mobile Banking Users *

GrayCharlie Hackers Exploit WordPress Sites to Inject Malicious Code *

AI Platforms Emerging as Covert Communication Paths for Malware *

Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign *

High-Risk Vulnerability in jsPDF Allows Malicious PDF Object Injection *

Threat Actors Abuse Multiple AI Services to Compromise 600+ FortiGate Firewall Devices *

SANDWORMMODE Supply Chain Worm Infects Over 19 Npm Packages to Steal Developer and CICD Secrets *

SvelteKit Adapter Vulnerability (CVE-2026-27118) Enables Public Caching of Private Data *

MuddyWater Targets MENA Organizations with Multi-Stage Malware Campaign *

Credential Theft Exposes 1.2 Million Accounts After Registry Breach at Ministry of Economy and Finance France *

128 Million Users Exposed by Critical Flaws in Popular VS Code Extensions *

Operational Breakdown of the Arkanix MaaS Campaign *

Google Play AI Systems Stop Malicious Apps and Protect User Privacy *

PayPal Data Breach Exposes Customer Information Following Credential-Based Attack *

Predictable Password Generation in Large Language Models Exposes Systems to Credential Compromise *

Severe Security Issues in VS Code Extensions Impact Global Developers *

Critical Jenkins Flaw Leaves Build Environments Vulnerable to Cross-Site Scripting (XSS) Attacks *

Apache Tomcat Discloses HTTP Security Constraint Bypass Vulnerability *

FBI Warns of Ploutus Malware Enabling Cardless ATM Cash-Out Attacks Across the U.S *

Stealthy Monero Mining Malware Spreads via Cracked Software and USB Drives *

Hackers Exploit Critical BeyondTrust Vulnerability (CVE-2026-1731) to Deploy VShell & SparkRAT *

Massiv Android Banking Malware Disguised as IPTV Application *

Microsoft Patches Critical Notepad RCE Vulnerability (CVE-2026-20841) After PoC Disclosure *

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center *

Critical DoS Vulnerability Affects 46 Million Users of ‘fast-xml-parser *

Nearly 1 Million Accounts Exposed in Figure Technology Solutions Security Incident *

Apache Camel Releases Patches for Critical Keycloak and LevelDB Vulnerabilities *

SmarterMail Vulnerabilities Rapidly Weaponized via Telegram Channels *

WebView Enabled Implants Leverage AI Service Domains Abused for Covert C2 Relays Demand Zero Trust Monitoring and Controls *

Critical Access Control Weakness in Pterodactyl Game Server Panel *

Microsoft Defender Introduces Centralized Script Library for Security Automation *

Sophisticated Phishing Operation Abuses Fake Google Forms Infrastructure to Capture Google Account Credentials *

Unauthorized Mobile Data Extraction Identified on Activist’s Samsung Device Using Digital Forensic Tool *

PromptSpy: First-Ever Android AI Malware Leveraging Google Gemini for Autonomous Decision-Making *

Hackers Exploit nslookup to Bypass Detection in ClickFix Intrusions *

Multiple DoS Vulnerabilities Disclosed in Sante PACS Server *

Fake Google Forms Used in Global Account Takeover Phishing Scheme *

The Vibe Coding Disaster: Moltbook AI Social Network Data Exposure *

Booking I Paid Twice Phishing Campaign Targets Hospitality Sector 2026 *

Threat Actors Exploit Jira Notification System to Evade Enterprise Spam Defenses *

Chrome Styles Extensions Exploited to Hijack 500,000 VK User Accounts *

ClickFix Campaign Abuses Nslookup for DNS-Based Malware Delivery *

Emoji-Based Malware Obfuscation (Unicode Smuggling) Enables Stealthy Attack Payloads *

CISA Says Windows Video ActiveX RCE Vulnerability Under Active Exploitation in KEV Catalog *

Social Engineering Attack Impersonates MetaMask Security Alerts *

CRESCENTHARVEST RAT and Credential Stealer Campaign Using LNK Execution and DLL Sideloading Targets Iranian Protest Supporters *

Grandstream GXP1600 Series Hit by Critical RCE Vulnerability Allowing Full Device Compromise *

Keenadu Firmware Backdoor Compromises Android Tablets via Signed OTA Updates *

Critical Vulnerabilities in Popular VS Code Extensions Expose Developers to Remote Code Execution and Data Theft *

Microsoft 365 Copilot Security Issue Undermines Email Sensitivity Controls *

Exchange Online Protection URL Filtering Triggers False Positive Phish Detections *

PostgreSQL Security Update Addresses Multiple Vulnerabilities Including Critical Code Execution Risks *

Dell RecoverPoint Zero-Day (CVE-2026-22769) Exploited by UNC6201 *

NVIDIA Megatron Bridge Code Injection Vulnerabilities (CVE-2025-33239 / CVE-2025-33240) Expose AI Training Environments *

Critical CVE-2026-1670 Flaw in Honeywell CCTV Cameras Enables Remote Device Takeover *

OpenClaw Gateway Vulnerability Exposes AI Agents to Remote Log Poisoning Attacks *

Critical Admin API Vulnerability Hits India’s Largest Private Pharmacy Platform *

MCP Supply Chain Attack Delivers StealC Infostealer Through Trojanized Developer Tooling and Registry Poisoning *

Cybercriminals Abuse Atlassian Cloud to Distribute Investment Scam Spam Campaigns *

Japanese Hotel Chain Washington Hotel Reports Server Breach Following Ransomware Attack *

Alleged 0APT Victim Count Reaches 200 Amid Lack of Data Leaks *

Malicious “CL Suite” Chrome Extension Targets Meta Business Accounts *

The “Styles” Trap: 500,000 VK Accounts Hijacked by Chrome Extensions *

25 Vulnerabilities Identified in Cloud Password Managers *

Severe Vulnerability Exposes FileZen to Attackers *

LangChain Community SSRF Bypass Vulnerability (CVE-2026-26019) Exposes Internal Services *

Multi-Stage Loader Exploit Temporary Directories via Phishing and Malvertising for Stealthy Malware Execution *

Critical CVE-2026-1490 in CleanTalk Plugin Exposes 200K WordPress Sites to Remote Code Execution *

Apache NiFi Vulnerability Permits Users to Bypass Restrictions *

ClickFix Social Engineering Exploit Hijacks Crypto Transactions via Browser JavaScript *

ZeroDayRAT Targeting Android and iOS Devices in Cross-Platform Spy Campaign *

Joomla Tassos Framework Exposes Systems to SQL Injection Attacks *

CTM360 Reports Lumma Stealer and Ninja Browser Malware Campaign Exploiting Google Groups *

AI Recommendation Poisoning Threat Exploits Memory Features in AI Assistants *

Fake Crypto Recruitment Campaign Linked to Lazarus Group Spreads Malicious npm and PyPI Packages *

Employee Phishing Incident Leads to Data Breach at Fintech Firm Figure *

Airleader Master Critical Vulnerability (CVE-2026-1358) Enables Remote Code Execution *

Matryoshka Malware Uses Fake Browser Prompts to Steal macOS Credentials *

SmarterMail Breach by Storm-2603 Leads to Warlock Ransomware Attacks *

Chrome Zero-Day Vulnerability Being Actively Exploited *

OpenSea Zero-Day Exploit Chain Targets Seaport Protocol and NFT Assets *

Incransom Ransomware Attack Targets Gulf Business Machines *

Criminal IP API Integration Enables Context-Rich Threat Analysis in IBM QRadar *

OysterLoader Campaign Raises Concerns Over Advanced Malware Evasion *

Luxury Brands Louis Vuitton, Dior, and Tiffany Hit with $25 Million in Data Breach Fines *

Phishing Campaign Abuses Fake Video Meeting Invites to Deploy Remote Access Tools *

Fake CAPTCHA Attacks Used to Deliver LummaStealer Malware *

Next Mdx Remote RCE Vulnerability Impacts Server Side Rendering in Next.js Applications *

Cybercriminals Exploit AI-Themed Chrome Add-Ons for Browser Surveillance *

XWorm RAT Distributed Through Phishing Emails Using CVE-2018-0802 Excel Flaw *

New ClickFix Attack Wave Delivers StealC Stealer via Fake CAPTCHA Pages *

CISA Warns of Actively Exploited Notepad Vulnerability (CVE-2026-15556) Impacting Windows Systems *

Multi Stage SSH Worm Leveraging Credential Stuffing Observed in Active Campaign *

Over 1,000 Feiniu Storage Devices Compromised After Backdoor Exploitation and Kernel-Level Persistence in Netdragon Botnet Campaign *

Rogue VM in VMware vSphere Reveals Muddled Libra s Full Attack Playbook *

Hardware-Embedded “EvilMouse” Grants Full System Control on USB Connection *

287 Harmful Chrome Extensions Found Stealing Data from 37.4 Million Users *

Malicious ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users *

Adblock Filter Lists Can Be Abused to Expose Users’ Real IP Addresses *

Lazarus Campaign Exploits npm and PyPI Dependencies to Deploy RATs and Exfiltrate Data *

Google Warns of State-Sponsored Hackers Leveraging Gemini AI for Reconnaissance and Attack Operations *

IoT Botnets and SOHO Routers Fuel ORB Network Attack Operations *

DragonForce Ransomware Group Expands Cartel Operations Since 2023 *

Palo Alto Networks PAN-OS Vulnerability (CVE-2026-0229) Can Force Firewall Reboot Loops *

Mass Exploitation Attempts Target Ivanti EPMM Critical Vulnerabilities *

Prometei Botnet Targeting Windows Server to Gain Remote Control and Deploy Malware *

Apple Zero-Day (CVE-2026-20700) Actively Exploited in Sophisticated Attacks *

Threat Actors Weaponize Grok, ChatGPT, and Google Ads to Distribute AMOS on macOS *

SandboxJS Critical Vulnerability Could Lead to Remote System Compromise *

Compromise of Government File Automation Systems Exposes Sensitive Citizen and Immigration Records in Ransomware Attack *

Windows WER Privilege Escalation Vulnerability (CVE-2026-20817) Exploited via Public PoC *

Singapore’s Telcos Targeted by China-Linked APT in Operation CYBER GUARDIAN *

Singapore s Telcos Targeted by China Linked APT in Operation CYBER GUARDIAN *

Third-Party IT Breach at Conduent Impacts Volvo Group North America Customer Data *

Russian APT Hijacks GitHub and Trusted Sites in Major Supply Chain Attack *

Microsoft Patch Tuesday Security Advisory – February 2026 *

Null Byte Nightmare: WPvivid Backup Flaw (CVE-2026-1357) Enables Unauthenticated File Upload & Site Takeover *

New Windows Notepad RCE Vulnerability Poses Enterprise Security Risk *

Microsoft Patches 6 Actively Exploited Zero-Days in February 2026 Update *

LinkedIn Identity Hijacking Enables North Korean Employment Fraud Operations *

APT36 Expands Operations with Linux Malware Targeting Government Infrastructure *

Multi-Cloud Linux LLM-Assisted Malware VoidLink Enables Credential Harvesting and Evasive Kernel-Level Control *

ZeroDayRAT Malware Gives Attackers Complete Control Over Android and iOS Devices *

Hackers Exploit Apple and PayPal Emails in DKIM Replay Phishing Campaign *

Attackers Use Bing Advertising Platform for Azure Tech Support Scams *

Libpng Heap Overflow Vulnerability (CVE-2026-25646) Affects Millions of Apps *

Critical JinJava Vulnerability (CVE-2026-25526) Allows Remote Code Execution *

Critical SAP S Code Injection Vulnerability *

Black Basta Ransomware Uses BYOVD Technique to Disable Antivirus Protections *

Critical Vulnerability in Payload CMS SQL Injection with CVSS 9.8 Exposes Admin Credentials *

Microsoft Patches Severe Arbitrary File Write via SessionsPythonPlugin in Semantic Kernel .NET SDK *

Critical Keylime Authentication Bypass (CVE-2026-1709) Undermines mTLS Trust Model *

Trust Boundary Flaw in Claude Desktop Extensions Enables Zero-Click RCE via Google Calendar *

Emerging Node.js–Based LTX Stealer Malware Exfiltrates User Credentials *

Hackers Use SmarterTools Software Bug to Launch Ransomware Attack *

Microsoft Exchange Online Flags Legitimate Emails as Malicious, Causing Delivery Disruptions *

Roundcube Webmail Flaw Enables Attackers to Track Email Open Activity *

Vortex Werewolf Malware (aka SkyCloak) – Tor-Enabled Persistent Backdoor *

Critical BeyondTrust Zero-Day Enables Unauthenticated Remote Code Execution *

Detecting Ransomware Using Windows Minifilters to Intercept File Change Events *

Apple Pay Phishing Campaign Exploits Fake Fraud Alerts to Steal 2FA Codes and Payment Data (2026) *

Cloud Infrastructure Exploited by TeamPCP Worm for Large-Scale Cybercrime *

Telegram Phishing Scam Targets User Accounts via Fake Login Authorization *

OpenClaw Marketplace Compromised in Supply Chain Attack Campaign *

Multiple SandboxJS Zero-Click Sandbox Escape Flaws Enable Arbitrary Code Execution *

CVE-2026-25526 Critical Jinjava Flaw Permits Remote Code Execution *

Mac Malware Exploits User Trust to Circumvent TCC Protections *

Improper Input Sanitization in EMS Server Leads to SQLi Allowing Attackers to Execute Arbitrary Commands *

Critical Moxa Switch Vulnerability Enables Bypass of Authentication Controls *

Hikvision Wireless AP Vulnerability Enables Remote Command Execution *

DKnife Framework Enables Router-Level TLS Interception and Malicious Payload Injection *

China-Nexus Hackers Target Global Organizations Using Advanced Cyber Espionage Techniques *

Transparent Tribe Hacker Group Targets India’s Startup Ecosystem in Cyber Attack *

Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers *

Cyber Espionage Group Linked to Asia Targets Public Infrastructure Worldwide *

Hackers Leveraging Windows Screensaver Files to Deploy RMM Tools for Persistent Remote Access *

Odyssey Stealer Launches New Active Campaign Targeting macOS Users *

F5 Urges Immediate Patching for High-Risk BIG-IP and NGINX Vulnerabilities *

Spam Campaign Distributing Fake PDFs Installs Remote Monitoring Tools for Persistent Access *

Improper Packet Handling in CAKE Qdisc Triggers Use-After-Free and System Compromise Through Kernel Memory Corruption *

APT-Q-27 Stealth Attack on Corporate Networks *

Malicious Traffic Ticket Payment Websites Target Drivers for Credit Card Fraud *

DDoS Attacks Hit Milano-Cortina 2026 Olympics Websites Amid Pro-Russian Hacktivist Campaign *

170+ SolarWinds Web Help Desk Servers Exposed to Actively Exploited RCE Flaw *

Substack Confirms Data Breach After Hacker Claims Theft of 700,000 User Records *

Betterment Discloses Data Exposure Affecting Approximately 1.4 Million Customers *

Injection and Denial-of-Service Threat in JavaScript PDF Generation *

Cyberattackers Use Fake RTO Challan Alerts to Spread Android Malware *

Cyberattack Forces Italy’s La Sapienza University to Shut Down Systems *

AISURU/Kimwolf Botnet Orchestrates 31.4 Tbps Hyper-Volumetric DDoS Attack on Global Infrastructure *

Ransomware Attack Disrupts Corporate IT and Website of Romania’s National Oil Pipeline Operator Conpet *

DragonForce Ransomware Attacks Critical Businesses Worldwide *

Critical n8n Vulnerability CVE-2026-25049 Allows Arbitrary Command Execution *

Malicious NGINX Configurations Used in Large-Scale Web Traffic Hijacking Attacks *

DesckVB RAT New Modular Remote Access Trojan Emerging in 2026 *

Cybercriminals Exploit Search Results to Redirect Victims to Counterfeit Traffic Portals in Phishing and Data Theft Campaign *

Hackers Abuse SonicWall SSLVPN Access to Deploy EDR Killer and Disable Endpoint Security *

WatchGuard Firebox LDAP Injection and VPN Privilege Escalation Pose Elevated Security Threats *

Cisco Collaboration Vulnerabilities Pose Serious Security Threats *

CVE-2026-24735 Apache Answer Data Exposure Flaw Reveals Deleted and Private Content *

Amaranth-Dragon Exploits WinRAR Flaw to Spy on Southeast Asia *

Critical Vulnerability in Cisco Meeting Management Allowing Remote Attackers to Upload Arbitrary Files *

Critical SolarWinds Web Help Desk RCE Flaw Added to CISA KEV List *

Critical Arbitrary File Write Vulnerability in ASUSTOR ADM CGI Hits ADM NAS Devices to Complete Takeover *

Chrome Security Flaws Enable Arbitrary Code Execution *

Google Chrome 144 Vulnerabilities in V8 and Libvpx Could Enable Remote Exploitation (CVE-2026-1862, CVE-2026-1861) *

Critical Metro4Shell Flaw in React Native Actively Exploited to Compromise Developer Systems *

Multiple OS Command Injection Vulnerabilities Fixed in TP-Link Archer BE230 Wi-Fi 7 Router *

Django Patches Multiple Vulnerabilities Impacting Application Security *

Critical Apache Syncope Console Admin-Level XXE Bug Enables XML Entity Injection and Data Exposure *

DynoWiper Malware Targets Polish Energy Sector in State-Sponsored Destructive Cyberattack *

APT28 Exploits Microsoft Office Zero-Day in Targeted Espionage Campaigns *

eScan Antivirus Update Servers Compromised in Malware Supply Chain Attack *

Panera Bread Confirms Data Breach Affecting 5.1 Million Unique Accounts *

NationStates Data Breach Enables Remote Code Execution and User Data Exposure *

OpenClaw Vulnerability Exposes Systems to Link-Based RCE Attacks *

Russian Legion Deploys Botnet-Driven DDoS Campaign Against Danish Critical Infrastructure *

Global Surge in HYIP Investment Scam Platforms Exploiting Social Media and Messaging Apps *

Punishing Owl Hacker Group Emerges, Targets Russian Government Networks *

Microsoft Launches Three-Phase Plan to Replace NTLM With Kerberos in Windows *

Electrum-Linked OT Attack Targets Poland’s Distributed Energy Sites *

Apple Privacy Strategy 2026: Ten System-Level Controls for Data Security *

Microsoft 365 OWA Add-Ins Bypass Audit Logs Allowing Persistent Silent Data Theft *

Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers *

Silent Intruder: EncystPHP Web Shell Burrows into FreePBX Systems *

CVE-2025-26385: Critical Remote SQL Injection Vulnerability in Johnson Controls Metasys *

Google Play Store Introduces Warnings for Power-Hungry Apps *

New Undetected macOS Malware Bypasses Gatekeeper to Steal Sensitive Data *

New ShadowHS Fileless Malware Actively Spreads Across Linux Systems *

Hackers Abuse IIS Servers in Targeted BadIIS Malware Campaign *

Microsoft Windows 11 Update Introduces Reliability Improvements and Secure Boot Changes *

Active Exploitation of Critical Ivanti EPMM Remote Code Execution Vulnerabilities *

NVIDIA Patches High Severity vGPU and Driver Bugs Enabling Host Compromise *

Open VSX Supply Chain Attack Deploys Encrypted Stealer Malware via Solana Etherhiding Targets Over 5,000 Developers *

Kyverno Privilege Escalation Vulnerability Grants Full Cluster Control to Namespaced Users *

Gemini MCP Tool Zero-Day Vulnerability Enables Remote Code Execution *

Critical Remote SQL Injection Vulnerability in Johnson Controls Metasys *

Critical SessionReaper Vulnerability Actively Exploited Against Magento Platforms Worldwide *

PHPUnit Unsafe Deserialization Allows RCE in CI CD Pipelines *

Critical Appsmith Flaw Enables Unauthenticated Execution of Unpublished Application Logic *

Google Disrupts the IPIDEA Residential Proxy Network Used to Abuse Millions of Compromised Devices Worldwide *

Critical Sandbox Escape Vulnerability in Grist-Core Enables Remote Code Execution (CVE-2026-24002) *

Cloudflare IPv6 BGP Route Leak Caused by Network Policy Misconfiguration in Miami Data Center *

Fake CAPTCHA Campaign Abuses Microsoft App-V to Deliver Amatera Infostealer *

TP-Link Omada Controller Hit by High-Severity IDOR Leading to Full Network Control *

PyTorch Safe Mode Bypass Vulnerability Enables Critical Remote Code Execution *

TP-Link Archer Vulnerability Allows Attackers to Take Full Control of Routers *

GitHub-Backed Cyber-Espionage Targeting Indian Government Networks *

MITRE’s ESTM Enables Proactive Defense for Embedded Systems Powering Critical Infrastructure *

SolarWinds Web Help Desk Vulnerabilities Expose Systems to RCE and Auth Bypass *

Severe n8n Vulnerability (CVSS 9.9) Enables Authenticated Users to Execute Remote Code *

OpenSSL Stack Buffer Overflow Vulnerability Enables Pre-Auth Remote Code Execution *

HPE Aruba Releases Patches for High-Severity RCE and OpenSSL Vulnerabilities *

Active Exploitation of Critical Fortinet FortiCloud SSO Vulnerability *

High-Severity Chrome Background Fetch Bug Patched in Latest Stable Release *

Localhost Authentication Bypass in Clawdbot Agents Exposes Thousands of Instances *

CVE-2025-67968: Critical Arbitrary File Upload in RealHomes CRM Threatens 30,000+ WordPress Sites *

Rufus Local Privilege Escalation Vulnerability Allows Administrator-Level Code Execution (CVE-2026-23988) *

High-Severity Flaw in Western Digital Installer Opens Door to Code Execution *

Active Threat Campaigns Abuse React2Shell for Remote Code Execution *

Google Protocol Buffers Affected by High-Severity DoS Vulnerability *

Microsoft Fixes Actively Exploited Office Zero-Day Vulnerability (CVE-2026-21509) *

Fake Notepad++ Installers Infect Systems with Proxyware Malware *

React Issues Urgent Advisory After Incomplete DoS Fix in Server Components *

Severe vm2 Vulnerability (CVSS 9.8) Exposes Millions of Apps to Sandbox Escape *

Snap Store Domain Hijacking Attack Enables Malicious Linux Software Distribution *

Oracle January 2026 CPU: Critical Vulnerabilities, Exposure Risks, and Patch Prioritization *

Nike Investigating Alleged Cyberattack After WorldLeaks Data Leak Threat *

Backdoor Vulnerability Places Over 20,000 WordPress Sites at Risk of Unauthorized Admin Access *

Raaga Discloses Data Breach Affecting 10.2 Million Accounts *

Fake Notepad++ Installers Deliver Proxyjacking Malware via DLL Side-Loading *

TrustAsia Fixes Critical LiteSSL ACME Misconfiguration After Mass Certificate Revocation *

Threat Actors Abuse Legitimate Driver Variants to Disable Endpoint Security Before Ransomware Attacks *

Hackers Weaponize Security Tools to Undermine Defenses Before Ransomware Attacks *

Critical RCE Vulnerability in Vivotek IoT Camera Firmware *

New AI-Based Android Malware Exploits WebView Components for Automated Ad Fraud *

NVIDIA CUDA Toolkit Vulnerabilities Enable High-Severity Code Execution Attacks *

Critical Chainlit AI Flaws Allow Attackers to Take Over Cloud Environments *

Malicious Code Injection Risk Found in binary-parser for Node.js *

Critical Academy LMS Flaw (CVE-2025-15521, CVSS 9.8) Leads to Complete Admin Compromise *

Global FortiGate Firewall Threat: Key Actions to Safeguard Networks Against Unauthorized Access *

CVE-2026-20045: Critical Cisco Unified CM RCE Under Active Exploitation *

BIND DNS Remote Crash Vulnerability CVE-2025-13878 *

Evelyn Stealer Malware Abuses VS Code Extensions *

OPNsense 25.7.11 Introduces Host Discovery Service to Enhance Network Visibility *

WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol *

Apache Solr Flaws Allow Data Exposure & Authentication Bypass *

Hackers Exploit LinkedIn Messages to Deliver Malware via Fake Business Files *

Prompt Injection to RCE: Three Flaws Expose Anthropic’s MCP Git Server *

NVIDIA Nsight Graphics for Linux Vulnerability Enables Arbitrary Code Execution *

GitLab Fixes High-Severity Vulnerabilities Impacting Authentication and Availability *

Zoom Hit by Critical RCE Vulnerability Exploitable via Command Injection *

AVEVA Software Hit by Critical Flaws Allowing SYSTEM-Privilege Remote Code Execution *

TP-Link Router Vulnerability Allows Authentication Bypass via Password Recovery Feature *

McDonald’s India Allegedly Hit by Everest Ransomware Data Exfiltration Attack *

100,000+ WordPress Sites Exposed by Critical Plugin Vulnerability *

Critical Bluetooth Flaws in Xiaomi Redmi Buds Enable Call Data Exposure and Device Crashes *

Coordinated Malicious Chrome Extensions Target Enterprise HR and ERP Platforms via Session Hijacking *

Remcos RAT Campaign Uses Trojanized VeraCrypt Installers to Target South Korean Users *

ServiceNow BodySnatcher Vulnerability Enables Unauthenticated User Impersonation *

UK Government Issues Alert on Sustained Pro-Russian Hacktivist DDoS Campaigns *

Threat Actors Impersonate Malwarebytes to Deploy Infostealers *

AI Guardrails Under Fire Prompt Injection and Agent Exploits Expose New Enterprise Security Risks *

StackWarp Hardware Vulnerability in AMD Zen Processors *

PDFSider Backdoor Leveraged in Attack Against Fortune 100 Financial Enterprise *

CrashFix Campaign Uses Malicious Chrome Extension to Deliver ModeloRAT Malware *

Iran State TV Hijacked to Broadcast Anti-Regime Messages and Protest Appeal *

Critical Vertex AI Misconfiguration Enables Privilege Escalation via Service Agents *

Cisco Addresses Actively Exploited AsyncOS Zero-Day Vulnerability *

Livewire File Manager Flaw Leaves Web Applications Vulnerable to Remote Code Execution *

Cloudflare Zero-Day Allows Attackers to Bypass WAF and Access Protected Origin Servers *

Ingram Micro Confirms Ransomware Incident Impacting 42,000 Individuals *

Critical WhisperPair Vulnerability Enables Tracking and Eavesdropping via Bluetooth Audio Devices *

Bluetooth “Heartbleed” and DoS Flaws in Xiaomi Redmi Buds *

Crypto Wallet Theft Campaign Using Impersonated Malware Branding *

ABB Ability OPTIMAX Authentication Bypass Vulnerability Enables Full System Takeover *

Critical Deno Flaws Expose Cryptographic Secrets and Windows Command Execution Risks *

GootLoader Malware Abuses Malformed ZIP Archives to Evade Endpoint and Network Defenses *

GhostPoster Campaign Spreads Malicious Browser Extensions to 840,000 Users *

Major CIRO Security Incident Compromises Data of 750,000 Investors in Canada *

Critical XSS Vulnerabilities in Meta Conversions API Gateway Enable Silent, Large-Scale Facebook Account Takeovers *

Researchers Breach StealC Malware Infrastructure via Control Panel Flaw *

Promptware Kill Chain Five-Step Model for AI-Driven Cyberattacks *

Chinese Infrastructure Used for Large-Scale C2 Operations *

HPE Aruba Networking Flaws Expose VLAN and Internal Network Data *

Palo Alto PAN-OS GlobalProtect Denial-of-Service Vulnerability *

Kyowon Group Ransomware Incident Disrupts Operations, Millions of Accounts Potentially Affected *

Critical Cal.com Authentication Bypass Vulnerability Allows Account Takeover *

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure *

AWS Fixes CodeBuild Misconfiguration Preventing CI Pipeline Supply Chain Repository Takeovers *

Critical CVE-2026-23550 Bug Lets Hackers Gain Full WordPress Admin Access *

Reprompt Attack Exposes Risk of Silent Data Theft in Microsoft Copilot *

Major Data Breach at Central Maine Healthcare Affects 145,000+ Patients *

Windows Remote Assistance Security Feature Bypass Enables Circumvention of MoTW Safeguards *

Cloud Infrastructure Abuse for Enterprise Phishing Campaigns *

Elastic Releases Security Fixes for Vulnerabilities Enabling File Theft and DoS *

Improper Input Handling in Copilot URL Parameters Leads to Silent Data Disclosure *

Spring CLI Vulnerability Allows Arbitrary Command Execution on User Systems *

VoidLink Emerges as Cloud-Native Linux Malware Framework Targeting Containers and Cloud Infrastructure *

Apex Legends Character Hijacking Incident Enables Remote Player Control in Live Matches *

Critical OpenCode Flaws Allow Malicious Websites to Execute Code on Developer Systems *

Critical FortiSIEM Vulnerability Risks Enterprise Visibility and Security Operations *

Critical SAP Vulnerabilities in S-4HANA and Wily Introscope Put Financial Systems at Risk *

Chrome 144 Security Update Patches Critical V8 Engine Vulnerabilities *

Critical OpenSSH Remote Code Execution Risk in Moxa Industrial Switches *

Betterment Reports Security Incident Involving Compromised Email Distribution Infrastructure *

Microsoft Patch Tuesday Security Advisory – January 2026 *

Critical Hikvision Bugs Expose Cameras to Network-Based Disruption Attacks *

FortiSandbox SSRF Flaw Allows Attackers to Proxy Internal Traffic Using Crafted HTTP Requests *

Node.js Issues Security Update Patching Seven Vulnerabilities Across All Release Lines *

Target Dev Server Offline After Hackers Claim to Steal Source Code *

State-Sponsored Insider Threat Campaign via Fraudulent Remote Hiring Practices *

Apex Legends Live Match Incident Involved Remote Character Control by Unknown Actor *

New Multi-Stage Malware Campaign Delivers Remcos RAT (SHADOW#REACTOR) *

YARA-X 1.11.0 Adds Hash Function Warnings to Improve Rule Accuracy *

ServiceNow Security Flaw CVE-2025-12420 Allows Unauthenticated User Impersonation *

Browser-in-the-Browser Phishing Campaign Targets Facebook Users for Credential Theft *

CISA Issues Urgent Alert on Active Exploitation of Gogs Vulnerability CVE-2025-8110 *

Angular Template Compiler Bug Allows Malicious SVG Script Injection And Session Hijacking *

University of Hawaii Cancer Center Ransomware Attack Exposes Research Data and SSNs *

Endesa Reports Customer Data Breach Following Security Incident *

Texas Gas Station Operator Reports Data Breach Affecting 377,000 Customers *

Cisco Snort 3 Vulnerabilities Impacting Sensitive Data Security *

GitLab Releases Patch for High-Severity XSS and AI Vulnerabilities Exposing User Data *

700,000 Personal Records Compromised in Illinois DHS Cyber Incident *

Illicit Cryptocurrency Transactions Surge in 2025 as Cybercrime Ecosystems Expand *

ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration *

Instagram Confirms No Breach After Reports of 17M Account Data Exposure *

MuddyWater Deploys RustyWater RAT in Targeted Spear-Phishing Campaign *

BreachForums User Database Exposure Leaks 324000 Account Records *

Critical InputPlumber Bug Permits UI Input Manipulation and Denial-of-Service *

Solonik Leak Exposes 17.5 Million Instagram User Profiles *

Critical Vulnerabilities in EOL Vivotek IP7137 Cameras Enable Unauthorized Access *

Apache Struts XXE Flaw CVE-2025-68493 Puts Enterprise Data at Risk *

Critical Apache Uniffle Vulnerability Exposes Distributed Systems to MITM Attacks *

Critical React Router Vulnerabilities Enable File Access, XSS, and Session Manipulation Attacks *

Critical zlib Vulnerability (CVE-2026-22184, CVSS 9.3) Enables Global Buffer Overflow *

Critical Linux TLP Vulnerability Exposes Systems to Unauthorized Power Control *

Critical OWASP CRS Vulnerability Allows Charset Validation Bypass *

Critical Trendnet Vulnerability (CVE-2025-15471) Enables Complete Device Takeover *

SmarterMail Flaw Enables Remote Code Execution, Proof-of-Concept Released *

Major Security Flaw in H3C Wi-Fi Systems Exposes Networks to Takeover *

Possible State-Sponsored Cyber Activity Disrupts Power Infrastructure in Caracas *

Critical Vulnerabilities Enabling Full Server Compromise *

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls *

Malicious npm Packages Distributing NodeCordRAT via Supply Chain Attack *

DocuSign Impersonation Campaign Distributes Vidar Malware Through Phishing Emails *

Trend Micro Apex Central Hit by Critical Unauthenticated RCE Vulnerability *

Critical Foomuuri D-Bus Vulnerabilities Expose Linux Systems to Unauthorized Local Network Configuration Changes *

Critical Undertow Vulnerability (CVE-2025-12543) Exposes Java Servers to Host Header Attacks *

GoBruteforcer Botnet Targets Crypto Servers Using Weak AI-Generated Configurations *

Critical Apache NimBLE Bluetooth Vulnerabilities Allow Spoofing and Eavesdropping Attacks *

New “Maestro” Exploit Reveals Critical Weaknesses in ESXi VM Isolation *

Critical jsPDF Vulnerability (CVE-2025-68428) Allows Sensitive Data Exfiltration via PDF Generation *

China-Linked Salt Typhoon Breaches U.S. Congressional Email Systems *

BlueDelta Cyber Espionage Operations Target Enterprise Authentication Services for Credential Theft *

CVE-2026-21858: CVSS 10.0 Flaw in n8n Allows Unauthenticated RCE and Server Takeover *

Malicious Office Assistant Update Infects Windows Systems With Mltab Malware *

Venezuela BGP Leak Explained: Misconfiguration, Not Cyber Espionage *

CISA Adds Critical HPE OneView RCE and Legacy PowerPoint Vulnerability to KEV Catalog *

Critical RCE Vulnerability Actively Exploited in End-of-Life D-Link Routers (CVE-2026-0625) *

GoBruteforcer Attack Wave Targets Crypto and Blockchain Projects *

Veeam Patches Critical Remote Code Execution Flaws in Backup & Replication Software *

High-Severity WebView Vulnerability Patched in Google Chrome 143 *

Dify Addresses Backend Masking Failure Leading to API Key Exposure *

Forcepoint DLP Vulnerability (CVE-2025-14026) Enables Bypass of Restricted Python Controls *

Critical Remote Command Injection in D-Link Legacy DSL Routers (CVE-2026-0625) *

Microsoft Alerts on Email Routing Misconfigurations Driving Internal Domain Spoofing *

Critical n8n Vulnerability CVE-2026-21877 Enables Full System Compromise *

Fake Notepad++ Websites Used by BlackCat Group to Distribute Credential-Stealing Malware *

China-Linked Cyberattacks on Taiwan Energy Sector Increase Tenfold *

PHALT BLYX Campaign Exploits Fake Booking.com Alerts to Deploy DCRat Malware *

macOS Vulnerability Enables TCC Bypass, Putting Sensitive User Data at Risk *

Two Malicious Chrome Extensions Exfiltrating ChatGPT and DeepSeek Conversations *

Unpatched Firmware Vulnerability Allows Full Remote Takeover of TOTOLINK EX200 Devices *

Critical Dolby Vulnerability Patched in Android *

Crimson Collective Allegedly Breaches Brightspeed, Claims Theft of Over 1M Customer Records *

Sophisticated Google Support-Style Phishing Campaign Steals Credentials *

n8n Vulnerability (CVE-2025-68668) — Authenticated System Command Execution (CVSS 9.9) *

ClickFix BSOD Phishing Campaign Delivering DCRAT Malware *

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks *

ProfileHound Tool Exposes Dormant User Profiles in Active Directory Environments *

PyArmor Obfuscation Used for Evasion of Static and Signature-Based Analysis *

Russia-Linked Hackers Weaponize Viber Messaging to Deploy RATs in Ukrainian Government Networks *

Apache SIS Vulnerability Allows Local File Disclosure via Malicious XML Metadata Targeting GIS Applications *

Critical jsPDF Vulnerability Enables Unauthorized Server File Access in Node.js *

GravityRAT Expands Remote Access Attacks Across Multiple Platforms *

High-Severity DoS and Request Smuggling Flaws Patched in Aiohttp Security Update *

High-Severity Apache Kyuubi Vulnerability Enables Arbitrary File Access *

Cybersecurity Incident Leads to Full Closure of Higham Lane School *

Covenant Health Confirms Large-Scale Unauthorized Access to Healthcare IT Systems *

Ledger Users Affected by Data Breach at Third-Party Vendor Global-e *

PS5 BootROM Key Leak Reveals Unfixable Hardware-Level Security Flaw *

VVS Stealer Malware Targets Discord Accounts *

Hackers Claim Resecurity Breach, Firm Says Incident Was a Honeypot Operation *

Alleged NordVPN Internal Systems Breach Highlights Risks in Exposed Development Environments *

GHOSTCREW Open-Source Toolkit Introduces AI-Driven Penetration Testing *

Healthcare Provider Revises Breach Scope to Impact 478000 Patients *

Critical Hardcoded Authentication Token Vulnerability in RustFS Enables Full Cluster Compromise *

Sedgwick reports data breach linked to TridentLocker ransomware attack *

QNAP Fixes High Severity SQL Injection and Path Traversal Vulnerabilities *

FortiWeb Exploitation Campaign Uncovered via Exposed Logs *

Telegram Breach Sparks Concerns Over Political Cybersecurity *

CVE-2025-66848: Critical JD Cloud Router Flaw Allows Remote Root Access *

AdonisJS Bodyparser Bug Allows Path Traversal Leading to File Overwrite and RCE *

Critical Eaton UPS Companion Vulnerabilities Enable Local Code Execution on Windows Systems *

Critical Authentication Bypass in IBM API Connect CVE-2025-13915 *

Phishing Campaign Abuses Google Cloud Email Feature *

Careto Hacker Group Resurfaces After 10 Years *

DarkSpectre Browser Malware Operation Infected 8.8 Million Chrome, Edge, and Firefox Users *

Fake Eternl Desktop Wallet Used in Cardano Phishing Campaign *

CVE-2025-14346 Allows Unauthorized Bluetooth Control of WHILL Power Chairs *

GlassWorm Malware Targets macOS Developers via Malicious VSCode Extensions *

High-Risk Flaws in GNU Wget2 Allow Path Traversal and Memory Corruption Attacks *

Apache NuttX RTOS Updates Fix Use-After-Free and DoS Flaws *

Magecart Attack Chain Uses 50+ Malicious Scripts to Steal Online Payment Data *

Critical SmarterMail RCE Vulnerability (CVE-2025-52691) Alert by Singapore CSA *

VOID KILLER Emerges as Serious Threat to Enterprise Endpoint Security *

Apache StreamPipes Privilege Escalation Vulnerability CVE-2025-47411 Enables Unauthorized Administrative Access *

ErrTraffic ClickFix Campaign Automation Service *

Spear-Phishing Threat Aimed at Security Individuals in the Israel Region *

European Space Agency Confirms Cybersecurity Breach on External Servers *

CISA Directs Federal Agencies to Patch Exploited MongoBleed Vulnerability *

Coupang to Split $1.17 Billion Among 33.7 Million Data Breach Victims *

Chinese State-Linked Rootkit Hides ToneShell Malware Deployment *

New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones *

Coordinated Cyberattack Floods Adobe ColdFusion Infrastructure with Millions of Exploit Attempts *

Critical SmarterMail Vulnerability Enables Full Server Takeover Without Authentication *

Silver Fox Phishing Campaign Targets Indian Organizations Using Tax-Themed Malware *

Windows Local Privilege Escalation Flaws in Kernel Drivers and Named Pipes Enable Elevated Access *

Ransomware Attack Shuts Down Key IT Systems at Romania’s Oltenia Energy Complex *

Security Incident at Korean Air Leads to Employee Data Exposure *

OpenAI Hardens ChatGPT Atlas Against Prompt Injection Attacks *

WIRED Subscriber Data Breach Claim Exposes 2.3 Million Records *

27 npm Packages Weaponized as Phishing Infrastructure for Login Credential Theft *

Trust Wallet Chrome Extension Supply-Chain Attack Leads to Multi-Million Dollar Crypto Theft *

Large-Scale Automated Exploitation Campaign Targeting Multiple Internet-Facing Technologies *

Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns *

EmEditor Supply Chain Attack Prompts Urgent Security Warnings for Enterprises *

AI-Led Discovery Triggers Alarm Over CVSS 10 Zero-Day in Xspeeder Firmware *

Jackson Typosquatting Attack on Maven Central *

Ubisoft Rainbow Six Siege Services Disrupted Following Suspected MongoBleed Exploitation *

New WebKit Integer Overflow Vulnerability Found in iOS 26.2 with Public PoC *

China-Linked Evasive Panda Conducted DNS Poisoning Attacks to Distribute MgBot Malware *

French Postal Operator Suffers Major Network Outage Linked to Cyberattack *

Malicious Analytics Logic in Trust Wallet Browser Extension Leads to Multi-Chain Wallet Drain *

“Purchase Order” Deception Leveraging a Sophisticated Malware Loader Across Italy, Finland, and Saudi Arabia *

DriverFixer0428 Credential Stealer in Contagious Interview Campaign (macOS) *

Israeli Organizations Targeted by AV Themed Malicious Word and PDF Files *

LastPass 2022 Data Breach Enables Years-Long Exploitation of Encrypted Vaults Leading to Cryptocurrency Theft *

Critical LangChain Flaw Allows Malicious Actors to Steal Secrets from AI-Driven Systems *

Typosquatted MAS Domain Tricks Users into Running Malicious Activation Script *

Threat Actors Exploit Unpatched FortiGate 2FA Bypass Vulnerability *

Koi Security Uncovers Persistent Backdoor with lotusbail npm Package Targeting WhatsApp npm Library Stealing Credentials and Messages *

Critical LangChain Vulnerability Lets Attackers Steal Secrets via Prompts *

High-Severity Zimbra Vulnerability Exposes Internal Files Without Authentication *

Critical TeamViewer DEX Vulnerabilities Enable Takeover of Nomad Services *

Net-SNMP Vulnerability Triggers Buffer Overflow, Crashing the Daemon *

Somalia E-Visa Platform Exposes Sensitive Traveler Information *

Shinhan Card Confirms Data Breach Impacting 192,000 Merchants in South Korea *

MacSync Stealer Dropper Bypasses macOS Gatekeeper Using Notarized Signed App *

Ransomware Attack on Romanian Waters Authority Disrupts IT Systems Nationwide *

WebRAT Malware Targeting Developers Through Malicious GitHub Exploit Repositories *

Operation PCPcat Weaponizes Next.js and React Bugs, Compromising 59,000+ Servers *

Inside APT37’s Artemis Malware Campaign: From Casting Lures to System Compromise *

High-Risk NVIDIA Isaac Launchable Security Issues Lead to Complete System Takeover *

Spotify Investigates Alleged 300TB Music Archive Leak Linked to Anna’s Archive *

Critical MongoDB Vulnerability Allows Unauthenticated Memory Disclosure via zlib Compression *

M-Files Alert on Insider Session Hijacking and Vault Metadata Leakage Risks *

Linksys Router Authentication Bypass Zero-Day Vulnerability *

Nissan Confirms Data Breach After Unauthorized Access to Red Hat Servers *

Critical Vulnerabilities in Exim Mail Server Could Lead to Remote Compromise *

University of Phoenix Data Breach Affects Nearly 3.5 Million Individuals *

Microsoft Fixes Privilege Escalation Flaw in Windows Brokering File System Driver *

Sleeping Bouncer: A Deep Dive into the Pre-Boot DMA Vulnerability in Modern Firmware *

Darknet-Driven Insider Threat Campaigns Target High-Value Enterprise Networks *

Malicious Free VPN Extensions Compromise AI Chat Privacy of 8 Million Users *

Microsoft Teams Global Outage Causes Widespread Messaging Delays *

U.S. DOJ Files Charges Against 54 in Coordinated ATM Jackpotting Attacks Using Ploutus Malware *

Critical n8n Security Flaw Grants Attackers Full Control of Affected Servers *

Cellik RAT Exploits Google Play Apps, Expanding the Reach of Mobile Cybercrime *

Dify Vulnerability Exposes System Configurations to Anonymous Users *

RansomHouse Elevates Ransomware Threat With Advanced Multi-Layered Mario Encryptor *

Critical Apache NiFi Vulnerability in GetAsanaObject Processor Enables Unsafe Java Deserialization Attacks *

Cloud Atlas Hacker Group Exploits Microsoft Office Vulnerabilities to Execute Malicious Code *

Roundcube Vulnerabilities Enable Malicious Script Execution *

Headlamp Vulnerability Enables Unauthorized Helm Release Management in Kubernetes Clusters *

Linux Kernel Records First Rust-Based Vulnerability With CVE-2025-68260 *

WatchGuard 0-day Vulnerability Exploited to Hijack Firewalls *

China-Linked LongNosedGoblin APT Exploits Windows Group Policy to Target Government Networks in Asia *

Udados Botnet Targets Web Infrastructure with Stealth DDoS Attacks *

UEFI IOMMU Initialization Flaw Exposes Major Motherboard Vendors to Early Boot DMA Attacks *

University of Sydney Data Breach (December 2025) Exposes Personal Information of Staff and Students *

High-Severity Kibana Vulnerability Enables XSS Attacks Through Vega Charts *

Log4j TLS Hostname Verification Vulnerability Enables Log Interception *

OpenAI GPT-5.2-Codex Accelerates Software Vulnerability Discovery and Defensive Cybersecurity *

Ink Dragon Hackers Breach European Governments, Extending Attacks to Asia and South America *

Severe systeminformation Flaw Allows Arbitrary Command Execution on Windows Systems *

Virginia Mental Health Authority Reports Data Breach Impacting 113,000 Individuals *

Critical Flaw in Apache Commons Text Enables Remote Code Execution Attacks *

Kimwolf Botnet Compromises 1.8 Million Android TV Devices to Conduct Large-Scale DDoS Attacks *

SonicWall Privilege Escalation Vulnerability (CVE-2025-40602) Actively Exploited - Patch Released *

Suspected Malware on GNV Ferry Fantastic Sparks Remote Hijack Fears *

Cisco AsyncOS Zero-Day Vulnerability Actively Exploited *

CVE-2025-20393 Under Active Attack as UAT-9686 Targets Cisco Email Gateways *

CISA Warns of Active Exploitation of Critical Cisco Zero-Day and SonicWall Vulnerabilities *

Critical HPE OneView Security Bug Exposes Data Center Control Planes Worldwide *

Remote Code Execution in Automotive Infotainment via Modem Firmware *

Russian Hackers Target Network Edge Devices Across Western Critical Infrastructure *

Microsoft Confirms Critical Desktop Window Manager Privilege Escalation Vulnerability *

China-Linked Ink Dragon Espionage Campaign Uses ShadowPad and FINALDRAFT Malware Against Government Networks *

APT C 35 Leverages Distinct Apache HTTP Response Patterns for Covert Infrastructure Operations *

BlindEagle Attackers Leverage Trusted Channels to Bypass Enterprise Email Protections *

Chrome Stable Channel Update Fixes High-Severity WebGPU and V8 Vulnerabilities *

NVIDIA Patches Critical Vulnerabilities Across Isaac Sim, NeMo Framework, and Linux Resiliency Tools *

Cellik Android Malware Turns Trusted Google Play Apps into Stealthy Trojanized Threats *

GhostPoster Campaign Hides Malicious JavaScript Inside Firefox Add-on Logos *

Security Flaws in Windows Remote Access Connection Manager Enable Privilege Escalation *

Microsoft Windows Admin Center Bug Exposes Systems to Privilege Escalation Attacks *

Cyber Threat Alert: NoName057(16) Launches DDoSia Attacks Against NATO-Linked Organizations *

Critical Privilege Escalation Vulnerability Identified in JumpCloud Remote Assist *

700,000 Records Exposed Following Askul Ransomware Incident *

GhostPairing WhatsApp Account Takeover Attack *

Fake mParivahan and e-Challan Apps Used to Distribute Android Malware *

PCPcat Malware Campaign Exploiting React2Shell and Next.js RCE Vulnerabilities *

Critical React2Shell Vulnerability Exploited in the Wild to Establish Persistent Backdoors *

SantaStealer Malware Campaign Exploits Browser Storage to Steal Crypto and User Credentials *

FrogBlight Android Malware Disguises Government Websites to Collect SMS and Device Information *

Shannon AI Pentesting Platform Automates Discovery and Exploitation of Web Application Flaws *

Five-Year NuGet Supply Chain Attack Targeting .NET Developers via Homoglyphs and Typosquatting *

OpenShift GitOps Privilege Escalation Vulnerability (CVE-2025-13888) *

SoundCloud Hit by Data Breach as User Information Stolen and VPN Access Blocked *

Persistent macOS Installer Bug Allows Attackers to Hijack Privileged Processes *

Critical ScreenConnect Server Vulnerability Enables Privileged Abuse Through Malicious Extension Installation *

Jaguar Land Rover Confirms Enterprise IT and OT Systems Breached, Employee Data Compromised *

FreePBX Releases Security Updates for High-Risk RCE Vulnerabilities *

French Interior Ministry Confirms Cyberattack Affecting Email Servers *

Frogblight Malware Targets Android Users by Spoofing Government Portals *

700Credit Data Breach Exposes Information of 5.8 Million Auto Dealership Customers *

Critical RasMan Flaw in Windows Enables Local Crash and SYSTEM-Level Privilege Escalation *

Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution *

Active Phishing Campaign Targets Russian Organizations With ISO-Based Malware and Credential Theft *

PayPal Subscriptions Abused to Send Fake Purchase Emails *

Gentlemen Ransomware Emerges as a Threat to Corporate Networks *

Storm-0249: Sideloading Malicious Code into EDR Processes to Avoid Detection *

CyberVolk VolkLocker Ransomware Undermined by Critical Cryptographic Implementation Flaw *

Critical Security Flaws in Apache StreamPark Expose Data to Decryption and Token Forgery *

ImageMagick Flaw Allows Arbitrary Memory Disclosure via PSX TIM Integer Overflow on 32-bit Systems *

Critical Plesk Vulnerability Enables Root-Level Server Takeover *

NVIDIA Merlin Deserialization Flaws in NVTabular & Transformers4Rec Risk AI Pipeline RCE *

Apple Releases Emergency iOS 26 Update to Patch Actively Exploited WebKit Zero-Day Vulnerabilities *

Critical pgAdmin Vulnerability Enables Server Takeover Through Database Restore via Malicious SQL Dump Files *

IBM Mitigates High-Risk Vulnerabilities Across Enterprise Software Stack *

Fieldtex Data Breach Affects Approximately 238,000 Individuals *

Pierce County Library Data Breach Exposes Information of 340,000 Individuals *

Adobe Delivers Critical Updates After Discovering 140 Vulnerabilities *

Global Developer Frustration as GitHub Faces Intermittent Server Failures *

Soledad WordPress Theme Vulnerability that Enables Full Site Takeover *

Critical Vulnerabilities Discovered in Apache Fineract Core Banking Platform *

Critical New Bugs in React Server Components Allow Server Downtime and Code Leak Exploits *

Spiderman Kit Fuels Advanced Phishing Campaigns Against Banks and Crypto Services *

MKVCinemas Streaming Piracy Platform Dismantled After 142M Visits *

Persistent Middle East Espionage: WIRTE Uses AshenLoader to Deploy AshTag Backdoor *

Critical Cryptographic Flaw in Gladinet CentreStack Enables Remote Code Execution Attacks *

Researchers Discover NANOREMOTE Malware Targeting Windows Systems Worldwide *

Notepad++ Fixes Flaw That Allowed Malicious Update Files *

Windows PowerShell CVE-2025-54100 Fixed: Improper Neutralization Enables Local Code Execution *

CISA Issues Warning on Actively Exploited GeoServer XXE Vulnerability in Updated KEV Catalog *

GitLab Releases Security Update Addressing Severe XSS and Denial-of-Service Flaws *

Critical Flaw in India-Based CCTV Cameras Exposes Video Feeds and User Credentials *

Active Exploitation of Gogs 0-Day Allows Remote Code Execution via API Endpoint Vulnerability *

SOAPwn Flaw Exposes .NET Apps to Remote Code Execution *

Critical Chrome Zero Day Flaw Patched in Urgent Security Update *

DroidLock Android Ransomware Locks Devices and Extorts Victims *

React2Shell Security Flaw Used in Coordinated Campaigns to Deploy Crypto Miners and Complex Malware Toolkits Across Businesses *

Security Alert: Zoom Rooms Vulnerabilities Put Conference Systems at Risk *

Critical Jenkins Vulnerabilities Expose Unauthenticated DoS via HTTP CLI and XSS via Coverage Reports *

Apache Struts 2 DoS Vulnerability (CVE-2025-66675) File Leak in Multipart Request Processing *

Fortinet Warns of Critical FortiSandbox Vulnerability Allowing OS Command Injection *

Windows Defender Firewall Bug Exposes Sensitive Data to Attackers *

PCIe Security Flaws Impact Intel and AMD Processors *

Akira ransomware group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities *

Microsoft Outlook Flaw Allows Remote Execution of Malicious Code *

New Vishing Threat Exploits Teams Calls and Quick Assist Sessions to Inject .NET Malware *

Makop Ransomware Targets RDP Vulnerabilities and Uses AV Evasion Tactics for Deployment *

Critical Zero-Click Flaw in Google Gemini Enables Complete Workspace Data Theft *

Critical n8n Git Node Flaw (CVE-2025-65964) Exposes Servers to Remote Code Execution *

Critical Rockwell Flaws Threaten Industrial Systems with SQL Injection Data Tampering and Safety Device DoS Needing Manual Fix *

High-Severity ZITADEL V2 Login UI Flaws Lead to SSRF Exploitation and XSS-Based Account Takeover *

Critical Fortinet Flaw Enables Unauthenticated Admin Bypass via FortiCloud SSO SAML Forgery *

Microsoft Patch Tuesday Security Advisory – December 2025 *

Critical Step CA Exploit Lets Threat Actors Mint Trusted Certificates Unchecked *

Vitas Healthcare Data Breach Exposes Sensitive Information of Over 300,000 Individuals *

Ivanti Issues Security Update to Fix Code Execution Vulnerabilities in Endpoint Manager *

Critical Vulnerability in Emby Server Enables Full Admin Access *

Anatsa (TeaBot) Banking Trojan Delivered via Fake Document-Reader App on Google Play *

React Ecosystem Exposed to High-Impact RCE via React2Shell Vulnerabilities *

Malicious Ads Used by Hackers to Spread Triada Malware to Android User Base *

JS SMUGGLER Malware Exploits Legitimate Websites to Deliver NetSupport RAT *

Malicious VSCode Extensions Drop Infostealers Through Microsoft Marketplace Supply-Chain Attack *

Cybercriminals Adopt Shanya Packer to Disable EDR and Launch Stealthy Ransomware *

AI Discovers GhostPenguin Undetectable Linux Backdoor Using RC5-Encrypted UDP for Covert Command and Control *

Critical Authentication Bypass Flaws in Ruby SAML Library *

SAP Rolls Out Final 2025 Security Notes Covering 14 Vulnerabilities Across Core Enterprise Components *

Major French Retail Chain Leroy Merlin Hit by Data Breach *

Barts Health Confirms Massive Data Breach Tied to Oracle E-Business Zero-Day *

India May Require Apple, Google, and Samsung to Enable Always-On GPS *

ASUS Acknowledges Vendor Exposure as Everest Releases Data and Reference ArcSoft, Qualcomm *

Factory Satellite Security Glitch Leaves Hundreds of Porsches Undrivable in Russia *

Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude & Other AI Developer Tools *

Stealthy Proxmox Hypervisor Abuse Exposed Through New LOLPROX Techniques *

TP-Link TL-WR940N V6 Affected by High-Severity UPnP DoS Vulnerability *

Inotiv Reports Ransomware Breach Impacting Pharmaceutical Research Systems *

Arena® Simulation Affected by DOE File Parsing Weakness That Enables Dangerous Stack-Based Buffer Overflow Attacks *

Critical Firebox Flaws Force Urgent Fireware OS Updates from WatchGuard *

High-Severity Duc Disk Tool Vulnerability (CVE-2025-13654) Allowing DoS and Information Leakage *

Critical lz4-java Vulnerability (CVE-2025-66566) Exposes Uninitialized Memory During Decompression *

Intellexa Spyware Vendor Targets iOS and Chrome with 15 Zero-Day Exploits, Deploying Predator Malware *

Critical Authentication Breakdown in Scheduling Platform (CVE-2025-66489) *

Apache Tika Core Vulnerability Enables System Exploitation via Malicious PDF Uploads *

Avast Sandbox Flaws Enable Attackers to Gain Elevated Privileges *

Subtle Privilege Escalation in AWS EC2 and SageMaker Through Execution Roles *

SeedSnatcher Android Malware is Critical Threat to Crypto Wallet Users *

BRICKSTORM Malware Alert Campaign by PRC-linked Actors *

Splunk Windows Bug Enables Local Privilege Escalation Through Misconfigured File Permissions *

SVG Clickjacking Technique Enables Highly Interactive UI-Redressing Attacks *

High-Severity Splunk Vulnerability Exposes Windows Systems to Privilege Escalation *

GoldFactory Strikes Southeast Asia Using Trojanized Banking Apps Driving 11,000+ Infections *

ArrayOS AG Remote Command Injection Enables Unauthorized Webshell Deployment *

Apache HTTP Server 2.4.66 SSRF NTLM Hash Exposure and Suexec Bypass Fixes *

CVE-2025-66399: Cacti Bug Exposes Servers to Remote Code Execution *

NVIDIA Issues Emergency Patch for Input-Validation and Oversized-Payload Flaws Causing Triton DoS Risks *

PickleScan Bypass Lets Malicious PyTorch Models Execute Code Silently *

Freedom Mobile Data Breach Exposes Sensitive Customer Information *

New Windows LNK Zero-Day Under Active Exploitation by Hackers *

India’s New SIM-Binding Mandate for Social Media and Messaging Platforms *

New Report Warns of 68 percent of Phishing Kits Protected by Cloudflare *

AISURU Botnet Launches Unprecedented 29.7 Tbps DDoS Assault *

DuperRunner Malware Delivered via LNK Files Targets Corporate Staff in Operation DupeHike *

Synology BeeStation Hit by Triple Vulnerability Chain Allowing Full System Takeover *

Marquis Data Breach Exposes Information Across Over 74 U.S. Banks and Credit Unions *

Critical Windows Vim Vulnerability (CVE-2025-66476) Enables Arbitrary Code Execution via Malicious Folders *

Severe RCE Vulnerability Discovered in React Server Components and Next.js *

React Server Components Critical RCE Flaw Enables Unauthenticated Attacks (CVE-2025-55182) *

Angular Security Advisory: Immediate Patch Required for CVE-2025-66412 *

Critical Elementor Plugin Flaw Allows Full Admin Takeover of WordPress Sites *

Critical CVE-2025-13486 Flaw in ACF Extended Enables Unauthenticated RCE on 100,000 WordPress Sites *

Cybercriminals Market Latest K.G.B RAT Toolkit Within Dark-Web Communities *

Stealthy Supply-Chain Attack Found in Malicious Rust Crate ‘evm-units’ Targeting Crypto Developers *

Google Pushes Emergency Security Update as Chrome 143 Fixes 13 New Vulnerabilities *

Critical Django Flaw Exposes PostgreSQL Databases to SQL Injection (CVE-2025-13372) *

Longwatch Critical RCE Vulnerability Enables Unauthenticated SYSTEM-Level Takeover (CVE-2025-13658) *

Threat-Hunting Alerts Impacted by Microsoft Defender Portal Outage *

Russia’s Aerospace and Defense Sectors Hit by Ukrainian Cyberattack *

OpenAI Codex CLI Exploit Lets Attackers Run Unauthorized Commands *

India Orders Messaging Apps to Work Only with Active SIM Cards *

Living Off the Land (LOTL) Tactics Enable Stealthy EDR Evasion Across Windows Environments *

Malicious VS Code Extension as Icon Theme — Hidden Backdoor Targets Windows and macOS Developers *

GlassWorm Campaign Expands With New Malicious VS Code and OpenVSX Extensions *

India Mandates Pre-Installation of Sanchar Saathi on All Smartphones *

ShadyPanda Weaponizes 4.3 Million-Download Extensions Into a Spyware Network *

KimJongRAT Strikes Windows Users via Malicious HTA Files *

OpenVPN Releases Patch for Critical Heap Over-Read and HMAC Bypass Vulnerabilities *

New Struts Flaw (CVE-2025-64775) Exposes Servers to Disk-Filling DoS Attacks *

Arkanix Stealer Uses Chrome Process Injection to Evade Modern Protections *

Android Critical DoS and Two Actively Exploited Zero-Days *

Coupang Confirms Data Breach Impacting Nearly 34 Million Customers *

Microsoft Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants *

Government Confirms Cyberattack Using GPS Spoofing Targeted Indian Airports *

Qualcomm Warns of Critical Vulnerabilities Undermining Secure Boot Integrity *

Microsoft Outlook MonikerLink Vulnerability Enables Remote Code Execution *

Legacy Python Bootstrap Scripts Pose Domain-Takeover Threat Across Multiple PyPI Packages *

APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies *

New Wave of Albiriox Malware Attacks Targets Android Users and Provides Criminals with Full Interactive Device Control *

Mercedes-Benz USA Breach Claim Involving Legal and Customer Data Surfaces Online *

Critical SQL Injection in Devolutions Server Lets Authenticated Users Extract All Stored Credentials *

GeoServer XXE Vulnerability CVE-2025-58360 Unauthenticated File Theft and SSRF via WMS GetMap *

New Malware Packer Discovered Masking EDR-Killers in Global Ransomware Attacks *

PoC Released for Critical Outlook Zero-Click RCE Vulnerability *

Critical Apache bRPC Vulnerability CVE-2025-59789 Puts High-Performance Systems at Risk of Server Crashes *

Apache Kvrocks Fixes Serious RESET and MONITOR Abuse Causing Privilege Escalation and Credential Leakage Risks *

Data Breach Reported by French Football Federation After Cyberattack *

Data Breach Hits Canadian Scientific Consultancy, Attackers Demand $1.2M Ransom *

Active Attacks Exploit WordPress RCE Bug Rated CVSS 9.8 *

Vivotek Legacy Firmware Permits Zero-Auth Arbitrary Command Execution via CGI Endpoint *

Public GitLab Repos Leak More Than 17,000 Sensitive Secrets *

Black Friday Scammers Are Impersonating Major Brands to Steal Your Money *

KawaiiGPT A Free Malicious AI Clone Leveraging DeepSeek, Gemini, and Kimi-K2 Models *

Microsoft Announces CSP Enforcement to Enhance Entra ID Sign-In Security *

Fake Battlefield 6 Cracks & Trainers Spread Infostealers and Backdoors *

Malicious Chrome Extension Crypto Copilot Steals Funds Through Hidden Solana Transactions *

Cyberattacks Target Telecommunications & Media Industry to Deploy Malicious Payloads *

Bloody Wolf Expands Spear-Phishing Campaign to Deliver NetSupport RAT Using JAR Loaders Targeting Central Asia *

Dead Man’s Switch Massive npm Supply-Chain Malware Attack *

Calendar-Based Cyberattacks: The Rise of Promptware Exploiting iOS and macOS Users *

OpenAI Alerts Users After Mixpanel Data Breach: Security Recommendations Issued *

ShadowV2 Botnet Leveraged AWS Outage to Test Large-Scale IoT Attack Capabilities *

GitLab Fixes Multiple Vulnerabilities Allowing Authentication Bypass and DoS Attacks *

London Councils Shut Down Key Systems Amid Ongoing Cyberattack *

Angular Security Failure Lets Hackers Steal XSRF Tokens via Protocol-Relative URLs *

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets *

Global Data Exposure: ByteToBreach Sells Compromised Airline, Finance, and State Records Online *

Water Gamayun Exploits New Windows Zero-Day in Global Espionage Campaign *

Browser-Based RCE in Ray (CVE-2025-62593) Puts AI & Python Developers at High Risk *

Chrome Extension Malware Adds Hidden SOL Fees *

Critical Stored XSS Flaw Discovered in Apache SkyWalking (CVE-2025-54057) *

Tor Introduces Galois Onion Encryption to Bolster Protection Against Cyber Attacks *

Delta Dental of Virginia Reports Intrusion into Data Environment Resulting in Exposure of Sensitive Customer Information *

Latest Cobalt Strike Update Introduces Advanced Malleable C2 and Stealth Upgrades *

VSCode Marketplace Targeted by Malicious Prettier Clone Deploying Anivia Stealer *

Zenitel TCIV 3 Plus Intercoms Exposed to Multiple Critical CVSS 9.8 Vulnerabilities *

RomCom Uses SocGholish Fake-Update Attacks to Deliver Mythic Agent Malware *

Nationwide Emergency Alerts Impacted After Major CodeRED Platform Cyberattack *

Critical Node-Forge Vulnerability Prompts Immediate Update and Security Checks *

High Severity NVIDIA DGX Spark Flaw Could Expose Sensitive AI Data and Allow System Takeover *

ASUS Routers Critical Authentication Bypass Vulnerability (CVE-2025-59366) *

Critical Fluent Bit Flaws Allow Remote Attacks on Cloud Environments *

Critical Remote Code Execution Vulnerability in Microsoft Update Health Tools *

Dartmouth College Hit by Clop in Targeted Data-Theft Attack *

Harvard University Announces Data Breach Impacting Alumni and Donors *

Malicious Blender Model Files Used to Deploy StealC Infostealing Malware *

Kimsuky APT Deploys Dual KimJongRAT Payloads, Switching Between PE PowerShell Based on Windows Defender Status *

Canon Allegedly Hit by Clop Ransomware Following Oracle E-Business Suite 0-Day Abuse *

HashiCorp Vault Authentication Bypass Vulnerability (CVE-2025-13357) *

ClickFix Social Engineering Campaign Delivers Stealthy Infostealer Malware *

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users *

Brazil Hit by Water-Saci Campaign with WhatsApp Web Hijacking and Memory-Resident Banking Trojan *

ToddyCat APT Gains Microsoft 365 Emails by Dumping OAuth Tokens from Memory & Copying Locked OST Files *

Linux Kernel 6.18-rc7 Released with Key Driver and Security Fixes as Final Version Approaches *

Apache Syncope Vulnerability (CVE-2025-65998) Allows Decryption of User Passwords via Hard-Coded AES Key *

Second Sha1-Hulud Malware Wave Hits 25,000+ npm Repositories, Stealing Developer Credentials *

Delta Dental of Virginia Data Breach Impacts 146,000 Individuals *

Client Information Compromised in SitusAMC Data Breach *

Zapier’s NPM Account Hacked, Multiple Packages Infected with Malware *

Fluent Bit Security Flaws Put Cloud Environments at Risk of RCE and Hidden Breaches *

Iberia Airlines Hit by Data Breach Exposing Customer Personal Details *

Wireshark Flaws Allow Crashes Through Crafted Packet Injection *

Threat Actors Inject Python Malware into Legitimate Windows Executable *

Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information *

Critical RCE Flaw Discovered in W3 Total Cache Plugin (CVE-2025-9501) *

Threat Actors Use Typo-Trick ‘rn’ for ‘m’ in Microsoft URL to Conduct Credential Theft *

Emergency Patch Issued for Azure Bastion After Discovery of Critical Login Bypass Vulnerability *

BadAudio Malware Used by China-Linked APT24 in Long-Running Espionage Campaign *

Emergency Patch Issued for Grafana SCIM User Impersonation Flaw (CVE-2025-41115) *

Global Enterprises Hit by Widespread Supply Chain Breaches, BlueVoyant Report Finds *

Threat Actor Alleges Massive 2.3TB Data Breach at Almaviva *

Critical Twonky Server Vulnerabilities Allow Attackers to Bypass Authentication *

Oracle Identity Manager Hit by Potential Zero-Day Exploit *

Salesforce Warns of Unauthorized Data Access Through Compromised Gainsight OAuth Tokens *

ShadowRay 2.0 Leverages Ray Authentication Gap to Create Expanding GPU Botnet *

UNC2891 Money-Mule Network Reveals Full Scope of ATM Fraud Operation *

Critical Weakness in Legacy Train Signaling Systems Allows Signal Spoofing *

Aruba Networking 100 Series Cellular Bridge Impacted by Critical Firmware Weaknesses *

Advanced Sturnus Banking Trojan Hijacks Android Devices and Steals Encrypted Messaging Data *

SonicWall Discloses High-Severity SonicOS Vulnerability Affecting Firewalls *

Critical Weaknesses in N-central Permit Attackers to Read Sensitive Configs via Legacy APIs *

Severe Windows Graphics Bug Lets Attackers Gain Control with Just One Image *

TamperedChef Campaign Delivers Stealthy Backdoor Through Digitally Signed Fake Installers *

Chinese Hackers Hijack Legitimate Software Updates Using EdgeStepper Tool to Redirect to Malicious Servers *

“The Gentlemen” Ransomware Crew Targets Enterprises With Encryption-Based Attacks and Data Exfiltration *

Ollama Vulnerabilities Permit Arbitrary Code Execution via Malicious Model File Parsing *

The Gentlemen Ransomware Campaign Targets Global Networks with Automation, Propagation, and Dual-Extortion *

JOSERFC Oversized JWT Token Vulnerability (CVE-2025-65015) Enables Uncontrolled Resource Consumption *

Sneaky2FA PhaaS Adopts Browser-in-the-Browser Technique for Advanced Phishing Attacks *

Critical DLL Hijacking Vulnerability (CVE-2025-13051) Found in ASUSTOR Backup and Sync Utilities *

Apache Causeway Releases Fix for Critical Java Deserialization RCE (CVE-2025-64408) *

Cloudflare Reveals Root Cause Behind Global Outage That Disrupted the Internet *

WhatsApp Flaw Exposes Phone Numbers of 3.5 Billion Users *

WrtHug Attack Wave Hijacks 50,000 Vulnerable ASUS Routers *

Multiple Critical Flaws in METZ CONNECT Controllers Expose Industrial Networks to Unauthenticated RCE *

Critical SolarWinds Serv-U Vulnerabilities (CVSS 9.1) Enable Admin RCE and Path Traversal Bypass *

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar *

Trojanized ‘Free’ VPN Extension with 9 Million Installs Hijacks Sessions and Tracks User Online Behavior *

AI-Generated ShadowRay 2.0 Botnet Targets 230,000 Exposed Ray AI Clusters *

Stealthy Chrome Malicious VPN Extensions Used for Traffic Redirection and Data Exfiltration *

Critical FortiWeb Vulnerability Under Attack: CISA Adds CVE-2025-58034 to KEV Catalog *

Four Severe Vulnerabilities Discovered in D-Link DIR-878 No Patches Due to EOS-EOL Status *

Eurofiber France Infrastructure Exposed After GLPI ITSM Platform Exploit *

Google Issues Emergency Chrome Update to Fix Actively Exploited Zero-Day *

Critical Flaw in Imunify AI-Bolit Component Allows Remote Code Execution *

Data Breach at Princeton University Compromises Student, Alumni, and Employee Records *

French Government-Linked Pajemploi Targeted in Breach Impacting 1.2M *

Threat Actors Leverage Remcos RAT C2 Network for Stealthy Remote Control *

Nine-Day Lynx Ransomware Attack Exposes Critical Security Gaps *

UNC1549 Exposed Tactics, Tools, and Malware Threatening Aerospace and Defense *

W3 Total Cache Plugin Vulnerabilities Endanger One Million Website Owners Worldwide *

Under Armour Data Breach: Everest Ransomware Group Boasts 343 GB Stolen Files *

Cloudflare Outage Disrupts X, OpenAI, and Popular Multiplayer Games *

EVALUSION ClickFix Campaign Deploys Amatera Stealer and NetSupport RAT in New Malware Wave *

DigitStealer Malware Hits M2+ Macs, Hijacks Ledger Live via JXA and DNS C2 *

DragonBreath APT Targets Chinese Users with Stealthy Multi-Stage RoningLoader Campaign *

Severe RCE Vulnerabilities Discovered in AI Inference Frameworks from Meta, Nvidia, and Microsoft *

Microsoft Azure Suffers Massive 15 Tbps DDoS Attack from Half a Million IPs *

Logitech Discloses Intrusion After Clop Publishes Stolen Data Claims *

Customized Social Engineering Tactics Used by Iranian SpearSpecter to Target High-Profile Officials *

Researchers Unveil New Techniques to Detect Outlook NotDoor Backdoor Malware *

LG Data Exposure Alleged After Hacker Publishes Source Code Samples *

TaskHound Exposes High Risk Windows Scheduled Tasks with Privileged Execution Paths *

Fortinet FortiWeb Authentication Bypass & Path Traversal (CVE-2025-64446) *

Critical MCP Server Injection Vulnerability Exposes Cursor IDE to Code Execution Remote *

Unremovable Israeli Spyware on Samsung Phones (AppCloud) *

IBM AIX Faces CVSS 10.0 RCE & NIM Private Key Exposure in Newly Disclosed Flaws *

ClickFix Attack Chain Uses Finger Protocol to Deploy Python Payloads, NetSupport RAT and Infostealers *

Critical pgAdmin Flaws Enable RCE Through Malicious PostgreSQL Dump Files *

CISA Issues Warning on Severe Lynx+ Gateway Flaw Enabling Unauthenticated Remote Reset With No Vendor Action *

High-Severity Memos Flaw (CVE-2024-21635) Allows Persistent Unauthorized Access *

Malicious npm Package With 206K Downloads Steals GitHub Tokens From Developer Repositories *

Cisco Catalyst Center CVE-2025-20341 Enables Authenticated Privilege Escalation on ESXi Deployments *

Lite XL Vulnerability Exposes Users to Code Execution Attacks *

Kraken Cross-Platform Ransomware Expands Attacks to Windows, Linux, and VMware ESXi Environments *

Malicious Ethereum Wallet Extension on Chrome Web Store Grants Full Wallet Control *

Phishing Campaign Targets Customers of Leading Italian Web Hosting Provider *

Android Photo-Frame App Distributes Malicious Payloads *

Imunify360 Zero-Day-Like RCE Threat Endangers Millions of Linux Web Servers *

Checkout.com Breach Linked to Exposed Legacy Cloud Storage System *

DoorDash Confirms October 2025 Data Breach Exposing User Contact Information *

High-Risk NVIDIA NeMo Vulnerabilities Impact AI Pipelines Before Version 2.5.0 *

Zero-day Attack Warning: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access *

Critical ASUS DSL Router Authentication Bypass Vulnerability (CVE-2025-59367) *

Zero-Day Campaign Targets Cisco ISE and Citrix, Compromising Critical Identity Systems Globally *

Severe Zoho Analytics Plus Vulnerability (CVE-2025-8324, CVSS 9.8) Enables Unauthenticated SQL Injection and Potential Data Compromise *

How Malicious Actors Turn Vector Images (SVG) Into Live Phishing Lures that Bypass Email Defenses *

OpenAI Sora 2 Security Bug Exposes System Prompts Using Audio Transcripts *

Dell Issues Emergency Patch After Critical Data Lakehouse Privilege-Escalation Bug *

Microsoft SQL Server Flaw Allows Attackers to Gain Elevated Privileges *

Massive npm Supply Chain Spam Campaign Publishes Over Fake Packages *

DanaBot Malware Resurfaces After 6-Month Hiatus to Target Windows Systems *

Security Update: Kibana SSRF and XSS Vulnerabilities Patched *

PAN-OS Firewall Vulnerability (CVE-2025-4619) Enables Unauthenticated Device Reboot *

GitLab XSS Flaw (CVE-2025-11224) Threatens Kubernetes Proxy Sessions *

Hackers Exploit SSRF Vulnerability in Custom GPTs, Exposing ChatGPT’s Cloud Secrets *

Tor Browser 15.0.1 Update Patches Multiple Vulnerabilities Across Platforms *

Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting Exploitation *

Apple Device Recovery Phishing Scam Targets Lost iPhone Owners with Fake “Found Device” Alerts *

New Android RAT “KomeX” (advertised on hacker forums) *

Microsoft Patches Critical Flaws in GitHub Copilot and Visual Studio Code Allowing Security Feature Bypass *

Rhadamanthys Infostealer Disrupted as Cybercriminals Lose Server Access *

New Phishing Wave Exploits Meta Business Suite Features for Credential Theft *

Critical Milvus Proxy Vulnerability (CVE-2025-64513, CVSS 9.3) Enables Authentication Bypass *

Apache OpenOffice Addresses Memory Corruption and Remote Content Loading Flaws *

Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution *

Critical GE Vernova Smallworld SWMFS Improper Authentication (CVE-2025-3222) *

Ivanti Endpoint Manager Vulnerabilities Could Allow Arbitrary File Writes to System Disk *

GlobalLogic Suffers Data Breach via Oracle E-Business Suite Zero-Day Exploit (CVE-2025-61882) *

Microsoft Patch Tuesday Security Advisory – November 2025 *

Vulnerability in Zoom Enables Bypass of Access Controls, Exposes Session Data *

Mozilla Patches Critical Firefox Flaws Enabling Remote Code Execution *

Security Alert-Themed Phishing Campaign Exploits Domain Trust to Steal Email Credentials *

Synology BeeStation Zero-Day Vulnerability (CVE-2025-12686) Allows Remote Code Execution *

KONNI APT Exploits Google Find Hub to Wipe Android Devices After Credential Theft *

Maverick and Coyote Banking Trojans Target Brazilian Users via WhatsApp *

SAP Issues November 2025 Patch Day Updates to Mitigate High-Severity Remote Code Execution and Injection Weaknesses in Key Business Applications *

Critical WatchGuard Firebox Vulnerability (CVE-2025-59396, CVSS 9.8) Enables Remote Admin Access via Default SSH Credentials *

Authenticated SQLi in SuiteCRM Exposes Customer Data Upgrade to 8.9.1 Now *

Quantum Route Redirect Phishing Service Targets Microsoft 365 Users *

JokerJanus-style Campaign Abuses Triofox Configuration to Deploy Remote Access Tools (CVE-2025-12480) *

Critical Devolutions Server Vulnerability (CVE-2025-12485, CVSS 9.4) Enables User Impersonation Through Pre-MFA Session Cookie Hijacking *

Kimsuky and APT37 Uses Google Find Hub Abuse Google Accounts for Remote Android Data Wipe Attacks *

Android Users Hit by Malware Disguised as Relaxation Programs *

Critical NPM Library Flaw in expr-eval Puts AI and NLP Applications at Risk of Remote Code Execution *

Data Breach at Chinese Security Giant Reveals Cyber Weapons and Global Espionage Campaigns *

Hospitality Sector Targeted by ClickFix Phishing and PureRAT Malware Campaign *

APT Groups Target Construction Industry Networks to Steal RDP, SSH, and Citrix Credentials *

Paragon “Graphite” Spyware Targets iOS Devices Through Zero-Click Exploits in Global Surveillance Campaigns *

China-Linked Espionage Campaign Targets U.S. Policy Non-Profit via DLL Side-Loading *

MAD-CAT Enables Real-World Data Corruption Simulation *

QNAP Fixes Multiple Zero Days Demonstrated at Pwn2Own 2025 *

Ex Intel Engineer Accused of Stealing 18000 Confidential Files Marked Top Secret *

Vidar Infostealer Launches First-Ever npm Attack Chain Through 17 Typosquatted Packages and Postinstall Payloads *

Hackers Compromise Sites to Insert SEO-Boosting Malicious Links *

Whisper Leak: Novel Side-Channel Attack on Remote Language Models *

LangGraph RCE Vulnerability CVE-2025-64439 in JsonPlusSerializer Enables Arbitrary Python Code Execution *

Threat Actors Exploiting Monsta FTP Remote Code Execution Vulnerability *

CVE-2025-37735: Elastic Defend Permission Bug Enables Local Privilege Escalation *

LeakyInjector and LeakyStealer Campaign Targets Crypto Wallets and Browser Data *

Landfall Android Spyware Exploits Samsung Zero-Day to Target Galaxy Phones Worldwide *

Advanced Persistent Threat Group Breaches U.S. Congressional Budget Office *

Keras Deep Learning Tool Impacted by Data Exposure Vulnerability *

Critical Flaw in NVIDIA NVApp for Windows Enables Remote Code Execution *

FreeBSD-based OPNsense Firewall Released for Security Issues and Improvements *

Phishing Campaign Targeting Travelers via Compromised Booking Accounts *

Cavalry Werewolf APT Campaign (FoalShell / StallionRAT) *

Elastic EDR Vulnerability Exposed: Call Gadgets Used to Bypass Detection *

DragonForce Ransomware Hits Manufacturing Firm, Using Brute-Force Attacks and SSH Data Exfiltration to Russian Server *

Trojanized npm Packages Deliver Vidar to Windows Hosts *

From Cyberspace to Strategy: How Chinese Cyber Activities Shape U.S. Foreign Policy Responses *

Amazon Addresses Critical Token Exposure Bug in WorkSpaces Linux Client (CVE-2025-12779) *

Cisco ISE RADIUS Vulnerability (CVE-2025-20343) Causes Unauthenticated Denial-of-Service Attacks *

OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) *

Russia-Aligned InedibleOchotense Impersonates ESET to Deploy Kalambur Backdoor Targeting Ukraine *

Malicious Plugin or Dependency Injection Enables Remote Code Execution in Claude Desktop Environment *

Massive DoS Risk Emerges from HTTP/2 ‘MadeYouReset’ Vulnerability *

Newly Discovered Flaws in GPT Models Enable 0-Click Exploitation *

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection *

ValleyRAT Campaign (ValleyRAT) — Windows Remote-Access Trojan *

EndClient RAT Exploits Hijacked Code-Signing to Bypass Endpoint Defenses and Exfiltrate Victim Data *

Gootloader Resurfaces After 7 Month Hiatus with Enhanced Evasion Techniques *

Hyundai AutoEver America Data Breach Exposes SSNs and Driver’s Licenses *

Critical VizAir Vulnerabilities (CVSS 10.0) Allow Unauthenticated Control of Airport Weather Systems *

PROMPTFLUX Malware Uses Gemini AI to Rewrite Its Code Hourly *

Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358) *

Google Issues Urgent Chrome Update to Patch Critical WebGPU and V8 Security Flaws *

Django Patches High-Severity SQL Injection (CVE-2025-64459) and DoS Bug (CVE-2025-64458) *

Apache OpenOffice Infrastructure Reportedly Breached via Akira Ransomware Campaign *

Attackers Exploit OneDrive.exe DLL Sideloading to Run Arbitrary Code *

17,000 Employees and Partners Affected in Nikkei Slack Security Incident *

CISA Flags Gladinet CentreStack and Control Web Panel Vulnerabilities Under Active Exploitation *

ASF Confirms No Evidence of Data Breach Following Akira Ransomware Claims *

AI-Driven Ransomware Surge Against European Organizations *

Jupyter Misconfiguration Vulnerability Lets Attackers Gain Root Access Remotely *

Malicious Android Applications on Google Play Accumulate Over 42 Million Downloads *

Microsoft Teams Identity & Message Manipulation Flaws (CVE-2024-38197) *

Critical CVE-2025-11749-AI Engine Plugin Authentication, MCP Token Exposure *

NGate Android Malware Relays NFC Transactions, Enables ATM Cashouts *

Critical Flaw in WordPress Post SMTP Plugin Exposes 400,000 Sites to Account Takeover Risk *

Sweden Probes Major Municipal IT Supplier Breach Affecting 1.5M People *

Malicious PuTTY and Fake Teams Ads Spread Malware, Granting Attackers Network Access *

Critical 0-Click Vulnerability Exposes Android Devices to Remote Code Execution Attacks *

Critical Vulnerability in React Native NPM Package Enables Remote Code Execution *

Balancer DeFi Platform Targeted in Multi-Chain Exploit, With Over $100 Million in Assets Drained from V2 Pools *

SleepyDuck RAT Infects IDE Extensions, Raises Supply-Chain Alarms *

Active RondoDox v2 Malware Campaign Exploiting Multiple IoT and Enterprise Vulnerabilities *

Google AI ‘Big Sleep’ Discovers Five New WebKit Vulnerabilities in Safari (CVE-2025-43429 through CVE-2025-43434) *

JobMonster WordPress Theme Hit by Critical Auth Bypass Vulnerability *

SesameOp Exploits Legitimate OpenAI API to Run Encrypted Espionage Operations *

Generative AI Empowers Rapid Reverse Engineering of XLoader’s Multi-Layer Encryption *

AI-Discovered Redis Flaw (CVE-2025-62507) — Stack Buffer Overflow Allowing Potential RCE *

Windows SMB Server Elevation-of-Privilege Vulnerability (CVE-2025-58726) *

Hacker Claims to Have Stolen 1.2 Million Donor Records in University of Pennsylvania Data Breach *

Major Telecom Provider Ribbon Communications Breached by State Hackers *

Windows Graphics Engine Flaws Allow Remote Code Execution by Attackers *

New Global Phishing Campaign Exploits Cloudflare and Zendesk Pages for Credential Theft *

Canada Reports Critical Infrastructure Breach by Hacktivists *

Operation SkyCloak Targets Russian, Belarusian Military via LNK Exploit and Tor Backdoor *

New Defensive Email Protocol Blocks Phishing Vectors Exploited in NPM Compromise *

Ernst and Young (EY) Exposes 4 TB SQL Server Backup Publicly on Microsoft Azure *

Elastic Cloud Enterprise Privilege Escalation (CVE-2025-37736) *

Open VSX Access Token Leak Enables Supply-Chain Malware Campaign *

New BOF Tool Exploits Microsoft Teams’ Cookie Encryption to Access User Chats *

UNC6384 Attack via Windows Shortcut Vulnerability (CVE-2025-9491) Deploys PlugX RAT Through Canon DLL Sideloading *

AMD Zen 5 RDSEED Flaw (CVE-2025-62626) Risks Randomness Integrity — Microcode Fix Coming *

ASD Warns of Ongoing BADCANDY Attacks Exploiting Critical Cisco IOS XE Vulnerability (CVE-2023-20198) *

Researchers Create Linux Rootkit That Bypasses Elastic EDR *

Russian Threat Actors Exploit LotL Methods, Deploy Sandworm Webshells, and Steal Credentials in Ukraine *

Chinese Hackers Exploit Cisco ASA Firewall Flaws to Target Governments Worldwide *

Conduent Data Breach Exposes Personal Information of Over 10 Million People Linked to Government Services *

Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads *

Brash — Critical Chromium Blink DoS via document.title injection *

Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations *

AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID *

CVE-2025-64095 Critical CVSS 10.0 Flaw in DNN Platform Allows Unauthenticated Website Overwrite *

MOVEit Transfer Vulnerability (CVE-2025-10932) Fixed in Latest Progress Security Update *

Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access *

500GB Great Firewall Data Breach Reveals Censorship Secrets *

PhantomRaven Campaign Steals Developer Tokens via Hidden npm Dependencies *

Airstalk Malware Exploits VMware AirWatch MDM APIs in Suspected Nation-State Espionage Campaign *

Lampion Stealer Returns with ClickFix Campaign to Steal User Credentials Stealthily *

Brash Vulnerability in Chromium Blink Engine Triggers Critical Browser Collapse *

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day (CVE-2025-61932) *

Critical XSS Flaw (CVE-2025-12450) Affects Over 7 Million WordPress Sites Using LiteSpeed Cache *

Russian-Linked Ransomware Gangs Weaponize Open-Source Exploits *

Thousands of WordPress Sites at Risk from Actively Exploited WP Freeio Privilege Escalation Vulnerability *

Windows Cloud Files Minifilter TOCTOU Privilege Escalation (CVE-2025-55680) *

Jenkins Hit by Series of Plugin Vulnerabilities, Including SAML Authentication Bypass (CVE-2025-64131) *

Automated Threat Campaigns Rise as Botnets Exploit PHP Flaws, IoT Weaknesses *

Hacktivist Attacks Disrupt Canadian Critical Infrastructure Systems *

npm Typosquat Campaign Delivers PyInstaller Infostealer via Fake CAPTCHA *

New AI-Targeted Cloaking Attack Deceives AI Crawlers Into Treating False Content as Verified Facts *

WooCommerce Credit Card Skimmer Malware Targets WordPress Sites *

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads *

Critical IBM Maximo Vulnerability (CVE-2025-36386) Exposes Cognos Analytics to Unauthenticated Attacks *

Critical MikroTik Vulnerability (CVE-2025-61481, CVSS 10.0) Leaks Admin Credentials via Unencrypted WebFig Interface *

Beast Ransomware (BEAST) — Active SMB-targeting RaaS with Double-Extortion Tactics *

Hackers Allegedly Claim Breach of HSBC USA Customers’ Records Including Financial Details *

Atroposia’s Plugin Ecosystem Enables Targeted Fileless Exfiltration *

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel & AMD DDR5 Secure Enclaves *

Dentsu Confirms Data Breach Impacting Its Subsidiary Merkle *

Gunra Ransomware Analysis: Dual-Platform Threat with Recoverable Linux Encryption Flaw *

Wear OS Messages Flaw (CVE-2025-12080) Enables Silent SMS/RCS Transmission by Unprivileged Apps *

Docker Compose Path Traversal Vulnerability (CVE-2025-62725) Enables Arbitrary File Overwrite via OCI Artifacts *

Critical Ubuntu Kernel Flaw Enables Local Privilege Escalation to Root *

XWiki Zero-Day RCE Actively Used to Deploy Cryptominer *

Gamaredon Phishing Campaign Exploits WinRAR Path-Traversal Flaw (CVE-2025-8088) to Target Government Entities *

Herodotus Sophisticated Android Malware Imitates Human Actions to Evade Biometric Defenses *

Predatory Sparrow Group Launches Cyber Attacks on Critical Infrastructure to Destroy Data and Disrupt Operations *

Kaspersky Tracks ForumTroll Hackers Exploiting Chrome Zero-Day to Spy on Users *

ChatGPT “Tainted Memories” Exploit Targets Atlas Browser Memory Feature *

BlueNoroff Refines Social Engineering Tactics to Target Executives and Financial Managers *

Everest Ransomware Targets Swedish Energy Infrastructure *

DLL Sideloading and Graph API: Inside Lazarus Group’s DreamLoader Operation *

Caminho Loader (LaaS) Uses LSB Steganography to Hide .NET Payloads in Images *

Ubiquiti UniFi Access App Flaw Exposes Management API to Unauthenticated Access *

New SideWinder Attack Chain Uses ClickOnce to Compromise South Asian Diplomats *

Baohuo Android Backdoor Disguised as Telegram X Clone Uses Redis-Based C2 Infrastructure *

Apache Addresses Tomcat RCE and Log Escape Flaws Allowing File Upload and Hijack Server *

Prompt Injection Risk in ChatGPT Atlas via Malformed URLs *

Major HashiCorp Vault Vulnerabilities Expose Systems to Authentication Bypass and DoS Attacks *

Italian Spyware Vendor Memento Labs Linked to Chrome Zero-Day Exploits in Operation ForumTroll *

EDR-Redir Tool Bypasses EDR Protections (EDR-Redir) *

DDoS Attack Disrupts Russian Food-Safety Agency Rosselkhoznadzor’s Shipment Tracking Systems *

Smishing Triad 194,000+ Malicious Domains Power Global Phishing-as-a-Service Campaign *

WhatsApp Zero Click Exploit Disclosed to Meta *

North Korean Chollima Threat Actor Activity Surges in Crypto and Espionage Operations *

Qilin Ransomware Hybrid Attack Leverages Linux Payload & BYOVD Exploit *

BreachForums Returns Again with New Clearnet Domain *

Microsoft Adds Wi-Fi-Based Work Location Auto-Detection to Teams *

RedTiger Infostealer Used to Hijack Discord Accounts *

Unauthenticated API Bypass Flaw Exposes Dell Storage Manager to Remote Exploitation (CVE-2025-43995) *

OpenWrt patches ubusd RCE and ltq-ptm kernel memory leak *

Veeder-Root TLS4B Command Injection RCE (CVE-2025-58428) *

Datadog Reveals CoPhish Phishing Campaign Abusing Microsoft Copilot Studio Agents for OAuth Token Theft *

APT36 Deploys Golang-Based DeskRAT in Espionage Campaign Against Indian Government *

Critical ZYXEL ATP/USG Vulnerability (CVE-2025-9133) Exposes Sensitive Configurations *

Proofpoint Launches PDF Object Hashing Tool to Detect Malicious PDFs *

Samsung Galaxy S25 Zero-Day Vulnerability Allows Remote Camera and Location Access *

Multiple Oracle VM VirtualBox Vulnerabilities Enable Complete Takeover *

Self-Spreading GlassWorm Malware Infects VS Code Extensions in Global Supply Chain Attack *

SquareX Uncovers Cybercriminals Impersonating AI Sidebars in Browser Extensions *

Critical HP OneAgent Update Disrupts Microsoft Entra ID Access *

Toys “R” Us Canada Data Breach Exposes Customer Information *

Fileless Remcos RAT (Commercial RAT) Campaign Bypassing EDRs *

Lazarus Group Targets European UAV Firms in Sophisticated Cyberespionage Campaign *

CISA Alerts on Critical Raisecom Router Bug (CVE-2025-11534, CVSS 9.8) Allowing Root SSH Access Without Authentication *

PhantomCaptcha Spearphishing Campaign Uses Social Engineering and WebSocket RAT, Exploits Fake Captcha for Remote Access *

Critical NeuVector RCE Vulnerability (CVE-2025-54469) Enables Command Injection via Unsanitized Environment Variables *

Researchers Uncover Warlock Ransomware, A Chinese-Linked Threat Exploiting Microsoft Zero-Day *

Critical WSUS RCE via Unsafe AuthorizationCookie Deserialization — CVE-2025-59287 *

Critical Argument Injection Vulnerability in AI Agents Allows Remote Code Execution *

Security Bug in Perplexity’s Comet Screenshot Function Enables Prompt Injection Exploits *

Severe Smithery.ai Vulnerability Exposes Thousands of AI Servers and Credentials *

WinRAR RAR Archive Exploit Lets Attackers Drop Files *

SessionReaper Vulnerability Actively Exploited in Adobe Commerce and Magento *

Iranian APT MuddyWater Deploys Phoenix Backdoor in Attacks on 100+ Government Entities *

Critical BIND 9 Flaws Allow DNS Cache Poisoning and Denial-of-Service Attacks *

CISA Issues Warning as Hackers Exploit Major Lanscope Endpoint Manager Vulnerability *

Jingle Thief Hackers Target Cloud to Steal Gift Cards *

Jira Path Traversal Vulnerability (CVE-2025-22167) Enables Arbitrary File Write on Server and Data Center Instances *

Symantec Exposes Coordinated Chinese Cyber Espionage Campaign Targeting Global Organizations *

Malicious NuGet Typosquat “Nether?um.All” Targets Developers to Steal Crypto Wallet Keys via Solana-Themed C2 *

Bitter APT Launches Targeted Cyber-Espionage Campaign Using WinRAR Zero-Day and Malicious Office Files *

High-Severity V8 Vulnerability (CVE-2025-12036) Prompts Urgent Google Chrome Update *

GitLab Fixes High-Severity Runner Hijacking Bug (CVE-2025-11702) and Several Denial-of-Service Vulnerabilities *

New APT Campaign PassiveNeuron Deploys Novel Malware Across Three Continents *

Millions of User Credentials Compromised Daily by Stealer Malware *

SharkStealer Uses EtherHiding on BSC Testnet to Evade C2 Detection *

High-Severity TARmageddon Flaw Found in Popular Rust TAR Libraries *

Vidar Stealer Targets Browser Credentials with Direct Memory Attacks *

Muji Suspends Online Sales Following Ransomware Attack on Delivery Partner *

PolarEdge Router Botnet Expands: Cisco, ASUS, QNAP, Synology Targeted *

Sophisticated APT PassiveNeuron Returns, Escalates Attacks on Government and Finance *

Luma Infostealer Malware Targets Browser Data and Crypto Wallets *

Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Through Indirect Prompt Injection *

Critical Vulnerabilities in TP-Link Omada Gateways Prompt Urgent Firmware Update *

AdaptixC2 Targets Developers Through Malicious npm Supply-Chain Attack *

Remote Code Injection Vulnerability Discovered in Apache Syncope's Groovy Integration *

Critical Vulnerability in LANSCOPE Endpoint Manager Enables Remote Code Execution *

Critical Moxa Vulnerability (CVE-2025-6950, CVSS 9.9) Enables Unauthenticated Admin Access Through Hard-Coded JWT Secret *

Severe Squid Proxy Bug (CVE-2025-62168) Allows Credential and Token Leakage Through Error Pages *

Global Internet Disruption as AWS Outage Hits Key Services *

Clone Wave Hijacks WhatsApp via 131 Chrome Extensions *

PoC Published for High-Severity Linux-PAM Flaw Allowing Local Privilege Escalation *

Volkswagen Hit by Ransomware Group 8Base in Alleged Global Data Breach *

Zimbra Releases Urgent Update to Fix Critical SSRF Flaw in Chat Proxy *

Phishing Campaign Leveraging Microsoft Logos and Remote Access Fraud *

BlockNovas Threat Group Evolves with New OtterCandy Malware in ClickFake Interview Campaign *

Indiana City Acknowledges Ransomware Hackers Caused Widespread Disruption in September *

Advanced Winos 4.0 Toolset Powers Silver Fox Cyber Attacks in Asia Pacific *

Windows 11 24H2/25H2 Update Causes Mouse and Keyboard to Stop Working in Recovery Mode *

Dairy Farmers of America Confirms June Cyberattack Exposed Personal Information *

Phoenix Contact Patches QUINT4 UPS Flaws; One Vulnerability Remains Unfixable *

Microsoft Patches Most Severe ASP.NET Core Vulnerability to Date *

ConnectWise Automate Security Vulnerabilities Allow Injection of Malicious Code via Software Updates *

Misconfigured NetcoreCloud Server Leaked 40 Billion Records Across 13.4TB of Data *

Critical Security Flaws Found in Spring Cloud Gateway (CVE-2025-41253) and Spring Framework (CVE-2025-41254) *

LinkPro Rootkit Leverages eBPF on GNU/Linux to Conceal Malicious Activity *

Critical GDI Vulnerability in Windows Rust Kernel Module Causes System Instability *

Fake Microsoft Support Scam Tricks Users into Giving Up Credentials *

AI Used to Boost Cyberattacks and Create Malware, Report Finds *

VMware Workstation and Fusion 25H2 Update Introduces New Features and Expanded OS Compatibility *

Cisco IP Phone Bugs in CUCM-Registered Devices Allow Remote DoS and XSS Threatening Network and Device Stability *

Prosper Data Breach Exposes Personal Information of 17.6 Million Users *

North Korea-Linked Hackers Exploit EtherHiding Technique in Advanced Crypto Theft Campaign *

Log Poisoning Attack Exploits phpMyAdmin to Deliver Gh0st RAT *

Critical Deno Vulnerability Enables Command Injection via Batch Files on Windows *

Akka.NET TLS Vulnerability Exposes Clusters to Untrusted Access (CVE-2025-61778) *

Sotheby’s Confirms Data Breach Exposing Customer Financial and Personal Information *

Severe Samba Flaw Enables Unauthenticated Attackers to Execute Commands Remotely *

Windows Scheduled Tasks Used to Spread ValleyRAT *

TP-Link AX1800 Media-Sharing Vulnerability Leads to Root Shell *

Critical UEFI Shell Bug Exposes 200K Framework Laptops to Secure Boot Bypass *

Previously Removed Malicious Extensions Found Again on OpenVSX *

PhantomVAI Loader Uses Image Steganography to Deploy Katz Stealer and Bypass Sandboxes *

Critical Vulnerability in Apache ActiveMQ Allows Arbitrary Code Execution on Clients *

UK firm Capita Hit with Microsoft 365 Breach and Ransomware Attack Resulting in £14 Million Fine *

ScreenConnect Exploited in Campaign Granting Unauthorized Remote Access *

Android “Pixnapping” hijacks screen pixels to grab MFA codes *

Fake LastPass and Bitwarden Breach Alerts Used to Deliver PC-Hijacking Malware *

Adobe Releases Patch for Critical Vulnerability in Connect Collaboration Suite *

NSE Defends Against Record-Breaking Cyberattacks During Operation Sindoor Simulation *

Nation-State Hackers Breach F5 Networks, Steal BIG-IP Source Code and Vulnerability Data *

New Windows Server 2025 Update Disrupts Large Group AD Sync *

Jewelbug Campaign Targets Russian IT Provider and Software Supply Chain *

Clothing Brand MANGO Reports Unauthorized Access to Customer Info *

Security Risks Ahead: Microsoft Ends Support for Exchange 2016 and 2019 *

Two Critical Vulnerabilities in Red Lion RTUs Could Give Hackers Complete Industrial Control *

Veeam Issues Critical Security Patch to Prevent Remote Code Execution Attacks *

Supply Chain Vulnerability in Clevo UEFI Firmware Exposes Intel Boot Guard Private Keys (CVE-2025-11577) *

Authentication Bypass Vulnerability Identified in FortiPAM and FortiSwitch Manager *

New GhostBat Android Malware Posing as RTO Apps Targets Indian Bank Customers *

FortiOS CLI Vulnerability Lets Attackers Run Arbitrary System Commands *

Critical Vulnerability in IIS Allows System Level Access via Malicious COM Object Race *

Microsoft Patch Tuesday Security Advisory – October 2025 *

Rockwell Automation Fixes Critical Flaws in FactoryTalk and ArmorStart Systems *

Google Patches Use-After-Free Exploit in Chrome *

SAP NetWeaver Vulnerability Enables Remote Denial-of-Service via Malformed Logon Tickets *

Critical Flaw in Elastic Cloud Enterprise Enables Malicious Command Execution *

Colombian Court-themed SVG Smuggling Campaign Distributes AsyncRAT via Malicious HTA *

Pro-Russian Hacktivist Harvests Credentials from OT-ICS Networks *

Free Windows 10 ESU for One Year Comes with Mandatory Account and Cloud Backup Setup *

Critical Vulnerabilities Expose Ivanti Endpoint Manager to Deserialization, Path Traversal & SQL Injection Risks *

Massive International Botnet Targets U.S. RDP Services *

Migration from Windows 10 is Critical as EOL Status Creates Exploitable and Non-Compliant Systems *

Astaroth Banking Trojan Persists via GitHub After Disruption Attempts *

Kearney Cyberattack Highlights Growing Threat to Education Sector *

Better Auth Vulnerability Enables Complete Account Takeover via API Key Exploit *

MediaTek Warns of Multiple High-Severity Vulnerabilities Affecting Wi-Fi and GNSS Hardware *

Critical Zero-Click Vulnerability Found in Cherry Studio – CVE-2025-61929 *

New WhatsApp Worm Deploys Banking Malware, Exfiltrates Credentials *

SimonMed Imaging Data Breach Exposes Data of 1.2 Million Patients *

RealBlindingEDR: Kernel Callback-Based Tool for Disabling AV/EDR Permanently *

Massive Salesforce Data Breach Linked to Scattered Lapsus$ Hunters *

Microsoft Fixes Long-Standing Windows 11 ‘Update and Shut Down’ Glitch *

Critical DOM Vulnerability Enables Remote Code Execution, Impacting 2.7 Million Users *

Spanish Cybercrime Unit Shuts Down Sophisticated Phishing Network Using AI *

Axis Plugin Exposed Hardcoded Secrets in Signed DLLs Enabled Widespread Access to Sensitive Resources *

Critical Zero-Day in Gladinet/Triofox (CVE-2025-11371) Enables RCE via LFI *

Discord Webhooks Weaponized for Supply Chain Attacks Across Multiple Ecosystems *

Alert on Fake Homebrew Installer Sites Targeting macOS Developers with Malicious Payloads *

High-Severity Vulnerabilities Patched in NVIDIA GPU Drivers Across Windows, Linux, and vGPU *

TP Link Router (CVE 2023 28760) Writable USB Share Can Lead to Root RCE, PoC Out *

Antivirus Software Vulnerabilities Allow Backdoor Exploits by Hackers *

New Smishing Scam Targets New Yorkers with Fake Inflation Refund Messages *

High-Severity Oracle E-Business Suite Vulnerability (CVE-2025-61884) Enables Data Access Without Authentication *

ChaosBot Breaches Networks via CiscoVPN and AD Credentials *

Researchers Uncover 175 Malicious npm Packages Used to Redirect Victims to Phishing Sites *

Polymorphic Python RAT Evades Detection by Mutating on Every Execution *

Dell Power Manager Vulnerability Exposes Devices to Local Exploits *

Critical Flaw in Worldline Yomani XR Terminals Allows Root Access via Debug Port *

North Korean APT Contagious Interview Uses 338 Malicious npm Packages to Target Cryptocurrency Developers *

Apple now pays $2M for zero-click RCEs *

SentinelLabs Identifies MalTerminal as an Early LLM-Based Attack *

Stealit Uses Node.js SEA to Spread via Fake Game and VPN Installers *

GitHub Copilot Vulnerability Exposes Private Repositories to Source Code Theft *

Ransomware Actors Leverage Velociraptor in Sophisticated Storm-2603 Campaign *

Massive Data Breach Reported at KFC Venezuela—1 Million Affected *

APT Group 'Contagious Interview' Launches Massive npm Attack to Steal Cryptocurrency *

Massive Global Botnet Targets Remote Desktop Protocol Services *

Payment Terminal Breach Allows Remote Control *

Law Enforcement Shuts Down Newly Revived BreachForums Clearnet Marketplace *

RondoDox Botnet Uses ‘Exploit Shotgun’ to Target 50+ Flaws in Routers and IoT Devices *

Researchers Publish PoC Exploiting Nothing Phone Boot Chain Flaw *

Pro-Russian Group TwoNet Exploits XSS Flaw in Fake Water Treatment Plant *

SnakeKeylogger Malware Spreads via Fake Remittance Emails Using PowerShell and ISO Files with BAT Scripts *

Juniper Networks Issues Patches for Critical Vulnerabilities in Junos Space *

Chaos Ransomware’s New C++ Variant Combines File Deletion and Bitcoin Clipboard Hijacking *

Cybercriminals Target U.S. University Payrolls via HR Platform Phishing *

CrowdStrike Issues Updates to Resolve Two Windows Falcon Sensor Vulnerabilities Affecting System Stability *

GitLab Patches Two High-Severity Vulnerabilities in CE and EE Editions *

Flowise Vulnerability (CVE-2025-61913) Allows Remote Code Execution via Arbitrary File Write *

Microsoft Azure Suffers Major Outage, Disrupting Cloud Services Across Multiple Regions *

Tracing UTA0388s Espionage Malware from HealthKick Origins to GOVERSHELL Advancement *

7Zip Vulnerabilities Allow Remote Code Execution on Unpatched Systems *

SonicWall Confirms Breach of Customer Firewall Configuration Backups *

ClayRat Turns Phones into Spy Tools via Social Engineering *

GitLab Releases Critical Security Fixes for Multiple Denial-of-Service Vulnerabilities *

Hackers Use Cache Smuggling to Upgrade ClickFix, Silently Delivering Malware *

PoC Released for Vulnerability in ksmbd Filesystem of Linux Kernel *

Researchers Discover Python Malware Capable of Changing Its Code on Each Execution *

Critical OData Injection Flaw Found in Microsoft Events Exposing Registration and Waitlist Databases *

Attackers Target WordPress Plugin Vulnerability to Hijack Admin Accounts *

GlobalProtect Portals Under Siege: 2,200 IPs Launch Coordinated Attacks on Palo Alto PAN-OS Systems *

BK Technologies Reports Cybersecurity Incident Impacting IT Systems and Employee Data *

Figma Under Threat: MCP Vulnerability Allows Hackers Full Access *

“Mic-E-Mouse” Hack Turns Ordinary Mice Into Tools for Stealing Private Audio Data *

Crimson Collective Targets AWS Cloud Environments for Data Theft *

Open Source Tools Weaponization Marks New Phase in Cyber Warfare *

Google Chrome Update Fixes Critical Memory Vulnerabilities *

Nagios Vulnerability Exposes Administrative API Keys in Cleartext *

Critical Privilege Escalation Vulnerability Affects AWS Client VPN for macOS *

Shuyal Malware Compromises 19 Browsers to Steal Login Data *

ASCII Smuggling Vulnerability Exploiting Hidden Unicode Tags Exposes AI Systems to Spoofing and Poisoning *

CSS Hidden-Text Attacks: Salting Methods Used to Conceal Malware *

Suspected Chinese Hackers Launch Phishing Campaign Against Serbian Aviation Authority and EU Targets *

Qilin Ransomware Gang Hacks Mecklenburg County, VA Public Schools *

Go-Based Vampire Bot Malware Used in Job Scam by Vietnamese Threat Actor BatShadow *

FWMEP Data Breach Exposes Sensitive Info of 29,485 Individuals *

Avnet Confirms Data Breach Affecting EMEA Region, Says Most Data Unreadable Without Proprietary Tools *

CVE-2025-59159: Critical Flaw in SillyTavern Allows Remote Code Execution on Local AI Instances *

CISA Warns of Ongoing Exploitation of Microsoft Windows Privilege Escalation Vulnerability *

Trinity of Chaos Hackers Steal and Leak Data from 39 Companies, Including Cisco and Google *

Multiple Critical Vulnerabilities Fixed by Elastic in Kibana and Elasticsearch *

OpenSSH Clients Vulnerable to RCE via OpenSSH ProxyCommand Username Injection Using Malicious Git Submodules *

Snipe-IT Flaw Chain Enables Remote Code Execution and Complete Server Compromise *

Russian Cybercrime Group Deploys Latrodectus V2 Loader in New Ransomware Campaign *

Critical Qt Flaws in SVG Module Threaten Embedded and IoT Systems *

IBM Security Verify Access Vulnerability Enables Root Level Privilege Escalation CVE-2025-36356 *

Doctors Imaging Group Reports Data Breach Affecting Over 171,000 Patients *

WireTap Attack Circumvents Server SGX to Exfiltrate Sensitive Data *

FCC Accidentally Leaks Apple’s Confidential iPhone 16e Technical Data *

Severe Redis Vulnerability (CVE-2025-49844) Enables Remote Code Execution via Lua Scripting *

QNAP Patches Critical Vulnerabilities in NetBak Replicator and Qsync Central, Including RCE and SQL Injection *

Persistent WARMCOOKIE Threat Gains Advanced Execution and Campaign Tracking Capabilities *

Google Chrome Hit by WebAssembly Vulnerability Leading to Full Code Execution *

Hackers Reportedly Breach Huawei Technologies, Expose Source Code and Internal Tools *

Adobe Analytics Update Bug Results in Exposure of Client Data to Other Tenants *

PoC Exploit Released for Sudo Vulnerability That Grants Root Access *

Yurei Ransomware Spreads Through Network Shares and USB Drives to Lock Files *

Abuse of IT Administration Tools Enables Stealthy Ransomware Deployment *

WordPress Sites Silently Compromised Through Server-Side PHP Injections in Theme Files *

Red Hat Confirms Access to Internal Repositories by Unauthorized Party *

Zimbra Flaw Exploited in Zero-Day Attack via iCalendar Files *

Unauthenticated Remote Code Execution Threatens Oracle EBS *

Local Privilege Escalation in Zabbix Agent via OpenSSL DLL Injection CVE-2025-27237 *

Microsoft Identifies Bug Causing Outlook Classic to Crash on Startup *

CometJacking Attack Tricks Comet Browser into Email Theft *

Detour Dog Exploits DNS Infrastructure to Deploy Strela Stealer Malware *

Palo Alto Networks Login Portals See Massive Surge in Scanning Activity *

Severe Security Flaw in Unity Editor Enables Arbitrary Code Execution Across Major Operating Systems *

Critical Privacy and Security Flaws Found in Mobile VPN Solutions *

Apple EV Certificates Misused to Deliver Fully Undetectable macOS Malware *

OpenSSL Addresses Three Security Flaws: Memory Corruption and Timing Attacks Affect Numerous Versions *

XWorm V6.0: RAT Turned Ransomware Threat Targets Windows Systems *

New FreeIPA Flaw (CVE-2025-7493) Allows Attackers to Escalate Privileges to Domain Admin *

Critical flaw CVE 2025 6388 enables authentication bypass in WordPress plugin and is actively exploited *

Critical WebUI Vulnerability in DrayOS Routers Allows Unauthenticated Remote Code Execution *

Renault and Dacia UK Report Data Breach Affecting Customers *

DrayTek Fixes Major WebUI Flaw Allowing Remote Code Execution Without Authentication *

Cavalry Werewolf Phishing Campaign Delivers FoalShell and StallionRAT to Russian Agencies *

Yoast SEO Premium Vulnerability Exposes WordPress Sites to XSS Attacks *

Android Spyware Masquerades as Signal and ToTok to Target Users *

SORVEPOTEL Malware Spread via WhatsApp Targets Windows Systems *

Compromised Endpoints Weaponized by GhostSocks Proxy Malware Service *

Attackers Deploy Point and Click Phishing Tool That Evades Email Filters *

High-Value IIS Servers Compromised by Chinese Hackers to Influence Search Rankings *

SideWinder Targets Government Entities Across South Asia With Sophisticated Credential Phishing *

Coordinated Campaign Exploits Grafana CVE-2021-43798 in One-Day Global Surge *

Critical Security Vulnerabilities Discovered in Splunk Enterprise and Splunk Cloud Platform *

Google Chrome Patches Dozen Security Flaws in Major Stability Update *

Three Critical Vulnerabilities in TOTOLINK X6000R Routers Enable Remote Code Execution *

CABINETRAT Malware Spreads via Malicious Excel Add-ins in Ukraine *

Ransomware Attack on Dealership Software Firm Exposes Sensitive Data *

Termix Docker Image Leaking SSH Credentials(CVE-2025-59951) *

Apache Kylin Flaw (CVE-2025-61733) Allows Complete Authentication Bypass in OLAP Engine *

Critical NVIDIA Vulnerabilities Allow Privilege Escalation on Affected Systems *

Malicious PyPI Package SoopSocks Poses as SOCKS5 Proxy and Installs Backdoor on Windows Systems *

Datzbro Trojan Targets Seniors with Fake Facebook Scams to Steal Banking Data *

New Klopatra Android RAT Uses Stealth VNC and Paid Obfuscators to Hijack EU Banking Logins *

CVE-2025-10725: OpenShift AI Role-Binding Flaw Lets Low-Privileged Users Become Cluster Admins *

Phantom Taurus: New China-Connected Cyberespionage Group Deploys Stealth Malware Against Governments *

New China Linked APT Group Deploys NET STAR to Breach Government and Telecom Servers *

Patchwork APT Exploits Macros and Scheduled Tasks for Stealthy C2 and Exfiltration *

Cybercriminals Exploit Google Careers Branding in Sophisticated Phishing Attack *

Cyberattack Halts Production at Asahi Group, Disrupts Operations Nationwide *

Researchers Reveal Google Gemini AI Vulnerabilities Enabling Prompt Injection and Cloud Exploitation *

Western Digital My Cloud NAS Devices Affected by Critical Command Injection Vulnerability *

New Infostealer Hides Control Using BNB Smart Chain and Steam Profiles *

Broadcom Patches Critical Vulnerabilities in VMware vCenter and NSX *

Cisco ASA End of Life Devices Targeted by Persistent Bootkit RayInitiator and LINE VIPER *

Broadcom Releases Patches for VMware Tools and Aria Operations to Address Privilege Escalation and Information Disclosure Flaws *

New Spear-Phishing Campaign Deploys DarkCloud Infostealer for Credential Theft *

CVE-2025-58384 (CVSS 10): Watchdoc Print Management Software Hit by Severe RCE Flaw *

Critical Security Alert Apache Fory Pyfory Exposes Systems to RCE *

Malicious Actors Leveraging Dynamic DNS Services for Cyber Attacks *

Rhysida Ransomware Gang Claims Cyberattack on Maryland Transit Administration *

Medusa Ransomware Group Claims Massive Data Breach on Comcast, Demands $1.2 Million Ransom *

Harrods Suffers Major Data Leak as 430,000 Customer Records Stolen Through Vendor Breach *

Archer Health Breach Exposes 23GB of Patient Medical Records *

New Olymp Loader Malware-as-a-Service Enables Defender Bypass and Auto Certificate Signing *

ThreatBook Rolls Out Industry-Leading Threat Intelligence Technology *

WhatsApp 0-Click Vulnerability Exploited via Malicious DNG Image *

Windows Heap Record Update Flaw Enables Arbitrary Code Execution *

CVE-2025-59934: Formbricks Password Reset Vulnerability Enables Account Compromise *

Critical Rancher Vulnerability Enables Admin Lockout and Account Takeover via Username Manipulation *

Cybercriminals Exploit Facebook, Google Ads, and YouTube to Spread Crypto-Stealing Malware *

ASLR Bypass via NSDictionary Serialization on Apple Devices *

New DLL Hijack Flaw in Notepad++ Could Be Weaponized for Local Attacks *

XCSSETmacOS Malware Evolves Variant Exploits Firefox and Clipboard for Crypto Theft *

Cyberattack on Jaguar Land Rover Triggers Major Supply Chain Disruption *

Collins Aerospace Restores Airline Systems Following Cyberattack *

Thousands of Bank Transaction Records in India Leaked Due to Fintech Cloud Security Flaw *

Ransomware Attack on Kido International Exposes Data of 8,000 Children Across Global IT Infrastructure *

Fake Microsoft Teams Installers Spread Oyster Malware Through Malvertising *

New LNK-Based Attack Exploits Legitimate System Binaries *

Rust Dependency Attack Targets Solana and Ethereum Private Keys *

LockBit 5.0 Ransomware: Advanced Multi-Platform Variant Strikes Windows, Linux, and ESXi Systems *

High-Severity Vulnerability Found in Rack’s Query Parameter Handling *

Steam Acknowledges Malware Discovery in BlockBlasters Game *

CloudSEK Uncovers Sophisticated Botnet Campaign Targeting Routers and Enterprise Systems *

Arizona School District Alerts 35,000 Individuals of Data Breach After Ransomware Attack *

Unpatched Vulnerabilities in Legacy Cognex Cameras Pose Serious Industrial Security Risks *

Ransomware Attack on Union County, Ohio Exposes Data of 45,000 Residents and Employees *

JWT Validation Flaw in Formbricks Exposes Users to Full Account Takeover *

Attackers Exploit SVG Files in New Phishing Campaign Against Ukraine *

Nvidia Issues Critical Security Update for Megatron-LM Framework *

Sophisticated XCSSET macOS Variant Hijacks Cryptocurrency Payments *

Critical Apache Airflow Flaw (CVE-2025-54831) Exposes Secrets to Read-Only Users *

New Linux Kernel Vulnerability in ksmbd File-Sharing Server Enables High-Privilege Remote Attacks *

GitLab Patches High-Severity DoS Vulnerabilities Allowing Unauthenticated Attackers to Crash Instances *

RedNovember Group Targets Government and Tech Firms to Install Persistent Backdoor *

Mapped Links Identified Between Hacker Groups LAPSUS$, Scattered Spider, and ShinyHunters *

Critical Cisco Security Flaw Lets Hackers Gain Root Access via HTTP Services *

NTDS.dit Pulled from Active Directory Threat Actors Gain Domain Access *

Typosquatted Rust Crates Impersonate Logging Libraries to Steal Ethereum and Solana Wallet Keys *

Mass Exploitation of CVE-2017-7921 Highlights Need for Urgent Firmware Updates *

Zloader Reemerges as a Sophisticated Initial Access Broker for Ransomware Attacks *

BRICKSTORM Malware Campaign Targets US Legal, SaaS, BPO, and Tech Sectors in Stealthy Cyberattacks *

Emergency Cyber Directive Issued as Cisco ASA Faces Advanced Threat Campaign *

Hidden Backdoors Give Attackers WordPress Admin Control *

North Korean Hackers Target Crypto Devs with AkdoorTea Malware *

ZendTo Vulnerability Exposes System Files to Authenticated Users *

Two Major Security Bugs in Wondershare RepairIt Risk Data Leaks and AI Model Tampering *

Cisco IOS and XE Vulnerability Exposes Confidential Information *

Cisco Confirms In-The-Wild Exploitation of SNMP Stack Overflow in IOS and IOS XE Software *

NVIDIA Merlin Flaw Allows Attackers to Execute Code Remotely With Root Access *

Misconfigured Firebase Services in Mobile Apps Expose Sensitive Data to Unauthenticated Access *

New Phishing Campaign Targets PyPI Maintainers to Harvest Credentials *

YiBackdoor Malware Emerges as Strategic Backdoor Tool with Long-Term Persistence Capabilities *

Cisco Identifies New PlugX Malware Tied to Chinese APT Actors *

Chromium Extensions Exploited Through Silent Backdoors in Windows Domains *

Critical Unauthenticated Vulnerability Exposes WAGO Industrial Databases *

OnePlus OxygenOS Flaw Exposes SMS Data to Malicious Apps *

Chrome V8 Vulnerabilities Allow Data Exposure and Code Execution *

Attackers Evade EDR Detection Using In-Memory PE Loaders via Malicious Downloads *

Critical XSS Vulnerability in DNN Platform Flaw Enables Malicious Scripts Execution with Elevated Privileges *

Critical RCE Flaw in SolarWinds WHD Triggers Privilege Escalation *

Lectora Desktop and Online Vulnerable to Cross-Site Scripting Attacks *

Salesforce CLI Exploit Allows System Level Access on Affected Devices *

Hackers Target IMDS Service to Gain Initial Access in Cloud Environments *

BadIIS Module Lets Hackers Hijack IIS Servers to Serve Malware *

GitHub Strengthens npm Security with WebAuthn 2FA and Trusted Publishing Requirements *

Subtle Snail’s Silent Siege: Iran-Linked Cyber Espionage Uncovered *

AAPB Fixes IDOR Exploit That Allowed Unauthorized Access to Archived Content *

Active Exploitation of Command Injection Vulnerability (CVE-2025-59689) in Libraesva ESG *

Unpatched Security Flaws in Novakon HMIs Could Allow Remote Attacks on Industrial Systems *

Data Breach at Stellantis Affects Major Automotive Brands Across North America *

BlackLock ransomware targets Windows Linux ESXi encrypts data using ChaCha20 and ECDH *

Netcraft Uncovers 17,500 Lucid Phishing Domains Hitting Global Enterprises *

Windows Shortcut (LNK) Files Exploited via LNK Stomping to Bypass Security *

New Tool Silences EDRs and Antivirus with Freeze Mode *

GOLD SALEM: Global Attacks via SharePoint Flaws *

Critical BiDi Swap Vulnerability Allows URL Spoofing in Major Web Browsers *

Microsoft Entra ID Vulnerability (CVE-2025-55241) Enabled Global Admin Impersonation *

Massive Risk to Industrial IoT as Planet Gateways Found Vulnerable to Unauthenticated Remote Exploitation *

Cyberattack Cripples Russian Airline KrasAvia, Disrupts Booking and Operations *

CISA Uncovers Malware Toolkits Used in Ivanti EPMM Exploitation Campaigns *

FBI Warns Public of Fake IC3 Crime Reporting Portals Used in Scams *

'Shai-Halud' Malware Campaign Exploits Open-Source Supply Chains via 477 JavaScript Packages on NPM *

Cyberattack Disrupts Key Airport Systems Across Europe *

Advanced Threat Actors Exploit Router Vulnerabilities and DNS Flaws in Coordinated Attack *

Fortra Releases Urgent Patch for GoAnywhere MFT Vulnerability with Maximum Severity CVSS Score of 10.0 *

Tiffany & Co. Confirms External System Compromise Leading to Data Breach *

Nokia CBIS NCS Manager API Vulnerability: Critical Authentication Bypass *

Multiple High-Severity Vulnerabilities Discovered in ProGauge MagLink LX Devices *

AI-Driven Phishing Attacks Use Fake Captcha Pages to Bypass Security and Harvest Credentials *

Critical Sandbox Bypass in HubSpot’s Jinjava Engine Enables Full Remote Code Execution *

New iOS Tool Injects Deepfakes to Bypass Facial Verification via Jailbroken iOS Devices *

CISA: Hackers Leveraging Ivanti Endpoint Vulnerabilities to Deploy Malware *

KrasAvia Faces Major IT Outage After Suspected Cyber Intrusion *

Russian Hacking Groups Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor *

Critical Jenkins Vulnerabilities in Jetty Permission Checks and Log Handling *

Critical Greenshot Vulnerability Allows Local Code Execution Without Admin Rights *

CountLoader Expands Russian Ransomware Reach with Versatile Malware Loader *

SilentSync Strikes: Malicious PyPI Packages Target Python Ecosystem *

Stack Overflow in TP-Link CWMP Enables Ret2libc RCE, Bypassing ASLR Protections *

New Rowhammer Attack Bypasses DDR5 Mitigations in SK Hynix DRAM *

WatchGuard Firebox VPN Vulnerability Opens Door for Network-Based Remote Code Execution Attacks *

Everest Ransomware Targets BMW in Major Data Breach, Internal Documents Allegedly Stolen *

Firewall Misconfiguration in PureVPN Linux Clients Risks Data Leakage *

Russia’s CopyCop Disinfo Web Expands to 200+ Sites Targeting Western Democracies *

Warlock Ransomware Campaign Targets Global Enterprises via Exploited SharePoint and EDR Bypass *

Multiple High-Severity Vulnerabilities Patched in Aruba EdgeConnect SD-WAN *

New MuddyWater Campaign Reveals Strategic Pivot to Precision Malware and Cloud-Based C2 *

BeaverTail Malware Delivered via Fake Job Platforms and Repos *

Google Issues Urgent Chrome Patch for Actively Exploited V8 Zero-Day (CVE-2025-10585) *

Kubernetes C Hash Client Vulnerability Exposes Clusters to MiTM Attacks via Custom CA Misuse *

224 Malicious Apps With 38 Million Downloads Found on Google Play *

Critical Vulnerabilities in Chaos Mesh Grant Attackers Control Over Kubernetes Clusters *

LG WebOS TV Flaw Allows Full Device Takeover *

AI-Powered VenomRAT Targets Windows Users in RevengeHotels Campaign *

Apple Releases iOS 26 and iPadOS 26 Security Update Fixing 27 Vulnerabilities *

Spring Framework Fails to Enforce Security Annotations in Generic Superclass Methods *

Linux Kernel ksmbd Bugs Chained for 0-Click RCE: CVE-2023-52440 & CVE-2023-4130 Exploited. *

Kimsuky’s AI-Powered Phishing Targets South Korean Defense Sector *

Critical CUPS Flaws Expose Linux Systems to Remote Attacks *

Critical LangChainGo Vulnerability Exposes LLM Apps to SSTI Attacks *

FlowiseAI Password Reset Vulnerability Opens Door to Organization-Wide Breaches Through Insecure API Endpoint *

Critical Vulnerabilities in Digiever NVRs Allow Unauthenticated Remote Code Execution and Credential Disclosure *

IBM QRadar SIEM Affected by CWE-732 Misconfigured File Permissions in Version 7.5.0 UP13 IF01 *

Yurei Ransomware Uses PowerShell and ChaCha20 Encryption to Lock Victims' Files *

Financial Firms Targeted in New DarkCloud Stealer Campaign *

Great Firewall of China Suffers Unprecedented 500GB+ Data Leak *

Advanced Malware Campaign Uncovered from China-Aligned Threat Group Hive0154 *

Cloud Isolation Cracked VMSCAPE Exploit Targets AMD and Intel CPUs *

Phishing Wave Exploits Look-Alike Domains to Target Major U.S. Energy Companies *

EvilAI Campaign: Exfiltration via Legitimate-Looking Tools *

New Phishing Service Targets Microsoft, Google, and Okta Users *

Wayne Memorial Hospital Data Breach Exposes Personal Data of 160,000 Patients *

HackerOne Investigates Breach, Unauthorized Access to Salesforce Confirmed *

AI-Powered Pentesting Tool 'Villager' Raises Global Cybersecurity Concerns *

Reflected XSS Vulnerability Bypasses Amazon CloudFront Security in Safari Browser *

Panama Ministry of Economy Discloses Ransomware Breach *

Critical Threat from HybridPetya Ransomware Exploiting UEFI Secure Boot Vulnerability (CVE-2024-7344) *

Mustang Panda Deploys Advanced Malware in Targeted Southeast Asia Espionage Campaign *

Fortinet FortiDDoS Vulnerability (CVE-2024-45325) Allows Privileged Attackers to Execute Unauthorized OS Commands *

Sunshine for Windows Contains High-Severity Vulnerabilities Enabling Attackers to Gain SYSTEM Privileges *

Systemic SQL Injection Weakness in pREST Threatens PostgreSQL Deployments *

Adobe Issues Urgent Security Fixes for High-Risk Vulnerabilities Across Multiple Products *

Samsung Patches Actively Exploited Android Zero-Day CVE-2025-21043 *

Cornwell Quality Tools Data Breach Exposes Personal and Financial Information of Over 100,000 Individuals *

Daikin Security Gateway Flaw Enables Attackers to Bypass Authentication and Access Internal Systems *

Microsoft Patches Critical Windows Defender Firewall Flaws Allowing SYSTEM-Level Privilege Escalation *

Sidewinder APT in Rattlesnake Campaign Deploys Obfuscated JScript via Windows LNK Files *

SVG Email Attachments Used in Malware Campaign to Deliver XWorm and Remcos RAT *

Buterat Malware Exploits Enterprise Endpoints for Persistent Access *

Axios Vulnerability Allows Attackers to Crash Node.js Apps via Malicious Data URLs *

GitLab Urges Immediate Updates to Patch Critical Security Flaws in CE and EE Versions *

Stork UI Exposed to Unauthenticated Denial of Service Threat *

Sophisticated kkRAT Malware Campaign Hits Chinese Users via Fake Installers *

LNER Data Breach Highlights Supply Chain Vulnerabilities *

Palo Alto Networks Vulnerability Exposes Service Account Passwords in Cleartext *

Cisco Releases Fixes for High-Impact IOS XR Vulnerabilities Affecting Network Management and Control *

Critical Angular SSR Vulnerability (CVE-2025-59052) Exposes Sensitive Data *

CoreDNS Flaw (CVE-2025-58063) Enables Long-Term DNS Cache Poisoning and Service Disruption *

Critical RCE Vulnerability in Cursor AI Code Editor Enables Silent Remote Code Execution on Folder Open *

Massive UDP Flood Overwhelms DDoS Defense Provider with 1.5 Gpps Traffic *

PoisonSeed Threat Actor Leverages New Domains for Credential Theft *

NVIDIA NVDebug Tool Vulnerabilities Allow Privilege Escalation and Code Execution *

Critical Siemens UMC Flaws Enable Remote Code Execution and DoS Attacks *

EggStreme Malware Employs Multi-Stage In-Memory Attack Chain *

CHILLYHELL and ZynorRAT: Sophisticated New Malware Strains Target macOS, Windows, and Linux *

Siemens SIVaaS Vulnerability Exposes Network Share to Remote Attackers *

SAP Releases Security Updates for High-Risk NetWeaver and S 4HANA Bugs *

Critical Microsoft Office Flaws Allow Remote Code Execution *

Sophos Releases Patch for AP6 Access Points Flaw Allowing Admin Access *

Chrome 140 Update Resolves CVE-2025-10200 and CVE-2025-10201 Security Vulnerabilities *

SessionReaper Exploit Threatens Magento Ecosystem *

CVE-2025-41243 : Critical Vulnerability in Spring Cloud Gateway Server WebFlux Allows Property Modification Risk *

Microsoft Patch Tuesday Security Advisory – September 2025 *

Industrial Ethernet Vulnerability in Rockwell Stratix Devices Enables RCE via CSRF Exploitation *

Chess.com Discloses Data Breach via Third-Party File Transfer App, Affecting 4,500 Users *

iCloud Calendar Invites Weaponized in Callback Scam *

Lovesac Admits Data Breach After Ransomware Group's Claims *

Astro Cloudflare Adapter Vulnerability (CVE-2025-58179) Enables Attackers to Serve External Content and Execute Malicious Scripts *

Tenable Confirms Data Breach Impacting Customer Contact Information *

CVE 2025 9636 COOP Vulnerability in pgAdmin Version 9.7 and Earlier Enables OAuth Flow Manipulation *

Authorities in Australia Track and Uncover Ransomware Group Activities *

ImageMagick Vulnerability Enables Remote Code Execution Causing Heap Corruption via Seek-Write Flaw *

Salesloft & Drift Breach Highlights Risks of OAuth Token Abuse from GitHub Attacks *

Apache Jackrabbit Vulnerability Exposes Systems to Remote Code Execution (RCE) *

Stealthy NightshadeC2 Botnet Targets Windows Systems *

PoC Released for High-Severity cJSON JSON Pointer Parsing Bug (CVE-2025-57052) *

Critical Podman Flaw Exposes Host Files via Symlink Attack *

Remote Command Execution Flaw Patched in OpenEdge AdminServer by Progress *

Wealthsimple Confirms Data Breach via Compromised Third-Party Software *

Cloudflare Stops 11.5 Tbps Distributed Denial-of-Service Attack Amid Surge in Global DDoS Activity *

TAG-150 Ramps Up Attacks with Exclusive Malware Tools *

SafePay Ransomware Surge: A Rising Threat to Global Enterprises *

New macOS Malware Campaign Targets Enterprise Users with Data-Stealing Trojan *

Qualcomm Warns of Two Critical Modem Vulnerabilities with CVSS 9.8 *

School District Data Breach Exposes Personal and Financial Data of More Than 31,000 People in South Carolina *

Advanced GPUGate Malware Exploits Google Ads and GitHub in Delivery Chain *

Critical Argo CD Vulnerability Exposes Repository Credentials *

Kaspersky Blocks 10.7 Million Mobile Attacks Amid 143K Malware Packages *

North Korean Hackers Launch Coordinated Malware Campaign Using Facebook and Telegram *

Envoy Addresses Two Vulnerabilities Linked to DoS and Session Hijacking Risks *

Critical Argo CD Vulnerability (CVE-2025-55190) Exposes Git Repository Credentials *

Windows Driver Vulnerability Discovered Allowing Local Users to Escalate Privileges and Potentially Gain Full System Access *

Ruijie Networks Switches Affected by Critical CVE-2025-56752 Vulnerability Enabling Remote Admin Access *

SVG-Based Phishing and SWF Obfuscation Drive Colombian Cyber Campaign *

Stealthy Windows Attack Bypasses EDR, Uses Raw Disk Access to Evade Detection Targeting SAM and NTDS Credential Files *

AI-Powered Phishing Attacks Target Microsoft 365 Credentials *

Critical Zero-Click Email Vulnerability Exploits Unicode-Punycode Mismatch *

Chinese Cyber Units Weaponize Network Devices in Ongoing Espionage Operations *

New Cyber Threat Campaign Targets Windows Servers with Custom Malware and SEO Manipulation *

ZIP File Phishing Leads to Multi-Stage PowerShell Attack by NoisyBear *

CVE-2025-53690: Remote Code Execution via ASP.NET Machine Key Misuse *

CVE-2025-53187: ABB ASPECT BMS Exposed to Unauthenticated Remote Code Execution *

Sangoma Patches Actively Exploited Flaw Allowing Remote Code Execution in FreePBX *

Bridgestone Probes Cyberattack Disrupting North American Manufacturing *

CISA Flags Actively Exploited TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 *

New Django SQL Injection Bug (CVE-2025-57833) Threatens Web App Security *

CVE-2025-5086 (CVSS 9.0): Critical RCE Vulnerability in DELMIA Apriso Actively Exploited in the Wild *

Critical Flaw Could Allow Attackers to Exploit AI Model Namespaces *

Windows Users at Risk as Improper TLS Certificates for 1.1.1.1 Issuance Targets Cloudflare DNS *

Cloudflare Confirms Data Breach via Drift-Salesloft Supply Chain Attack *

Proofpoint Warns of Rising Threat from Stealerium Based Malware Campaigns *

Hackers Attempt $130M Heist on Evertec’s Brazilian Subsidiary via Pix Payment System *

NVIDIA Mitigates High-Risk Threats Across Networking Stack *

XWorm Malware Unveils New Infection Technique to Evade Security Detection *

Latest Chrome Update Fixes Critical Bugs, Including RCE in JavaScript Engine *

Apache DolphinScheduler Fixes File Permission Vulnerability CVE-2024-43166 *

Google Issues September 2025 Android Security Patch Addressing Actively Exploited 0-Day Vulnerabilities *

Cloud Security Alert on Azure AD Credential Exposure in ASP NET Core Applications *

Advanced Phishing Tactic Exploits OneDrive to Target Leadership *

Supply Chain Attack Hits Palo Alto Networks via Salesforce Integration *

Critical Vulnerabilities Found in MobSF 4.4.0 Allow Arbitrary File Writes and Data Exposure *

ESPHome Authentication Bypass Vulnerability Exposes Smart Devices to Attack *

CVE-2025-6203: Critical Denial-of-Service Vulnerability Discovered in HashiCorp Vault *

Multi-Stage Phishing Campaigns Abuse Email Marketing Domains and Cloud Infrastructure to Deliver Targeted Phishing Lures *

CSS Injection Flaw in Google Web Designer Enables Full System Takeover *

Malicious Ads Used to Launch Phishing Attacks on Hotel Systems *

MediaTek Addresses Critical Modem and System Vulnerabilities in September 2025 Security Bulletin *

IBM Issues Urgent Patch for Watsonx Orchestrate SQL Injection Vulnerability *

Zero-Day Flaw in Citrix NetScaler Devices Triggers Emergency Patching Effort *

Zscaler Confirms Data Breach Caused by Supply-Chain Attack Through Salesloft Drift *

Hackers Exploit macOS Security Features to Spread Malware *

New Sitecore Vulnerabilities Enable Remote Attacks on Fully Patched Systems *

Linux UDisks Vulnerability Grants Attackers Access to Privileged Data *

Cybersecurity News Roundup Highlighting WhatsApp, Chrome Flaws and Advanced AI Attacks *

AI Waifu RAT Targets Communities with Sophisticated Deception *

QNAP Issues Critical Security Patches for VioStor NVR Devices *

Critical ImageMagick 32-Bit RCE Exploit from Stride Miscalculation During Malicious BMP Image Processing *

Zero-Click Exploit Allowing Remote Code Execution on iOS and macOS Patched in Latest WhatsApp Update *

Amazon Disrupts Evolving APT29 Cyber Campaign Targeting Microsoft Authentication *

Google Advises 2.5 Billion Gmail Users to Change Passwords Following Salesforce Data Breach *

Google Ads Abuse Distributes TamperedChef via Rogue PDF Application *

MystRodX: Stealthy New Backdoor Evades Detection with Passive Triggers *

Brokewell Trojan Targets Android via Facebook ads, Hitting Banking and Crypto *

FreePBX Servers Targeted in Widespread Attacks Leveraging Unpatched Zero-Day in Endpoint Module *

Cisco IMC vKVM Flaw Lets Remote Attackers Redirect Users to Malicious Sites *

Hikvision Discloses Critical Security Vulnerabilities in HikCentral Software *

TransUnion Data Breach Compromises Over 4 Million Customers *

Cyberattack Disrupts Nevada State Systems, Offices Halt Operations *

Sophos Uncovers Intrusion Using Velociraptor and Visual Studio Code for Tunneling *

Anthropic Thwarts Attempts to Exploit Claude AI for Cybercrime *

Critical Cisco Nexus Vulnerability Allows DoS Attacks via Malformed IS-IS Packets *

Critical Security Flaws in Cisco UCS Manager Allow Root-Level Command Injection by Authenticated Users *

Hook v3 Malware The Next Generation of Android Banking Threats *

Google Issues Urgent Chrome Patch for AI-Discovered CVE-2025-9478 Vulnerability *

NVIDIA NeMo Curator Hit by High-Severity Security Flaw (CVE-2025-23307) *

Critical Code Injection Flaws Found in NVIDIA NeMo Framework *

Critical Flaws in Securden PAM Expose Enterprises to Remote Code Execution and Credential Theft *

Auchan Retail Breach Exposes Customer Loyalty Information *

Chinese Hackers Use VPNs and Proxies to Hide Their Tracks *

SpyNote RAT Masquerades as Google Play Apps in Sophisticated Malware Campaign *

Lab-Dookhtegan's Crippled Iranian Maritime Operations Through Satellite Vulnerabilities Targeting NITC and IRISL *

Proxyware Malware Poses as YouTube Video Download Site *

Zero-Click Exploit in Zendesk Android App Lets Attackers Hijack Accounts Using Predictable Token Generation *

Severe Security Flaws in vtenext CRM Put Thousands of Businesses at Risk Worldwide *

Ransomware Attack Disrupts Operations at Chip Programming Firm Data *

Data Breach at Aspire Rural Health System Affects 138,386 Individuals *

Cybercriminals Leverage SendGrid in New Phishing Scheme to Harvest User Login Credentials *

Microsoft Confirms NDI Streaming Issues After August 2025 Windows Update *

Tableau Server Vulnerabilities Allow Malicious File Uploads and Path Traversal *

BQTLock Ransomware Campaign Leverages Obfuscation and Credential Theft for Double Extortion Attacks *

Cybercriminals Deploy Android Malware Posing as Russian Intelligence Tool *

Fileless and Fearless: The Rise of Linux Filename Malware *

IBM Patches High-Risk Flaw in Jazz Team Server Vulnerability (CVE-2025-36157) *

UAE Authorities Urge Citizens to Avoid Public Wi-Fi Amid Massive Surge in Cyber Breaches *

SSH Brute-Force Tool in Go Found to Secretly Leak Successful Logins to Remote Attacker via Telegram *

Android Malware Targeting Russian Business Executives Through Fake Antivirus Apps *

Grok Chatbot Leak Exposes Hundreds of Thousands of Private Conversations *

Sophisticated Gmail Phishing Attack Leverages AI Prompt Injection *

New Android RATs Exploit Military Personnel Across South Asia *

Lumma Affiliates Drive Financial Fraud and Crypto Theft via Phishing, Malvertising, and Fake Listings *

Help TDS Campaign Exploits WordPress Sites in Global Redirect Scam *

Threat Actors Leverage VPS and Anonymized Networks to Launch Sophisticated SaaS Exploits *

GeoServer Instances Targeted Through CVE-2024-36401 Remote Code Execution *

Anatsa Android Malware Targets Banks and Crypto Platforms *

Fake Microsoft Security Alerts Spread via TDS on Legit Sites *

Global Web Security Alert: Critical Bug in sha.js Library *

Critical Docker Desktop Vulnerability (CVE-2025-9074) Allows Full Host Takeover on Windows and Mac *

Data Breach at CPAP Medical Supplies Exposes Sensitive Information of 90,000+ Individuals *

Kubernetes Capsule Security Flaw Allows Unauthorized Label Manipulation *

UAC-0057 Exploits PDF Invitations to Deploy Shell Script Attacks *

DaVita Breach Exposes Sensitive Records of Nearly 2.7 Million Individuals *

CVE-2025-55746: Severe Directus Vulnerability Allows Unauthenticated File Uploads and Remote Code Execution on Servers *

Temporary Exposure of AMD’s FSR 4 Source Code Could Fuel Unofficial Builds *

Critical Plex Media Server Vulnerability (CVE-2025-34158) – Immediate Patch Urged *

Commvault Bugs Allow Attackers to Bypass Authentication Controls *

Apple Releases Emergency Patch for Zero-Day Exploited in Targeted Attacks *

Memory Corruption and Sandbox Escape Vulnerabilities Addressed in Firefox 142 *

MITM6 and NTLM Relay Attack Exposes Active Directory Weaknesses *

SHAMOS macOS Malware Poses as Tech Support to Capture User Logins *

IBM Researchers Track QuirkyLoader Campaigns Targeting Taiwan and Mexico *

Paper Werewolf Unleashed: Phishing, Payloads, and WinRAR Exploits *

Apache Tika PDF Parser XXE Flaw Enables Data Exposure via Malicious PDFs *

Kudelski Security Uncovers Critical CodeRabbit Vulnerability Allowing RCE and Access to 1M GitHub Repositories *

Security Flaws in Lenovo’s AI Chatbot Raise Concerns Over Enterprise AI Deployments *

Microsoft M365 Copilot Flaw Lets Attackers Bypass Audit Logs and Access Sensitive Data Undetected *

Salty 2FA: A Rising Threat in the Phishing-as-a-Service Landscape *

CVE-2023-46604 Exploited: Hackers Secure Linux Servers with Post-Intrusion Patching *

CERT CC Alerts Municipalities to Critical Workhorse Software Flaws *

Data Breach at Business Council of New York State with External System Intrusion Exposes Over 47,000 Records *

Google Fixes High-Risk V8 Bug in Latest Chrome Release *

Spies in Your Skype: GodRAT Malware Campaign Targets Financial Sector *

SAP NetWeaver Metadata Unauthenticated Uploader Exploited for JSP shell, RCE via Visual Composer *

Ransomware Attack on Inotiv Disrupts Systems, Impacts Business Processes *

Phishing Operation Uses Fake Government App to Deploy Banking Malware on Android Devices *

PyPI Introduces Domain Expiry Checks to Strengthen Account Security *

Bragg Gaming Group Reports Cybersecurity Breach, Ensures Operational Continuity *

HijackLoader Unleashed: Malware Hidden in Pirated Games Bypasses SmartScreen & Adblockers *

XenoRAT Malware Campaign Hits Multiple Embassies in South Korea *

Netfilter Bug Exposes Linux Infrastructure to Privilege Escalation Threats *

Critical Vulnerability Found in Palo Alto Networks GlobalProtect *

Rockwell Automation Patches Critical Security Bugs in Key Industrial Systems *

Blue Locker Ransomware Targets Critical Infrastructure in Pakistan *

Fraudsters Hijack Back-to-School Bargains to Trap Online Shoppers *

Workday Discloses Data Breach Linked to Widespread CRM Attacks *

Advanced Threats in Hybrid Environments: CrossC2 and ReadNimeLoader Exposed *

PostgreSQL Issues Urgent Patches for Critical Remote Code Execution Vulnerabilities *

Millions of Downloads Impacted by Critical tar-fs Directory Traversal Vulnerability *

Critical AMI Aptio UEFI Flaw CVE-2025-33043 Exposes PCs to Stealth Firmware Attacks *

Zero-Day in Elastic Endpoint Agent Allows Attackers to Evade Detection and Crash Windows Systems *

High-Severity ImageMagick Vulnerabilities Discovered via Google AI Tool *

EncryptHub Hackers Leverage MSC EvilTwin Flaw to Spread Fickle Stealer Malware *

ERMAC 3.0 Banking Trojan Exposed: Expanded Capabilities and Security Flaws Uncovered *

Compromised npm Package Used in Dependency Automation Attack *

Critical Authentication Bypass Vulnerability in FortiWeb (CVE-2025-52970) *

Colt Technology Services Battles Cyberattack Disrupting Operations *

Cisco Issues Security Patches for IKEv2 DoS Vulnerabilities Affecting IOS, IOS XE, ASA, and FTD Systems *

Booking.com Users Targeted by Unicode-Based Homograph Phishing Campaign *

Taiwan's Web Infrastructure Compromised by UAT-7237 Using Modified Hacking Utilities *

US Sanctions Garantex, Grinex, and Affiliates for Facilitating Illicit Transactions *

Critical CVE-2025-20265 RADIUS Vulnerability in Cisco FMC Could Allow Remote Code Execution *

Hackers Leverage Microsoft Flaw to Breach Canadian House of Commons Systems *

Microsoft Web Deploy Vulnerability Exposes Enterprise Servers to Remote Attacks *

FireWood Malware Targets Linux for Remote Command Execution and Data Theft *

Malicious Proxyware Spread Through Fake Freeware and YouTube Downloader Sites *

Critical Xerox FreeFlow Core Vulnerabilities Exposed — Public PoC Enables Unauthenticated RCE *

VexTrio Viper: Cybercriminals Exploit CAPTCHAs and App Stores in Global Scam Network *

Hackers Exploit FIDO Authentication Downgrade via Custom Phishlet in AiTM Attacks *

ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration *

Intel, AMD, and Nvidia Disclose Dozens of Security Flaws *

Adobe Fixes Dozens of Vulnerabilities in Creative and Commerce Tools *

Zoom Fixes Critical Windows Vulnerabilities Allowing Privilege Escalation *

SmartLoader Malware Distribution campaign Targets Windows Exploiting GitHub Through Fake Game Hacks and Cracks *

Charon Ransomware: APT-Level Tactics with Devastating Encryption Payloads *

Critical FortiSIEM Vulnerability (CVE-2025-25256) Enables Remote Command Injection *

Chrome 139 Update Fixes Critical Security Flaws in V8, libaom, and ANGLE *

Microsoft Patch Tuesday Security Advisory – August 2025 *

SAP Issues Critical Security Updates for Multiple Product Vulnerabilities *

Royal Enfield Hit by Ransomware Attack: Hackers Claim Full System Breach and Data Encryption *

CVE-2025-53652: Critical Command Injection Discovered in Jenkins Git Parameter Plugin *

Critical Flaw in Dealer Portal Allowed Remote Vehicle Takeover *

Eclypsium Uncovers Critical BadUSB Vulnerability in Lenovo Devices, Hijacked via Firmware Exploit *

Google Issues Highest-Ever Bug Bounty for Critical Chrome Sandbox Escape *

Millions at Risk from SSH Vulnerabilities Uncovered by SSHamble *

TETRA Networks Compromised by Weak Encryption, Replay, and Injection Vulnerabilities *

Connex Credit Union Confirms Data Breach Triggered by Undisclosed Intrusion Vector *

Critical Vulnerability in Smart Bus Systems Exposes Fleet Control and Tracking Risks *

Critical Zero Trust Flaws Expose Zscaler, Netskope, and Check Point to Authentication Bypasses *

Efimer Malware Campaign Exploits Legal Scams and Fake Torrents to Steal Cryptocurrency *

Critical 7-Zip Flaw (CVE-2025-55188) Exposes Linux and Windows Systems to Arbitrary File Writes *

CVE-2025-5095 (CVSS 9.8): Critical Security Vulnerability in ARC Solo Broadcasting Devices Allows Unauthorized Remote Access and Control *

Severe RCE and SSRF Vulnerabilities Discovered in Xerox FreeFlow Core *

APT Sidewinder Uses Fake Government Portals to Harvest Military Credentials *

New ClickFix Malware Campaign Exploits macOS Terminal to Steal Crypto and Personal Data *

Security Risks and Escrow Vulnerabilities in Darknet Market Transactions *

CISA Identifies Critical EG4 Inverter Bugs Enabling Remote Exploitation *

PyPI Blocks Malicious ZIP Uploads to Prevent Parser Confusion Attacks *

Customer Data Compromised in Air France–KLM Breach Tied to Broader Salesforce Exploitation by Cybercrime Group *

IBM X-Force Uncovers CastleBot Malware-as-a-Service Powering Multi-Stage Ransomware Campaigns *

DarkCloud Malware Resurfaces with Advanced Capabilities in Global Windows Attack Campaign *

Severe Linux Kernel Flaw Enables Full Kernel Access via Chrome Sandbox Exploit *

PBS Employee Data Leaked on Discord Fan Servers Following Breach *

Personal Data of 6.4 Million Leaked in Bouygues Telecom Hack *

WinRAR Zero-Day Exploited to Install RomCom Malware via Malicious Archives *

Critical Flaws Discovered in Axis Communications Surveillance Systems *

Columbia University Reports Cyberattack Impacting Over 860,000 Individuals *

Pandora Jewelry Targeted in Supply Chain Cyberattack via External Vendor *

New CISA ICS Advisories Reveal High-Risk Flaws Across Industrial Platforms *

CISA Issues Urgent Alert: Federal Agencies Must Patch Exchange Server Flaw by Monday *

Ruby JWE Security Breach (CVE-2025-54887) Undermines AES-GCM Authentication *

Critical Hybrid Exchange Vulnerability (CVE-2025-53786) Enables Cloud Privilege Escalation *

SocGholish Malware Exploits Hacked Websites for Initial Access *

Malicious Go Modules Identified 11 GitHub Packages Deploy Stealthy Malware *

Phishing Campaign Leverages Microsoft 365 Direct Send to Mimic Internal Email Traffic *

North Korean ScarCruft Group Deploys Advanced Malware and Ransomware Against South Korea *

Malicious npm Packages Target WhatsApp API Developers with Remote Kill Switch and Data Exfiltration Capabilities *

Severe HTTP Flaw Threatens Millions of Websites with Takeover *

1.2 Million Medical Devices and Systems Exposed in Major Data Breach *

Akira Ransomware Launches BYOVD Attack with CPU Tuning Driver *

Lazarus Group Deploys PyLangGhost RAT Using Fake Camera and Mic Errors *

MedusaLocker Ransomware Uses Vulnerable ThrottleStop Driver, exploits RDP and Disables AV in Kernel-Level Attack *

PHP Object Injection Vulnerability in Everest Forms Plugin (CVE-2025-52709) Threatens 100K Sites *

CVE-2025-22470: Critical Vulnerability in SATO Printers Enables Remote Root Control *

Rockwell Automation Patches High-Severity Memory Corruption Flaws in Arena Simulation Software *

Trend Micro Apex One Under Active Attack from Critical RCE Vulnerabilities *

Project AK47: A Hybrid Threat Linking Financial Cybercrime to State-Sponsored Activity *

10,000+ Fake TikTok Domains Target Users with Spyware and Credential Theft *

Kimsuky APT Launches Malware Attack Using LNK Files to Evade Windows Defender *

Adobe Issues Emergency Priority 1 Update for High-Risk AEM Forms Vulnerabilities *

GitHub Action Vulnerability CVE-2025-54594: React Native Bottom Tabs Targeted in RCE Attack *

CISA Urges Action on Exploited D-Link IP Camera Vulnerabilities *

Critical Flaws Discovered in MediaTek Chipsets Across Android and IoT Platforms *

Cisco Discloses Data Breach via Vishing Attack Leading to Unauthorized CRM Access *

Critical SQL Injection Vulnerability Found in ADOdb SQLite3 Driver *

North Korea’s Famous Chollima APT Targets Job Seekers with Malicious GitHub Packages *

PXA Stealer Campaign Targets 62 Countries with DLL Sideloading *

Android Malware Mimics Indian Banks to Steal Data and Mine Crypto *

Critical Android System Vulnerability (CVE-2025-48530) Patched in Latest Security Update *

Royal Ransomware Took Down Wilhelm Einhaus’s Mobile German Insurance Giant *

Critical Vulnerabilities Found in Dahua Security Cameras, Patches Released *

Massive Data Breach at Northwest Radiologists Exposes Sensitive Information of 348,000 Patients *

Nvidia Triton Vulnerabilities Enable Remote Code Execution in AI Servers *

Critical Squid Proxy Vulnerability Allows Remote Code Execution and Data Leaks *

Severe HashiCorp Flaw Lets Hackers Execute Code on Host Systems *

FUJIFILM Printer Vulnerability Exposes Devices to Denial-of-Service Attacks *

North Korean Hackers Hide Malware in Images to Bypass Windows Security *

Interlock Ransomware and ClickFix Social Engineering Exposed *

APT37 Targets South Korean Systems with Steganography and Backdoor Malware *

Phishing Through Wrapped Links Exploiting Proofpoint and Intermedia for Microsoft Credential Theft *

Remote Code Execution Vulnerability Found in NestJS DevTools (CVE-2025-54782) *

Critical Security Flaws in Partner Web: Default Credentials & XSS *

Digital Certificate Leak Undermines PlayReady DRM Security Across Platforms *

Cyberattack on Seychelles Commercial Bank Involving Data Breach and Potential Espionage Activity *

Decryptor for FunkSec Ransomware Released: Victims Can Recover Files at No Cost *

ApolloShadow Malware Installs Root Certificates to Legitimize Malicious Websites *

Chinese-Linked Group Launches Prolonged Cyberattack on Telecom Infrastructure *

Qilin Affiliate Hastalamuerte used for Cryptocurrency Integration,Money Laundering Operations *

Lazarus Group Exploits Software Supply Chains Through npm and PyPI in Advanced Espionage Operation *

AI-Crafted npm Package Conceals Advanced Crypto Wallet Drainer *

Targeted Ransomware Attacks by SafePay Disrupt Key Global Industries *

Undetectable ‘Plague’ Malware Targets Linux for Long-Term SSH Access *

Akira Ransomware Exploits SonicWall SSL VPNs Amid Surge in Attacks *

Hackers Exploit Unauthenticated Relay in Microsoft 365 for Phishing *

Chinese-Backed PlayPraetor Malware-as-a-Service Expands Globally, Targets Mobile Banking Apps *

Critical Security Flaw in Cursor IDE Lets Attackers Execute Code via Malicious Prompts *

Luxembourg Probes Cyberattack That Crippled National Telecom Network *

Pi-hole Data Breach Exposes Donor Information Through WordPress Plugin Vulnerability *

Cybercriminals Exploit EDR Trial Versions to Evade Detection *

$1 Million Bounty Offered for WhatsApp 0-Click RCE Exploit at Pwn2Own Ireland 2025 *

Singapore Battles Advanced Cyber Espionage with Forensic Precision *

Hackers Use TrickBot Malware to Steal $724 Million in Cryptocurrency *

Silver Fox Group Exploits Trusted Tools for Malicious Windows Attacks *

DoubleTrouble Banking Trojan: A New Threat Exploiting Android Accessibility Services *

Critical BIOS Vulnerabilities Discovered in Lenovo Desktops *

Nokia Suffers Data Breach Affecting 94,500 Employees via Third-Party Vendor *

Russian Healthcare Sector Targeted in Cyberattack, Hundreds of Pharmacies Affected *

Critical Zero-Day Vulnerability in CrushFTP (CVE-2025-54309) Enables Unauthenticated Remote Code Execution *

Critical SUSE Manager Flaw Allows Remote Root Access Without Authentication *

Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment *

Qilin Ransomware Exploits Vulnerable TPwSav.sys Driver to Evade EDR and Target Industrial Sector *

NOVABLIGHT: NodeJS Infostealer Disguised as Games and Educational Apps *

New RedLoader Variant Delivered via Sophisticated Multi-Stage Execution by GOLD BLADE *

Critical Privilege Escalation Flaw Found in BeyondTrust Windows Agent *

Critical RCE in WordPress Alone Theme Actively Exploited by Hackers *

Apple Deploys Urgent Security Updates Across All Platforms to Counter Active Threats *

Enterprise LLMs at Risk: Prompt Injection Attacks Expose Critical Security Flaws in AI Systems *

ToxicPanda Android Malware Infects 4,500+ Devices to Steal Banking Data *

Unauthorized Access Uncovered in Base44’s Vibe Coding Ecosystem *

Microsoft Addressed Privacy Breaching TCC Bypass flaw in Unsigned Importers Plugins in Spotlight macOS *

French Telecom Leader Orange Hit by Cybersecurity Breach *

Multiple Critical Firmware Flaws Found in Lenovo All-in-One Desktops *

Critical CodeIgniter Flaw Exposes Millions of Web Apps to ImageMagick File Upload Attacks *

ArmouryLoader: A Sophisticated Multi-Stage Malware Loader Exploiting ASUS Software *

Multi-Stage PowerShell Attack Uses LNK Files to Deploy REMCOS RAT *

XWorm 6.0 Uses AMSI Bypass and Critical Process Tactics to Stay Hidden *

RedHook Android Banking Trojan Targets Vietnamese Users with Phishing, RAT, and Keylogging *

Hackers Exploit SAML Response Mismatch to Bypass Logins in Node-SAML-Driven Apps *

1TB of Sensitive Data Leaked from Naval Group in Major Cybersecurity Scare *

LG Innotek LNV5110R CCTV Cameras Remain Vulnerable to Unauthorized Access Due to Unpatched Flaw *

Indian Payment Gateway Airpay Faces Data Breach Claims Amid Rising Cyberattacks *

Aeroflot IT System Breach Shuts Down Flights at Moscow Airport *

22 Million IPs and Locations Exposed in Leak Zone Dark Web Forum Breach *

Critical Niagara Framework and Industrial System Flaws Expose Infrastructure to Full Takeover *

Scattered Spider Hijacks Virtual Infrastructure to Paralyze U.S. Retail and Transportation Sectors *

Critical Privilege Escalation Vulnerability Found in Lakeside SysTrack (CVE-2025-6241) *

VMware Under Fire: Fire Ant Hackers Exploit ESXi and vCenter Vulnerabilities *

Chaos RaaS Targets Global Businesses in Sophisticated Ransomware Campaign *

Salesforce Released latest version of Tableau Server patching Critical Vulnerabilities Including RCE and SSRF *

GitHub Action Vulnerability CVE-2025-54416 Could Compromise Over 5,000 GitHub Repositories *

Supply Chain Attack Hits Major Open Source JavaScript Dependencies *

CastleLoader Malware Loader Actively Targeting Systems via Phishing and Fake Repositories *

Security Vulnerability in Post SMTP Plugin Puts 200,000 WordPress Sites at Risk of Hijacking *

Allianz Life Announces Data Breach Affecting Most of Its 1.4 Million Customers *

Endgame Gear Hit by Software Supply Chain Attack via Malware Embedded in OP1w 4k v2 Installer *

Microsoft Probes Possible Leak Behind SharePoint Exploits by Chinese State Hackers *

Google Forms Hijacked in Escalating Phishing Campaigns Aimed at Crypto Investors *

Cloud Environments Compromised by Soco404 and Koske Malware Campaigns Leveraging Fileless Techniques *

Cargo-Themed Phishing Emails Deliver EAGLET Malware in Russian Espionage Operation *

Turkish Defense Companies Targeted by Patchwork in Spear-Phishing Campaign Using Malicious Shortcut Files *

Gunra Ransomware Emerges Amid Surge in Dark Web Activity *

Scammers Use Google Forms to Bypass Security and Steal Crypto via Phishing *

Hackers Use Fake Sites and .HTA Scripts to Spread Red Ransomware *

Sophisticated Android Malware Masquerades as Indian Banking Apps to Steal Credentials and Evade Detection *

Mitel Releases Emergency Patches for High-Risk MiVoice MX-ONE Vulnerability *

VMware Patches Critical Security Flaws in Guest Authentication Service VGAuth *

Early Access Steam Game Used as Vehicle for Infostealer Malware by Hacker *

AI-Driven Koske Malware Exploits Image Files to Infect Linux with Cryptominers *

Critical Axios Vulnerability (CVE-2025-54371) Exposes Applications to HTTP Manipulation via Form-Data Flaw *

Cloud-Based Cryptojacking Campaign 'Soco404' Discovered by Researchers *

Stealthy Spyware Found in Popular 4 Open-Source Packages, Impacts 56,000+ Downloads *

Supply Chain Attack Hits Toptal: npm Packages Used for Token Theft & Data Wipe *

New GitLab Security Updates Address Six Vulnerabilities Including Two High-Risk XSS Flaws *

Critical Flaw in AWS Client VPN for Windows Enables Privilege Escalation *

SonicWall Patches Critical Arbitrary File Upload Flaw (CVE-2025-40599) in SMA 100 Series *

Ghost RAT and PhantomNet Malware Used in Targeted Windows Attacks by Chinese Hackers *

Stealthy WordPress Mu-Plugin Backdoor Grants Persistent Admin Access to Hackers *

Critical Security Flaws Found in Synology BeeDrive for Windows *

Critical Command Injection Vulnerabilities Discovered in TP-Link NVR Devices *

EdskManager RAT Uses HVNC to Enable Hidden Remote Access and Evade Detection *

SonicWall SMA 100 Under Threat: Patch Buffer Overflow and XSS Vulnerabilities ASAP *

Mozilla Fixes Critical JavaScript and Memory Flaws in Firefox 141 Release *

Critical Vulnerability in form-data JavaScript Library Exposes Applications to Remote Attacks *

Coyote Trojan Leverages Windows UI Automation to Swipe Bank and Crypto Logins *

Ransomware Groups Exploit RMM Tools for Network Intrusion and Data Theft *

Unauthenticated SSRF in Manager.io (CVE-2025-54122) Enables Full Cloud Compromise *

Google Chrome Fixes Two High-Risk V8 JavaScript Engine Flaws CVE-2025-8010 and CVE-2025-8011 *

Malicious npm Package Update Distributes Scavenger Malware *

New Apache Jena Security Bugs Could Lead to System Compromise via Admin Abuse *

Kubernetes Image Builder Vulnerability Enables Remote Admin Access on Windows VMs *

Dark Web Travel Agencies: The Cybercrime Syndicates Undermining Hospitality *

Fake Facebook & TikTok Apps Spread Android Malware for Data Theft and Monetization *

Critical Security Bug in Nokia WaveSuite NOC Could Allow Remote Attacks on Telecom Systems *

Critical Fixes in wolfSSL: Apple Certificate Bypass and Weak Randomness Patched *

Sophos Issues Urgent Hotfixes for Firewall Vulnerabilities in Older Firmware Versions causing RCE *

Authentication Bypass and Command Injection Vulnerabilities found in HPE Networking Devices *

VanHelsing Ransomware Group Strikes Compumedics, Leaks Patient Health Data *

Radiology Associates of Richmond Confirms Data Breach Affecting 1.4 Million *

The Texas Alcohol & Drug Testing Service Confirms Major Data Breach Impacting Over 748,000 Individuals *

Microsoft Urges Immediate Patching of Actively Exploited SharePoint Vulnerability *

QR Phishing Attack Lets PoisonSeed Hackers Bypass FIDO Protections *

SilentRoute: Malicious SonicWall VPN Client Compromises Enterprise Login Data *

Malicious RAR5 Archives Exploit 7-Zip Vulnerability *

Critical Livewire RCE Vulnerability (CVE-2025-54068) Puts Laravel Apps at Risk *

Katz Stealer Malware Is a One Hundred Dollar Per Month Threat That Steals Digital Identities *

APT28 Exploits Outlook, WinRAR, and Webmail Flaws for Espionage Operations *

Lumma Infostealer Campaign Monetizes Stolen Credentials on Cybercrime Forums *

Deceptive Voicemail Malware Campaign Impersonating Veeam Targets Enterprise Users *

2,800 Domains Linked to Ongoing Chinese Malware Attacks on Windows Users *

Threat Actors Exploit CrushFTP Vulnerability to Gain Unauthorized Admin Control *

Attackers Leverage Ivanti Zero-Days to Inject Cobalt Strike Using MDifyLoader *

CERT-UA Uncovers LAMEHUG Malware Using AI in Phishing Attacks Linked to APT28 *

TeleMessage SGNL Exposed via Unsecured Spring Boot Endpoint *

Official Ransomware Decryptor Restores Phobos and 8Base Files at No Cost *

Arch Linux AUR Compromised by Malicious Packages Distributing CHAOS RAT Malware *

Sophisticated Cyber Espionage Campaign Targets Asia: UNG0002 Behind Attacks *

Massistant Spy Tool Used by Chinese Authorities to Access Private Data from Mobile Phones *

Massive Data Breach Hits Anne Arundel Dermatology, 1.9 Million Impacted *

Security Flaws in Grafana Allow Redirects and Code Execution *

Critical Buffer Overflow in Lenovo Protection Driver Exposes Systems to Privilege Escalation *

Local Privilege Escalation Bugs Found in Sophos Intercept X Components *

High Severity Security Flaw Identified in NVIDIA Container Toolkit Affecting AI Workloads *

NoName057(16) Hacktivist Network Dismantled by Europol Over DDoS Campaigns *

Amadey Malware Campaign Leverages GitHub Repositories to Evade Detection *

Major Russian Drone Supplier Targeted by Ukrainian Cyberattack *

Critical Unauthenticated Stack Overflow flaw in D-Link DIR-825 Router Leads to Remote DoS *

H2Miner Malware Targets Linux, Windows, and Containers to Illegally Mine Monero *

Microsoft Teams Exploited to Deliver Encrypted Matanbuchus Malware *

Oracle Addresses 200 Security Flaws in July 2025 Critical Patch Update *

Cisco Addresses New Critical Vulnerability in ISE System *

Critical RCE Vulnerability in SharePoint's Deserialization Logic *

Protestware Spreads Through 28+ Malicious Software Packages *

DNS Tunneling Exploits: A Growing Risk for Enterprise Network Security *

Android Malware campaign employs Typosquat-Domains, Telegram APKs to Spread Malware via Phishing *

New Malware Campaign Targets WordPress Sites with ZIP Archive Exploit *

Google’s AI ‘Big Sleep’ Uncovers Critical SQLite 0-Day, Stops Active Exploits *

Lenovo Vantage Vulnerabilities Allow Local Attackers to Escalate to SYSTEM Privileges *

Unprecedented Cyber Siege: DDoS Hits 7.3 Tbps with Billions of Packets *

Polyglot File Trick Bypasses Email Filters in New Malware Attacks *

Konfety Malware Exploits APK ZIP Structure for Silent Infiltration *

Ransomware Breach in Albemarle County Exploits On-Premises Infrastructure *

Google Issues Emergency Chrome Patch Zero-Day Exploit and Two More High-Severity Vulnerabilities *

VMXNET3, VMCI, and PVSCSI Vulnerabilities in VMware Receive Critical Fixes from Broadcom *

Node.js Security Fixes CVE-2025-27210 (Path Traversal), CVE-2025-27209 (HashDoS) flaws in latest release *

Century Support Services Suffers Major Data Breach Involving Financial and Health Data *

DragonForce Targets U.S. Retailer Belk in May 2025 Breach *

Critical Security Vulnerability in Kafbat UI Allows Remote Code Execution Without Authentication *

High-Severity Git Vulnerability Affects DevOps Pipelines and CI-CD Tools *

Espionage in the Cloud: CL-STA-1020's Use of AWS Lambda for Covert Government Surveillance *

Cybercriminals Clone Major News Sites in Global Investment Fraud Scheme *

The Apache Tomcat Coyote Flaw Enable Attackers to Cause DoS Attacks *

Interlock Ransomware Campaign Leverages FileFix for RAT Deployment *

Open VSX Marketplace Abused to Breach Cursor AI, Steal $500K in Digital Assets *

BlackSuit Ransomware Strikes with Speed, Stealth, and Data Theft *

HazyBeacon Backdoor Exploits AWS Lambda for Covert C2, Aims at Government Targets *

North Korean XORIndex Malware Targets Developers via npm Supply Chain through Multi-staging *

Fortinet FortiWeb Hit by Severe SQLi to RCE Flaw — Patch Immediately *

Gigabyte UEFI Bugs Threaten System Integrity with Persistent Exploits *

Bitcoin Depot Suffers Major Security Breach, Exposing 27,000 Users' Data *

Louis Vuitton Reports Data Breach Affecting Global Customers *

Red Bull Job Scam Masks Sophisticated Phishing Campaign *

Cyber Weapons, A The New Frontier of Modern Warfare *

Zero Click RenderShock Attacks: Exploiting File Previews and Indexing Services *

Billions of IoT Devices Vulnerable Due to Kigen eUICC Card Exploit *

Invisible Email Prompts Hijack Gemini to Spread Phishing *

Critical IP Camera Vulnerability (CVE-2025-7503) Exposes Devices to Full Remote Takeover *

DoNot APT Exploits Cloud Services in Attack on European Diplomatic Networks *

Helm Security Update Fixes Critical Local Code Execution Vulnerability *

GitHub Repositories Masquerading as Free VPNs Spread Lumma Stealer Malware *

Interlock RAT new PHP Variant Targets Windows via Fake CAPTCHA and PowerShell Execution *

Gravity Forms Plugin Hit by WordPress Supply Chain Attack Through Official Downloads *

Stealthy Cyber Campaign Exploits ASP.NET Servers Using Leaked Machine Keys *

GPUHammer Attack Exposes AI Model Vulnerabilities in NVIDIA GPUs *

Fox Kitten Linked Pay2Key I2P RaaS backed by Iran Targets US and Israel, attacks Critical Infrastructure *

Active macOS Infostealer Campaigns Aim to Extract Sensitive User Data *

Critical IAM Policy Misconfiguration Exposes Delegation Risk in AWS Organizations *

Customer Data at Risk as Arkana Claims Major Breach in Telecom Industry *

New Malware Variant Spreads Through ISO File with Hidden Payload *

Massive McHire Data Exposure Affects Over 64 Million Job Applicants *

Critical Laravel Flaw: Leaked public APP_KEY Enables Remote Code Execution *

Denial-of-Service Risk Found in Juniper Junos OS *

Critical Remote Vulnerability in D-Link DIR-825 Routers Enables Unauthenticated DoS Attacks *

Arbitrary File Deletion Bug in WordPress Plugin Allows Remote Code Execution *

Vulnerabilities in RapidFire Tools Network Detective Put Global IT Environments at Risk *

Malicious Actors Leverage Fake Tech Companies to Target Crypto Users on Telegram and Discord *

Severe Vulnerabilities in MCP Tools Expose AI Systems to Remote Code Execution *

PerfektBlue Exploit Demonstrated on Volkswagen, Skoda, Mercedes Head Units *

AI-Powered Extension Used by Hackers to Steal $500,000 in Crypto Assets *

Palo Alto Networks Patched Critical Privilege Escalation Vulnerability in GlobalProtect VPN *

Schneider Electric Vulnerabilities Open Door to OS-Level Attacks *

Hackers Use GitHub to Spread Fake VPN Malware *

Siemens, Schneider Electric, and Phoenix Contact Address ICS Security Issues on Patch Tuesday *

Unpatched Ruckus Flaws Expose Wireless Networks to Full Compromise *

Qilin-Driven Ransomware Wave Triggers Global Security Concerns *

Remote Code Execution Bug in GeoServer Used to Spread Cryptocurrency Miners *

GreyNoise Uncovers 3,600+ Device Botnet Scraping US and UK Web Servers *

Chinese Cyber Group Exploits Exchange Server Flaws to Exfiltrate COVID-19 Research *

SparkKitty Malware Targets iOS and Android to Steal Photos *

Microsoft Fixes Wormable Remote Code Execution Flaw Affecting Windows Client and Server Systems *

Adobe Releases Patches for Critical Code Execution Vulnerabilities *

SAP Releases Security Updates to Address Remote Code Execution and System Takeover Risks *

XwormRAT Malware Campaign Leverages Code Injection for Stealthy System Compromise *

Google Play Apps Deliver Anatsa Banking Malware to Users in the U.S. and Canada *

CVE-2025-48818: BitLocker TOCTOU Flaw Allows Physical Bypass of Disk Encryption Protections *

Vulnerabilities in Zoom Windows Clients Could Allow Denial of Service (DoS) Attacks *

Nippon Steel Solutions 0-Day Network Flaw Exposes Sensitive User Data *

11 Google-Verified Chrome Extensions Spread Malware to Over 1.7 Million Users *

Microsoft Patch Tuesday Security Advisory – July 2025 *

FortiOS Heap Overflow Bug in Wireless Client Setup Raises RCE Concerns *

Critical Security Update for Ivanti Connect Secure and Policy Secure Products *

NTLM Credential Theft Enabled by Unicode Bypass Vulnerability in DNN CMS *

NordDragonScan Uses LNK and HTA Scripts to Deploy Infostealer on Windows *

CVE-2025-24269: Severe macOS SMBClient Flaw Allows RCE and Kernel Crashes *

Critical Security Flaw Forces Call of Duty: WWII Offline on PC *

Batavia Spyware Infects Employees Through Malicious Word Documents *

Slopsquatting Rise of AI Supply Chain Attacks exploiting Hallucinated Dependencies *

Android Malware Attacks Surge in Q2, Fueled by Banking Trojans and Spyware *

Linux Initial RAM Filesystem Vulnerability Grants Root Access During Encrypted Boot Process *

Remote Code Execution Risk Found in Comodo Internet Security 2025 *

Ransomware Disrupts Ingram Micro's Tech Distribution and Logistics Network *

Gaming-Themed Firefox Add-ons Used as Trojan Horses for OAuth and Data Theft *

Rising Threat: Malicious Drivers Exploit Windows Signing to Bypass Security *

CVE-2025-47227 & CVE-2025-47228: ScriptCase Bugs Threaten Server Security. *

RingReaper: Exploiting io_uring for Stealthy Linux EDR Evasion *

TAG-140 Strikes Indian Infrastructure Using Advanced Remote Access Trojan *

XWorm RAT Transforms into LockBit Ransomware Delivery Vector *

Hpingbot Botnet targets Windows, Linux, IoT systems via Pastebin, hping3 *

PoC Published for Linux Privilege Escalation Flaw Affecting udisksd and libblockdev *

Sophisticated XWorm RAT Exploits Advanced Evasion and Persistence Techniques *

Cybercriminals Launch Fake DWP Alert Scheme to Steal Financial Data *

Cybercriminals Turn Job Boards and Messaging Apps into Fraud Channels *

New Citrix Vulnerability Enables Session Hijacking and MFA Bypass *

Massive Data Breach Hits CIEE: 248K+ Records Exposed by Threat Actor 888 *

Cybercriminals Weaponized Inno Setup for Stealthy Malware Delivery *

Caution: Fraudulent MBAs and Degree Scams Thrive via Misleading .edu.eu European Domains *

NightEagle APT Exploits Zero-Day Vulnerability to Target Microsoft Exchange Servers in China *

Hpingbot and Crypto Miners Exploit Java and SSH Vulnerabilities in Coordinated Campaigns *

NSB Flags Chinese Apps for Excessive Data Collection and Privacy Risks *

Ingram Micro Experiences Global Outage, Cause Still Unknown *

Hellcat Ransomware Group Targets Telefónica Again via Jira Flaw *

PHP Vulnerabilities Identified – Potential for SQL Injection and DoS Attacks *

Fake SEO Plugins Compromise WordPress Sites Through Search Engine Spam *

Beware of Fake Online Stores Copying Big Brands and Stealing Payments *

High Severity Cache Poisoning Vulnerability in Next.js (CVE-2025-49826) Affects Self-Hosted and On-Prem Deployments *

New Apache APISIX Vulnerability Impacts Federated Identity Environments *

Kelly Benefits Notifies 553,000 Affected After Major Data Compromise *

HUMAN Satori Uncovers Sophisticated Mobile Ad Fraud Scheme: IconAds *

HIKVISION applyCT Exposed: Fastjson Flaw Enables Critical Remote Code Execution *

Lenovo System File Flaw Enables AppLocker Evasion Tactics *

Sudo Vulnerabilities Expose Root Privilege Escalation Risk Across Major Linux Distros *

Cybercriminals Exploit VPNs, Cisco Faces Surge in Password Spray Attacks *

Hpingbot Leverages Pastebin for Payload Delivery and Launches DDoS via Hping3 *

Cybercriminals Exploit Trust in .COM: Dominates Credential Phishing Landscape *

Qantas Data Breach Exposes Information of Up to 6 Million Customers *

Azure API Vulnerabilities Expose VPN Keys, Enable Over-Privileged Access *

ModSecurity Vulnerability CVE-2025-52891 Exposes Web Servers to XML-Based DoS Attacks *

Cisco Unified CM Vulnerability Enables Remote System Control *

Wing FTP Server Critical RCE Vulnerability (CVE-2025-47812) Allows Full Server Takeover *

Qwizzserial Android Malware Poses as Legit Apps to Steal Banking Info and 2FA Codes *

Malicious IDE Extensions Bypass Trust Checks, Target Developers Globally *

Security Flaw in YONO SBI App Puts Users at Risk of Man-in-the-Middle Attacks *

Critical Flaw in Forminator Plugin Threatens Over 400,000 WordPress Sites *

DCRat Malware Exploits Windows for Stealth Control and Information Extraction *

Exploiting Nessus Vulnerabilities on Windows Arbitrary System File Overwrites *

Chinese Houken Group Exploits Ivanti Zero-Days to Deploy Advanced Linux Rootkits *

FileFix Exploit Abuses Windows Browser Functions to Evade Mark-of-the-Web Security *

New DEVMAN Ransomware from DragonForce Targets Windows 10 and 11 Users *

Kimsuky Hackers Leverage ClickFix Tactic to Deploy Malicious Scripts Globally *

Critical Remote Code Execution Vulnerability Discovered in Anthropic MCP Inspector Tool *

Patient Data Compromised in Esse Health Cybersecurity Incident *

Multiple Security Issues in IBM Cloud Pak Put Enterprise Data at Risk *

Django Framework Exposed: Path Traversal and RCE Vulnerabilities Identified *

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories. *

Blind Eagle Targets Colombian Banks with Proton66 Hosting for Phishing and RAT Attacks *

Escalating Iranian Cyber Campaigns Target U.S. Defense and Industrial Networks *

Hackers Exploit UAC Bypass and .PIF Files to Spread Remcos Malware on Windows Devices *

Google Releases Emergency Patch for Actively Exploited Chrome Zero-Day Vulnerability *

Threat Actors Leverage Facebook Ads for Widespread Malware Distribution *

Sarcoma Ransomware Group Breaches Swiss Nonprofit Health Organization Radix *

High-Risk Flaws in D-Link Router Allow Unauthenticated Remote Code Execution *

Evasive Payload Generator ‘Zig Strike’ Raises Red Flags Across Security Industry *

Critical Synology Backup Flaw Exposes Microsoft 365 Data Worldwide *

IBM WebSphere Application Server Flaw Permits Remote Code Execution *

Critical Langflow Vulnerability Exploited to Launch Flodrix Botnet Attacks *

Hackers Use Snake Keylogger in Spearphishing Attacks Amid Rising Oil Geopolitics *

WordPress Sites Compromised by Stealthy RAT Campaign Using header.php Dropper *

RansomHub Ransomware Targets RDP Servers with Mimikatz and Advanced IP Scanner Tools *

Cloudflare Enhances Orange Meets with End-to-End Encryption and Open Source Access *

Bluetooth Vulnerabilities in Airoha Chipsets Expose Audio Devices to Attacks *

APT42 Spear-Phishing Campaign Targets Israeli Experts with Social Engineering *

Glasgow City Council Hit by Cybersecurity Breach *

Updated GIFTEDCROOK Malware Targets Ukrainian Government Entities *

Scattered Spider Expands Attacks to Aviation Sector Using Social Engineering *

Citrix NetScaler CVE-2025-6543 Flaw (CVSS 9.2) Exploited in Real-World Attacks *

Hackers Leak Data of Paraguay’s Citizens, Demand $7.4 Million Ransom *

Trojanized Software Installers Deliver Sainbox RAT to Windows Systems *

CapCut-Inspired Phishing Lures Users Into Sharing Sensitive Data *

TikTok Exploited in Global Malware Scheme Targeting PowerShell Users *

Open VSX Exploit Could Let Attackers Push Malicious VS Code Extensions *

Pre-Authentication DoS Vulnerability (CVE-2025-6709) Impacts MongoDB Server *

Hunt Electronics DVR Flaw Exposes Admin Passwords *

APT-C-36 Uses WebDAV Malware Delivery and Dynamic DNS to Evade *

Cyber Incident Hits Hawaiian Airlines, No Impact on Travel or Safety *

UNFI Recovers Core Systems Following Cyberattack on Whole Foods Supplier *

Massive Data Breach at Ahold Delhaize Hits 2.2 Million Individuals *

Critical Mitsubishi Electric AC Vulnerability Enables Remote Control Without Authentication *

Microsoft 365 Direct Send Abuse Enables Internal-Looking Phishing Attacks *

APT35 Intensifies Cyberwarfare with High-Tech Phishing on Israeli Security Experts *

Microsoft Teams Introduces Admin Controls to Manage M365 Apps for Improved Security *

HPE OneView for VMware vCenter Security Flaw Enables Privilege Escalation *

Critical Cisco ISE Flaws Enable Remote Execution of Malicious Commands *

Authentication Bypass Vulnerability Reported in ControlID iDSecure Software *

Pubload Malware Campaign Targets Tibetan Groups with Spear Phishing *

Realtek Bluetooth Vulnerability Enables DoS Attacks During Device Pairing *

CISA Issues Alert on MICROSENS NMP Web+ Vulnerabilities Allowing Full System Access *

Vulnerabilities in Brother Devices Allow Execution of Unauthorized HTTP Requests *

Chrome Releases Security Update to Fix 11 Code Execution Flaws *

Firefox 140 Released with Fix for Critical Code Execution Vulnerability – Immediate Update Advised *

TeamViewer Flaw Exposes Windows Systems to High-Risk File Deletion Attacks *

Critical Vulnerability in NVIDIA Megatron-LM Enables Malicious Code Injection *

FileFix Exploit Uses File Explorer to Run Hidden PowerShell Commands *

More Than 2,000 Devices Infected in Phishing Attacks Using Weaponized Social Security Statements *

TAG-140 targets Indian Govt. through DRAT V2 RAT, Exploiting Ministry of Defence Portal *

Hackers Inject Fake Customer Support Numbers into Bank of America, Netflix, and Microsoft Services *

SHOE RACK Malware Exploits Fortinet Firewalls Using DNS-over-HTTPS and SSH *

Critical Flaw in OPPO Clone Phone App Threatens User Data Security *

Critical Security Flaw CVE-2025-52562 Identified in Performave Convoy Management Panel *

Zimbra Issues Urgent Patch for High-Risk Stored XSS Vulnerability *

Silent Werewolf Exploits Windows LNK Flaw to Deploy XDigo Malware Across Eastern Europe *

WhatsApp Ban Enforced on U.S. House Devices for Security Reasons *

U.S. DHS Issues Warning on Rising Iranian Cyberattack Threats Amid Escalating Tensions *

SOHO Under Siege: LapDogs Malware Campaign Redefines Stealth Attacks *

CERT-UA Uncovers APT28 Targeting Ukrainian Government ICS with BEARDSHELL and COVENANT Malware *

IBM patches Critical vulnerabilities causing RCE and Data leakage in UP12 IF02 release. *

REvil Hackers Freed After Convictions on Carding and Malware *

New Malware Strains Delivered Through Signal in APT28 Attacks on Ukraine *

Critical Notepad++ Flaw Allows Full System Takeover – PoC Now Public *

TikTok Mods Weaponized: SparkKitty Spyware Hunts Crypto Wallets *

Cyberattack on McLaren Health Exposes Critical Patient Data *

Critical Vulnerabilities in Amazon EKS Lead to AWS Credential Exposure and Privilege Escalation *

Critical Teleport Vulnerability Allows SSH Authentication Bypass *

Mocha Manakin Exploits PowerShell and Node.js in Sophisticated Malware Chain *

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks *

Colombian Phishing Scheme Exploits SVG Files to Distribute AsyncRAT and RemcosRAT *

Critical RCE Vulnerability in Mattermost (CVE-2025-4981, CVSS 9.9) Exploited via Path Traversal *

Fraudulent Pop-Ups on CoinTelegraph Site Trick Users in Crypto Theft *

CoinMarketCap Hacked via Supply Chain Attack to Steal Crypto Through Fake Web3 Popup *

RapperBot Strikes Again: 50,000 Devices affected by DDOS Demanding Monero *

Confucius APT Unveils New Modular Backdoor Anondoor in Advanced Espionage Campaign *

Severe Meshtastic Vulnerability Exposes Private Messages to Attackers *

Google Flags New Tactic for MFA Bypass in Gmail by Russian Hackers *

Oxford City Council Suffers Data Breach Impacting Legacy Systems and Staff Records *

Aflac Reports Network Breach, Potential Data Exposure Under Investigation *

Unpatched Mattermost Servers Exposed to High-Risk Exploits *

OpenVPN 2.7_alpha2 Released with Major Upgrades and Critical Security Patch *

Paste-and-Run Scheme Powers Mocha Manakin Malware Attacks *

Trojanized WhatsApp Installer Targets East and Southeast Asia with XWorm RAT *

Prometei Botnet Update Targets Linux Infrastructure with Mining and Credential Theft *

Russia Faces Cyberattack Targeting Critical Veterinary Certification System *

UK Retail Giants Hit by Coordinated Cyberattack, CMC Labels It ‘Systemic Event’ *

Pickai Backdoor Exploits ComfyUI Flaws in Global AI Infrastructure Attack *

Hackers Seize Iranian Broadcast and Crypto in Sophisticated Cyber Strike *

Tonga's NHIS targeted in Ransomware attack, impacting digital functions *

Personal Data Exposed in Cyberattack on Oxford City Council *

Donut Giant Krispy Kreme Discloses Massive Data Breach After Ransomware Attack *

Critical Privilege Escalation Vulnerability in Motors WordPress Theme *

Cloudflare Tunnel Exploited in Global Malware Distribution Campaign *

Trojanized Python Tools Discovered in Massive GitHub Malware Campaign *

Record-Breaking 7.3 Tbps DDoS Attack Floods Hosting Provider with 37.4 TB in Under a Minute *

DuckDuckGo Boosts Scam Blocker to Block Fake Stores, Crypto Scams & Malvertising *

Godfather Android Trojan Now Operates Inside Fake App Environments *

MCP AI Engine Exploit Threatens More Than 100,000 WordPress Sites *

North Korean Hackers Use Social Engineering and Calendly to Deliver AppleScript Malware *

Silver Fox APT Exploits Trojanized Medical Software in Multi-Stage Cyber Espionage Attacks *

Cyberattackers impersonate MineCraft Mods targteting players via Multi-stage Malware *

The Pervasive Threat of the 16 Billion Record Data Leak *

Apache Traffic Server Vulnerability Enables Denial-of-Service via Memory Exhaustion *

Cisco AnyConnect VPN Vulnerability Enables Unauthenticated DoS Attacks *

LogMeIn Remote Access Exploited in Targeted System Breach *

Sophisticated Phishing Attack Using ASP Pages Targets Prominent Critics of Russia *

Hackers Use Cloudflare Tunnels to Deploy Python Malware on Windows Systems *

North Korean Chollima Hackers Deploy GolangGhost RAT Against Windows and macOS *

Sorillus RAT Campaign Abuses Cloud Services to Target European Organizations *

Critical Remote Code Execution Flaw Discovered in Cisco ClamAV (CVE-2025-20260, CVSS 9.8) *

Critical WordPress Plugin Flaw Allows Subscriber-Level Privilege Escalation *

Chrome 137 Update Fixes Multiple High-Severity Security Flaws *

Citrix NetScaler Receives Patch for Critical Security Flaw *

Hackers Bypass Security in Apple Pay and Google Pay Using Transit Mode *

Evasive Winos 4.0 Malware Campaign Hits Taiwan with Targeted Phishing Attacks *

Scania Suffers Insurance Data Breach in Cyber Extortion Attack *

KimJongRAT Uses Legitimate CDNs and Windows Utilities in Updated Multistage Attack Campaign *

Linux Kernel Vulnerability Allows Privilege Escalation via Namespace Abuse *

Critical Linux Root Exploit Chain Discovered in PAM and UDisks *

Flodrix Botnet Deployed via Active Exploitation of Langflow RCE Vulnerability *

Freedman HealthCare Targeted in Significant Data Breach *

Critical SSTI Vulnerability (CVE-2025-5309) in BeyondTrust RS and PRA Enables Remote Code Execution *

Chrome Users Targeted via Zero-Day Exploit in Ongoing Phishing Attacks *

RapiPlata SpyLoan App Exposes Over 150,000 Users to Severe Data Breach *

Critical Vulnerabilities in sslh Lead to Remote Denial-of-Service Attacks *

Critical TP-Link and Zyxel Flaws Exploited in the Wild, CISA and GreyNoise Warn *

Scattered Spider Hackers Escalate Attacks on U.S. Insurance Industry *

Vulnerability in ASUS Armoury Crate Allows Elevation to Admin on Windows *

Washington Post Hacked – Journalists' Email Accounts Breached in Targeted Cyberattack *

Gunra Ransomware group targets American Hospital Dubai in Major Data Breach *

Zoomcar Data Breach Exposes Personal Information of 8.4 Million Users *

Asheville Eye Associates Reports Data Breach Impacting 147,000 Individuals *

Spring Framework Vulnerability Exposes Applications to Reflected File Download Attacks *

Over 20 Fake Crypto Wallet Apps on Google Play Steal Users’ Login Details *

IBM Warns of High-Risk Privilege Escalation Vulnerability in BRMS for iSeries *

Malicious PyPI Package Targets Developers: Chimera-Sandbox-Extensions Exposed *

Tenable Patches Critical Agent Software Privilege Access Flaws Impacting Windows Systems *

AI-Powered Discovery of Zero-Day Vulnerabilities in .NET Assemblies *

KIA Vehicles in Ecuador at Risk Due to Outdated Keyless Entry Technology *

Critical Bug in Grafana Leaves Thousands of Monitoring Systems Open to Takeover *

High-Risk Vulnerability in Mitel OpenScape Accounting Management – CVE-2025-23092 *

Security Flaw in Grafana Lets Low-Level Users Access DingDing Webhook URLs *

Cybercriminals Exploit DeepSeek-R1 Chatbot Hype to Spread BrowserVenom Malware *

APT Tactics Observed in Fog Ransomware Attack on Asian Finance Sector *

Critical Windows SMB Client Flaw Enables SYSTEM-Level Privilege Escalation via Kerberos Abuse *

U.S. Sharp Healthcare Patients Impacted by Episource Data Breach in Ransomware attack *

Cyberattacks Disrupt Government Services in North Carolina and Georgia *

Quasar RAT Uses Batch Scripts and Sandbox Evasion to Stay Undetected *

Anubis Ransomware Evolves with Destructive Wiping Feature *

Cyber Intrusion at WestJet Affects App and Backend Services *

New TokenBreak Attack Outsmarts AI Moderation with One-Character Tweaks *

Weaponizing WordPress: Inside VexTrio’s Global Scam Network and Affiliate TDS Ecosystem *

Cloudflare, Google Workspace services impacted by Google Cloud's outage *

Critical Security Vulnerability Puts Mitel MiCollab Deployments at Risk *

New JavaScript Injection Campaign Using JSFireTruck Threatens Web Users *

New Ransomware Campaigns Leverage Unpatched SimpleHelp for Double Extortion *

Microsoft 365 MFA Service Disruption Due to Internal Configuration Update *

Discord Invitation Vulnerability Abused in Ongoing Malware Campaign *

Apple’s iMessage Used as Spyware Gateway in Targeted Attacks *

ACL Policy Misconfiguration in Nomad Opens Door to Job Hijacking *

OAuth Exploited: Phishing Attacks Hijack GitHub Tokens via Device Code Flow *

Acer ControlCenter Security Flaw Exposes Windows to Remote Code Execution *

OpenPGP.js Vulnerability Permits Evasion of Message Signature Validation *

OneLogin AD Connector Flaw Exposes User Authentication Credentials *

Malware Attack via Expired Discord Invite Links *

CVE-2025-49146: PostgreSQL JDBC Driver Bug Opens Door to Man-in-the-Middle Attacks *

Amazon Cloud Cam Vulnerability Could Be Leveraged for Network Reconnaissance *

Microsoft Outlook Vulnerability Could Allow Remote Code Execution by Hackers *

Trend Micro Issues Urgent Patches for Critical Apex One Vulnerabilities *

Palo Alto Networks Addresses Privilege Escalation Vulnerabilities with New Patches *

Graphite Spyware Exploited in Apple iOS Zero-Click Attacks Targeting Journalists *

Proofpoint Uncovers Entra ID Breach Campaign Using Legitimate Security Tool *

Reflective Kerberos Relay Attack: A New Zero-Day Threat to Windows SMB Client *

Critical Vulnerabilities in Weidmueller IE-SR-2TX Routers Enable Remote Root Exploits *

GitLab Urgent Update: Critical Security Flaws Fixed – Immediate Upgrade Required *

Adobe Issues Security Update to Resolve 254 Vulnerabilities *

SinoTrack GPS Devices Found Vulnerable to Unauthorized Remote Access *

Chrome and Firefox Updates Patch Critical Memory Vulnerabilities *

Zero-click AI Data Leak Vulnerability Discovered in Microsoft 365 Copilot *

Privilege Escalation and Secret Key Exposure Fixed in Apache CloudStack LTS Releases *

Ivanti Addresses Critical Credential Security Vulnerabilities in Workspace Control *

Critical Kibana Vulnerability: Synthetic Monitoring at Risk of Unauthorized Entry *

Firmware-Level Privilege Escalation Through Insyde’s Insecure NVRAM Variable SecureFlashCertData *

HPE Aruba Patches Sensitive Data Exposure Vulnerability in Private 5G Core *

Microsoft Patch Tuesday Security Advisory- June 2025 *

TxDOT Data Breach Exposes Sensitive Driver Information *

Ongoing Heroku Outage Impacts Developers and Online Services *

FIN6 Leverages Fake Resumes and Cloud Infrastructure to Deliver More_eggs Malware *

Roundcube Webmail Vulnerability CVE-2025-49113 Enables Remote Code Execution via PHP Object Injection *

Misconfigured DanaBot C2 API Endpoint Discloses Sensitive Attacker Information *

Critical Remote Code Execution Flaw in ManageEngine Exchange Reporter Plus *

Security Flaw Threatens Over 33,000 RealHomes WordPress Sites with Admin Hijacking *

OpenAI Cracks Down on Misuse of ChatGPT by Russian, Chinese, and North Korean Actors *

Critical QNAP Vulnerabilities Enable Remote Account Hijacking *

Chinese Hackers Target SentinelOne in Failed Breach Attempt, Report Finds *

Operation DRAGONCLONE: China-Aligned APT Targets China Mobile Tietong with Advanced Malware and Exploits *

Critical Authentication Bypass in RevPi Webstatus (CVE-2025-41646) Exposes Industrial Systems to Remote Attacks *

Critical Vulnerability in Lovable Platform Exposes User Data *

Phishing Campaign Targets Legacy Office Users with FormBook-Infested Excel Files *

Chinese Nation-State Hackers Launch Coordinated Attacks Across 70+ Entities *

Wazuh Servers Hit by Mirai Botnets Exploiting Critical RCE Flaw *

Cyberattack Disrupts United Natural Foods Inc. (UNFI), Operations Across U.S. and Canada *

Sensata Technologies Data Breach Exposes Employee Information After Ransomware Attack *

Socket Uncovers npm Malware Designed to Annihilate Production Systems *

Salesforce Aura Controller Hit by Critical SOQL Injection Vulnerability *

Millions of Devices Compromised by HelloTDS Malware Through Fake Captcha Networks *

Encoded Malware and Social Engineering Used in Recent Kimsuky Operation *

GitHub Hosts Emerging C# Malware Toolkit DuplexSpy RAT *

Blitz Malware Spreads Through Backdoored Standoff 2 Cheats *

North Korea Hit by Widespread Internet Outage, Internal Cause Suspected *

Malware Discovered in NPM Packages with Over 1 Million Weekly Downloads *

Malicious Android App Posing as Government Tool Distributes Stealer Malware *

Malicious Actors Exploit ChatGPT to Generate Fake IT Resumes and Spread Disinformation *

Operation Phantom Enigma: Browser Extension Malware Campaign Hits Brazil *

Fake Microsoft Support Centers in India Scammed Thousands in Japan *

Backdoor Vulnerabilities in npm Modules Allow Complete File Deletion *

DragonForce Targets Critical Industries in Sophisticated Ransomware Attacks *

Rust-Coded Infostealer Targets Chromium Profiles and Bypasses EDR *

ClickFix Phishing Attack Leverages Cloudflare CAPTCHA Spoofing *

Single User Behind Hundreds of Malicious GitHub Repos Aimed at Novice Cybercriminals *

BladedFeline Cyber Group Intensifies Espionage Against Iraqi and Kurdish Targets *

Optima Tax Relief Hit by Chaos Ransomware in Double-Extortion Attack *

Modified Mirai Botnet Targets Legacy Surveillance Systems *

Cybersecurity Researchers Discovered Critical Flaws in Popular Chrome Extensions *

Unpatched Fortinet Systems Targeted in New Qilin Ransomware Surge *

Kettering Health Confirms Major Ransomware Attack by Interlock Group *

Amplify Codegen Vulnerability Allows Remote Code Execution *

Critical FreeRTOS-Plus-TCP Vulnerability Enables Remote Code Execution or System Crash *

BadBox 2.0 Malware Targets Over Million Android Devices in Global Cyber Threat *

Paste ee Exploited as Malware Delivery Vector for XWorm and AsyncRAT *

TA397 targets China and Europe organizations exploit scheduled tasks, deploy RAT via SpearPhishing *

New Wireshark Vulnerability Enables DoS Exploits *

Dark Web Listing Claims Sale of Exposed Odoo Employee Database *

PathWiper destructive Malware deployed to obstruct Ukrainian operations *

Dell PowerScale Flaw Lets Attackers Gain Unauthorized Access to Filesystem *

VMware NSX XSS Flaw Allows Remote Attackers to Inject Malicious Code into Systems *

WordPress Administrators Alerted to Credential-Stealing Cache Plugin *

Data Breach at Media Giant Lee Enterprises Impacts 39,000 Individuals *

Critical Cisco ISE Vulnerability Impacts AWS, Azure, and OCI Cloud Environments *

Eleven11bot Botnet Hijacks 86,000 IP Cameras for Massive DDoS Assault *

Stealthy ‘Sleeper Agent’ Browser Extensions Found on Over 1.5 Million Devices Worldwide *

SCATTERED SPIDER Hackers Exploit IT Teams, Bypass MFA with Social Engineering *

Crocodilus Android Trojan Expands to Eight Countries, Targeting Banks and Crypto Wallets *

Chaos RAT disguised as Network tool targets Windows, Linux systems via Phishing *

AMOS macOS Stealer Uses Clickfix Exploit to Sneak Malicious Code Past Defenses *

35,000 Internet-Exposed Solar Power Systems at Risk of Cyberattacks *

Luxury Retail Giant Cartier Discloses Customer Data Breach *

Thousands Affected by Credential Stuffing Attack on The North Face *

AI-Powered Microsoft Defender Blocks 120,000 Attacks in Six Months *

Sensitive Configuration Files at Risk Due to IBM QRadar Vulnerabilities *

Google Fixes Third Actively Exploited Chrome Zero-Day Vulnerability of 2025 (CVE-2025-5419) *

CISA Warns of Active Exploitation of ConnectWise ScreenConnect and Other Critical Flaws *

Cyberattackers impersonate Gitcode and Docusign sites to spread NetSupport RAT through Multi-staging Powershell scripting *

Android Devices Receive Critical Patch for GPU and Kernel Vulnerabilities *

10-Year-Old Roundcube RCE Vulnerability Threatens Millions of Servers *

Exploiting Safari’s JavaScript TypeError Vulnerability for Cross-Site Scripting (XSS) *

Black Owl Hacktivists Escalate Cyber Attacks on Russian Infrastructure *

Unauthenticated XML Injection Found in Apple’s iOS Activation Flaw *

Unpatched iOS Activation Flaw Exposes Devices to Silent Pre-Setup Attacks *

MainStreet Bank Data Breach Affects Customer Payment Cards *

Authentication Flaw in Instantel Micromate Puts Critical Infrastructure at Risk *

ModSecurity Bug Lets Attackers Exhaust Memory and Disrupt Web Services *

New Lyrix Ransomware Strain Exploits Advanced Evasion to Attack Windows Users *

Cybercriminals Exploit CAPTCHA Bypass to Automate Microsoft Account Creation *

Dameware Vulnerability Could Let Low-Level Users Gain Admin Access *

Critical HPE StoreOnce Vulnerabilities Expose Systems to Remote Code Execution and Authentication Bypass *

JINX-0132 Cryptojacking Campaign Exploits Devops Webservers via XMRig Mining Malware *

Android CVEs Reveal How Preinstalled Apps Compromise User Security *

EddieStealer Malware Spread Through ClickFix CAPTCHA Scam *

Critical Vulnerabilities Found in MediaTek Chipsets *

Realtek Bluetooth HCI Adaptor Vulnerability Poses Privilege Escalation Risk *

Urgent Patch Required for IBM InfoSphere DataStage Cleartext Vulnerability *

Qualcomm Urges Immediate Patching Amidst Active Adreno GPU Exploitation *

JavaScript Bundle Flaw Grants Unauthorized Access to Azure AD Tokens *

Severe Vulnerability in Denodo Scheduler Enables Remote Code Execution by Threat Actors *

Attackers Exploit Critical Remote Code Execution Flaw in Roundcube *

Critical Security Flaw in Open-Source Code Exposes GitHub Repositories *

Critical Security Flaws Leave CS5000 Fire Systems Vulnerable Worldwide *

Two Critical Linux Vulnerabilities Allow Credential Exposure via Core Dump Handlers *

Blockchain Technology Implementation to Defend Digtital threats *

Exploit Details for Critical Cisco IOS XE Flaw Now Public *

Conti Ransomware Gang Exposed Key Leaders Unmasked and Operations Revealed *

The Changing Landscape of DDoS Defense in 2025 *

UK Healthcare Organizations Targeted in Broad Cyber Campaign Exploiting Ivanti Flaw *

Major DDoS Attack on ASVT Causes Widespread Internet Outages in Moscow *

Massive Office 365 Breach Campaign Tied to Dadsec and Tycoon2FA Phishing Network *

Firebase and Google Apps Script Exploited in New Phishing Campaigns *

Maine and New Hampshire Hospitals Cut Services Following Cyber Incident *

Interlock Ransomware Strikes UK Using Newly Deployed NodeSnake RAT *

New Ubuntu and Red Hat Bugs Allow SUID Binary Memory Leaks *

LexisNexis Risk Solutions Reports Unauthorized Data Access Impacting Over 360,000 Individuals *

CISA Advised to Include CVE Origin and Exploit Conditions in KEV Entries *

Critical RCE and API Vulnerabilities discovered in vBulletin Template Engine *

Pure Crypter Bypasses Windows 11 24H2 Security Using Advanced Evasion Techniques *

Critical Icinga 2 Flaw Enables Certificate Forgery and Trust Bypass by Attackers *

Meta Blocks Foreign Influence Campaigns Exploiting Facebook and Instagram *

ConnectWise ScreenConnect Hit by Nation-State Cyberattack *

U.S. Sanctions Philippines-Based Funnull for Enabling Crypto Investment Scams *

Firefox 139.0.1 Hotfix Resolves NVIDIA Graphics Glitches on Windows *

Microsoft Entra Billing Roles Exploited by Attackers to Gain Elevated Access in Enterprises *

China-Linked Threat Actor Earth Lamia Targets Enterprise Platforms Across Asia *

Malicious PyPI Package Launches a Supply Chain Attack to Steal Solana Private Keys *

New Malware Exploit Evades Antivirus by Skipping PE Header in Windows *

Safari Fullscreen Exploit Enables Stealth Phishing Attacks to Capture User Credential *

Vulnerability in Nextjs Dev Server Results in Exposure of Developer Information *

EDDIESTEALER Malware Exploits Fake CAPTCHA to Target Windows Users *

North Korean IT Workers Use Legitimate Tools and Network Techniques to Bypass EDR Detection *

PumaBot Compromises IoT Devices Through SSH Credential Attacks *

Critical Argo CD Flaw Lets Attackers Manipulate Kubernetes Resources *

Phishing Campaign Exploits Nifty infrastructure Targets Corporate Users *

Apache Tomcat Vulnerability Exposes Weakness in CGI Servlet Access Controls *

SimpleHelp Flaws Exploited by DragonForce to Launch Widespread Ransomware Attacks *

Stealthy Windows RAT Avoids Detection for Weeks by Abusing Corrupted DOS and PE Headers *

Cybercriminals Use Malware Loaded Installers Posing as Popular AI Tools to Target Users *

ChoiceJacking A New USB-Based Threat to Mobile Device Security *

Woodpecker Tool to Find Security Issues in AI, Kubernetes, and APIs *

Massive Brute-Force Attack UTG-Q-015 Hits Government Web Infrastructure *

Exploitation of Supply Chain Vulnerabilities by APTs in Enterprise Environments *

Phishing Operation Exploits NetBird and OpenSSH to Breach Global Financial Leaders *

Dell Urges Immediate Update for PowerStore T Systems to Patch Critical Vulnerability *

Zanubis Android Malware Steals Banking Data and Enables Remote Device Control *

ChoiceJacking Flaw Lets Hackers Exploit Malicious Chargers on Android and iOS *

Hackers Exploit Craft CMS Flaw to Deploy Cryptocurrency Mining Malware *

XenServer VM Tools Security Flaws Allow Attackers to Execute Arbitrary Code *

OneDrive File Picker Flaw Exposes Full Cloud Access via OAuth Misuse *

AyySSHush Botnet Compromises 9,000 ASUS Routers via Persistent SSH Backdoor *

Silver RAT Malware Leveraging New Anti-Virus Evasion Methods to Execute Malicious Activities *

Firefox's Zero-Interaction libvpx Flaw: A Gateway for Arbitrary Code Execution *

Ransomware Attack Disrupts MathWorks Operations, Impacts MATLAB Users Globally *

Chrome 137 Launches with High-Severity Security Fixes and On-Device AI for Scam Detection *

Hackers Imitate OneNote Login Page to Steal Office 365 and Outlook Credentials *

DragonForce Ransomware Exploits SimpleHelp Vulnerabilities in MSP Supply Chain Breach *

Payroll Portal Phishing Scam Targets Employees via Google Searches *

TAG-110 Shifts to Macro-Enabled Word Templates in Espionage Campaign Targeting Tajikistan *

Critical Unpatched Vulnerability in TI WooCommerce Wishlist Plugin (CVE-2025-47577) *

Cybercriminals Exploit Fake DocuSign Alerts to Steal Corporate Information *

Luna Moth (Chatty Spider) Callback Phishing Campaign Targeting U.S. Organizations *

Service Outages at MathWorks Traced to Ransomware Breach *

Microsoft 365-Based Cyberattack Exploiting OAuth Redirection for Unauthorized Account Access *

Google Meet Impersonation Leads to Cross-Platform Malware via PowerShell Commands *

Critical GIMP Vulnerabilities Allow Remote Code Execution via Malicious Image Files *

Unsecured Firmware in Hardy Barth EV Stations Enables Full System Takeover *

Silver RAT Malware Uses Process Hollowing and Obfuscation to Evade Detection *

Adidas Data Breach Highlights Growing Threat of Third-Party Cyber Attacks in Retail Sector *

Oracle TNS Vulnerability Allows Unauthenticated Access to Sensitive System Memory *

vBulletin RCE Vulnerability Exposes Forums to Remote Attacks *

FBI Warns of Silent Ransom Group Impersonating IT Support to Infiltrate Victims *

Threat Actors Use Database Client Tools to Steal Sensitive Data from Compromised Systems *

Katz Stealer Malware Infects Systems via Phishing and Malicious Downloads *

Malicious Phishing Site Targeting DigiYatra Users *

Remote Command Injection Vulnerability Found in Meteobridge Web Interface *

Malicious npm and VS Code Extensions Exploit Open-Source Ecosystems *

DOUBLELOADER Malware Uses Game-Hacking Obfuscator ALCATRAZ to Evade Detection and Deliver RHADAMANTHYS *

Hacker Sells 500+ Databases on Dark Web, Exposing Sensitive User Data *

Critical Apache Tomcat Remote Code Execution Flaw Exposed with PoC *

Bitwarden Vulnerability Exposes Users to Malicious PDF Attacks *

Tenable Network Monitor Update Fixes Critical Privilege Escalation Vulnerabilities *

Thousands of Systems Compromised in Massive Cyber Campaign by TA-ShadowCricket *

Security Flaw in D-Link Routers, Update to Firmware 1.1.00.26 to Protect Against Exploits *

Ransomware Disrupts Nova Scotia Power Services and Leaks Sensitive Data *

Severe Security Bug in WSO2 Allows Arbitrary User Password Resets *

Over 184 Million User Passwords Exposed in Hacker-Managed Open Directory Leak *

Chihuahua Malware Exploits .NET to Steal Credentials and Exfiltrate Through Phishing *

Zero Trust Policy Flaw Allows Exploitation of Vulnerabilities and Tampering with NHI Secrets *

Critical Flaw in AutomationDirect MB-Gateway Exposes Industrial Networks *

Atlassian and GitLab Address Multiple High-Risk Flaws Admins Urged to Apply Updates *

Ransomware Hits Marlboro-Chesterfield Pathology, Exposing Over 235K Health Records *

Rapid7 Uncovers Stealthy Malware Campaign Delivering Winos 4.0 via Fake Apps *

Denial-of-Service in BIND DNS Paves Way for Critical Security Policy Bypass *

GitLab Duo AI Vulnerability Let Hackers Hijack Responses Using Hidden Prompts *

CISA Issues Warning on Widespread SaaS Exploits Using App Secrets, Cloud Flaws *

Critical ModSecurity Flaw Threatens Web Servers with DoS Attacks *

Critical Backdoor Vulnerability in NETGEAR DGND3700v2 Routers (CVE-2025-4978) Enables Full Remote Access Without Authentication *

Critical Flaws Exposed in ABB ASPECT Building Management System *

Threat Actor Sells Burger King Spain Backup System Exploit for $4,000 *

Chinese Nexus Hackers Exploit Critical Flaw in Ivanti Endpoint Manager Mobile *

TikTok Videos Exploited to Spread Vidar and StealC Malware via ClickFix Method *

Smart Contract Vulnerability Leads to Massive $223M Breach on Cetus Protocol *

Widespread Malicious NPM Packages Discovered Exfiltrating Data and Destroying Systems *

Apple Patches Critical XNU Kernel Vulnerability CVE-2025-31219 *

Operation Endgame II Disrupts DanaBot’s Global Malware Network *

New Windows Server 2025 Vulnerability Threatens Active Directory Environments *

Critical Vulnerability Found in GitLab Duo AI Assistant *

Leaked LockBit Data Reveals Affiliate Strategies and Ransomware Tactics *

Newly Discovered Fortinet Flaw Allows Attackers to Take Control Remotely *

Qakbot Malware Developer Allegedly Behind Widespread Ransomware Attacks *

Cybercriminals Compromise more than 50 brands to turn 5,500 Edge Devices into Honeypots *

CISA Warns of Threat Actors Exploiting Commvault Azure App to Exfiltrate Sensitive Data *

Severe Flaw in Netwrix Password Manager Allows Remote Code Execution by Authenticated Users *

AI-Assisted Discovery: SMB 0-Day Found in Linux Kernel via ChatGPT *

Versa Concerto Authentication Bypass Leads to Remote Code Execution *

Cisco Webex Vulnerability Exposes Users to HTTP Cache Poisoning Attacks *

Chinese Threat Actor Exploits Cityworks Vulnerability to Target U.S. Local Governments *

Fake Ledger Apps on macOS Stealing Crypto Wallet Seed Phrases *

Security Flaws in Chrome Allow Remote Execution of Malicious Code *

Malicious JavaScript Injected into PWAs to Target Mobile Users *

23 Million Coca-Cola Records Stolen in Major Data Breach, Everest Hacking Group Involved *

Cisco RADIUS Process Flaw in Identity Services Could Let Attackers Cause DoS *

Cellcom Acknowledges Cyberattack Behind Five-Day Network Outage *

Severe Security Flaw in Lexmark Printers Allows Remote Code Execution *

Self-Replicating Malware Targets Docker Containers for Crypto Mining and Persistent Infections *

Leaked 'Accenture Files' Reveal Global Projects Handling Billions of User Data *

PureRAT Malware Surges in 2025, Leveraging PureLogs to Target Russian Businesses *

Evolving 3AM Ransomware Tactics Mirror Black Basta and FIN7 Playbooks *

Kettering Health experiences a widespread system outage due to a ransomware attack *

Palo Alto Networks Discloses XSS Flaw Impacting GlobalProtect VPN Users *

Fake Kling AI Scam Exposes 6 Million Users to Sophisticated Malware in Global Cyberattack *

More Eggs Malware Exploits Job Applications to Distribute Malicious Payloads *

Hackers Exploit TikTok and Instagram APIs to Confirm Stolen Account Details *

Kimsuky threat group delivers XWorm RAT via powershell payloads *

AWS Default IAM Roles Expose Pathways for Lateral Movement and Cross-Service Exploitation *

Broadcom Patches Critical VMware Vulnerabilities Affecting ESXi vCenter and Workstation *

SideWinder Targets South Asian Governments with Geofenced StealerBot Malware Campaign *

Malicious Chrome Extensions Masquerade as Legitimate Tools to Exfiltrate Data and Hijack Sessions *

Hazy Hawk Campaign Exploits Dormant DNS CNAME Records to Hijack Trusted Subdomains *

SK Telecom Data Breach Malware Campaign Compromises USIM Data of 27 Million Users *

Critical DoS Vulnerability in Multer Threatens Millions of Node.js Applications *

Microsoft Patches High-Severity Bug in Windows 11 Admin Tools *

Security Flaw in O2 VoLTE Allows Geolocation of Call Recipients *

Microsoft Releases Emergency Update to Fix BitLocker Recovery Key Issue on Windows 10 *

Malicious npm Package Targets Koishi Chatbots, Stealing Sensitive Data Instantly *

The W3LL Phishing Kit initiates a widespread campaign targeting Outlook login credentials *

Prompt Injection Techniques Used to Evade AI-Powered Web Application Firewalls *

Chinese APT Mustang Panda Unveils Advanced EDR Bypassing Techniques *

Phishing Scam Tricks Users with Fake Zoom Invitations from Deceptive Domains *

Ivanti EPMM 0-day Vulnerability Actively Exploited in the Wild *

Cybercriminals Exploit AutoIT to Deploy Advanced Malware on Windows Systems *

Trojanised KeePass Installer Used to Deliver Cobalt Strike and Steal Credentials in Sophisticated Malware Campaign *

Critical Vulnerability in Auth0-PHP SDK Enables Brute Force Attacks on Session Cookies (CVE-2025-47275) *

Sophisticated Phishing Campaign Targets Kuwaiti and Gulf Sectors with Over 230 Deceptive Domains *

New Apple Kernel Vulnerability Affects Multiple iOS and iPadOS Versions *

Dairy Giant Arla Foods Suffers Cyber Disruption at German Plant *

Major Data Breach at UK Legal Aid Agency Compromises Sensitive Applicant Information *

Volkswagen Data Breach Major Security Flaws in Connected Car App Expose Personal and Vehicle Information *

Zero Day Attacks at Pwn2Own Trigger Firefox Security Update *

Trusted VMware Tool RVTools Compromised to Deliver Bumblebee Loader Malware *

Multi Stage Cyberattack Exploits Unpatched Confluence Servers via RCE and RDP Access *

ModiLoader Malware Campaign Strikes Windows PCs to Steal User Credentials *

BreachForums Admin Faces 700000 Penalty for Health Care Data Breach *

glibc Flaw Exposes Linux Systems to Local Code Execution Threats *

Critical UAF Vulnerability in Windows RD Gateway Enables Remote Code Execution *

PowerShell Driven Ransomware Targets Elon Musk Fans in Satirical CyberAttack *

High-Risk XXE Vulnerability Impacts WebDriverManager Java Library *

Critical Security Flaws Found in OpenText OBM CVE-2025-3476 and CVE-2025-3272 Require Immediate Patching *

Google Chrome Hit by Active Exploits: Urgent Patches Released *

Enterprise Platforms Fall as VMware Firefox Red Hatand SharePoint Hacked at Pwn2Own *

Cybercriminal Group INC Admits to Breaching South African Airways *

Duo Broadband Customer Data Exposed in CDG Ransomware Attack *

Critical Security Vulnerability in Rockwell Automation FactoryTalk Historian-ThingWorx Connector *

Critical Privilege Escalation Vulnerability Impacts Over 10,000 WordPress Eventin Sites *

Chinese Hackers Target Drone Supply Chain in Sophisticated Cyber Attacks *

Sophisticated NPM Malware Uses Google Calendar for Stealthy Command-and-Control *

Severe Vulnerability in Eventin Plugin Exposes 10000 WordPress Sites to Attack *

Procolored Software Update Contained RAT and Crypto Stealer *

Skitnet Malware Emerges as Powerful Post-Exploitation Tool for Ransomware Gangs *

Fileless PowerShell Attacks Use LNK Shortcuts and MSHTA to Deliver Remcos RAT *

New Branch Privilege Injection (BPI) Vulnerability in Intel CPUs *

HTTPBot Botnet Targets China's Gaming and Tech Sectors with Precision DDoS Attacks *

APT Group 123 Continues Targeting Windows Systems with Malicious Payload Campaign *

FrigidStealer Malware Targets macOS Users with Sophisticated Credential Theft *

VanHelsing Simulation Details How Affiliates Launch Coordinated Attacks *

Commit Stomping How Hackers Manipulate Git Timestamps to Rewrite Code History *

SonicWall SMA1000 SSRF Flaw Allows Remote Attackers to Exploit Encoded URLs *

Jenkins releases security update addressing vulnerabilities that threaten CI-CD pipelines *

Nucor Halts Operations at Multiple Facilities After Cybersecurity Breach *

Hackers Use Open Source Packages to Spread Malware in Supply Chain Attacks *

Hackers Use Google Services to Send Fake Law Enforcement Requests *

CISA Issues Warning on Five Actively Exploited Zero-Day Vulnerabilities in Windows Systems *

Fileless PowerShell Malware Evades Detection by Antivirus and EDR Tools *

Advanced .NET Multi-Stage Loader Targets Windows to Deliver Malware Payloads *

Hackers Exploit Coinbase Employees, Leading to $400 Million Data Exposure *

Nova Scotia Power Confirms Data Breach, Offers Credit Monitoring to Affected Customers *

Google Patches Actively Exploited Chrome Vulnerability CVE-2025-4664 *

BitLocker Threat: Bitpixie Vulnerability Enables Fast Encryption Bypass *

Node.js Vulnerability Exposes Systems to Process Crashes and Service Disruptions *

Russian hackers are using a new security flaw in MDaemon to attack webmail servers *

Hackers Turn to Xanthorox AI for Automated Phishing and Malware Campaigns *

Horabot Malware Campaign Targets Latin America Through HTML Phishing *

Google Alerts U.S. Retailers of Rising Threat from Scattered Spider Tactics *

Critical Adobe Illustrator Flaw Allows Remote Code Execution by Attackers *

Remote Code Execution Vulnerability in Outlook Could Enable Code Execution *

Earth Ammit Cyber Campaigns Target Taiwan and South Korea’s Defense and Tech Sectors *

Cyberattack Disrupts Operations at Nucor, Largest U.S. Steel Producer *

Australian Human Rights Commission Exposes Documents to Search Engines *

BianLian and RansomExx Exploit SAP NetWeaver Vulnerability to Deploy PipeMagic Trojan *

Samsung Fixes CVE-2025-4632 Vulnerability Exploited by Mirai Botnet Through MagicINFO 9 *

Microsoft Alerts Users to AD CS Vulnerability Enabling Network-Wide Denial-of-Service Attacks *

Microsoft Issues Patch for Defender Vulnerability Allowing Local Privilege Escalation *

Exploiting GovDelivery for TxTag Toll Charge Phishing Scam *

Swan Vector APT Targets East Asian Organizations Using Spear-Phishing and Stealthy DLL Implants *

Marks & Spencer Confirms Data Breach Following Cyberattack on Customer Systems *

Hackers Exploit KeePass to Distribute Malware and Steal User Credentials *

Threat Actor Used Fake Solana Tool on PyPI to Extract Source Code from 761 Downloads *

Critical Fortinet RCE Flaw (CVE-2025-32756) Actively Exploited in FortiVoice and Other Devices *

Microsoft Patch Tuesday Security advisory- May 2025 *

Ongoing North Korean Cyber Campaigns Targeting Ukraine and South Korea *

Dior Alerts Chinese Customers After Cyberattack *

Intel CPUs Affected by New Branch Privilege Injection Vulnerability *

Public Alert on Fraudulent Online Investment Scheme Dismantled by Authorities *

North Korean Nationals Indicted for Massive Remote IT Job Fraud *

Ivanti Releases Critical Security Update for EPMM After Limited Exploits Discovered *

Persistent Firmware Key Management Failures Weaken Intel Boot Guard and UEFI Secure Boot *

CISA Warns of Stealth Functionality Flaw in TeleMessage TM SGNL *

XSS Vulnerability in VMware Aria May Lead to Access Token Theft *

Hackers Exploit PyInstaller to Deliver Stealthy Info-Stealing Malware on macOS *

DriverHub Vulnerability in ASUS Software Exposes Systems to Privilege Escalation Attacks *

DDoS Attacks Used as Cover for Data Breaches by Cybercriminals *

Apple Issues Security Updates to Address Severe Data Exposure Vulnerabilities *

North Korean Attackers Use Malicious LNK Files to Target Activists *

Lumma Stealer Adopts PowerShell and Sophisticated Tactics in Latest Evolution *

iClicker Website Compromised to Deliver Malware to Students via Fake CAPTCHA Page *

Hackers Begin Testing ClickFix Attacks on Linux Systems *

Zero-Day Flaw in Output Messenger Exploited in Espionage Campaigns *

Fake AI Tools Used to Spread Malware *

Threat Actors Use JPEG Images to Deliver Undetectable Ransomware Payloads *

Hackers Leverage Cobalt Strike Beacon to Obtain Microsoft Entra Refresh Tokens in New Exploit *

RATty Malware Campaign Targets Southern Europe via Sophisticated Phishing Scheme *

ASUS DriverHub Patches Critical Remote Code Execution Vulnerabilities *

New Phishing Technique Exploits Blob URLs to Bypass Secure Email Gateways and Evade Detection *

Google Researchers Highlight Critical Mach IPC Flaws in macOS Sandbox *

Hackers Leverage Copilot AI to Access Restricted SharePoint Content *

Hackers Exploiting Microsoft Entra ID Legacy Protocols to Bypass MFA and Conditional Access Controls *

Critical Vulnerabilities In Mitel SIP Phones Allows Attackers to Inject Arbitrary Commands *

Metasploit Update Introduces Erlang/OTP SSH Exploit and OPNSense Vulnerability Scanner *

Wormable Linux Rootkit Spreads Across Systems to Steal SSH Keys and Escalate Privileges *

Threat Actors Target Job Seekers with Sophisticated Recruitment Scams *

Advanced PhaaS Toolkits Now Generating Highly Realistic Phishing Pages *

PupkinStealer Malware Exploits .NET to Steal Credentials and Exfiltrate Through Telegram *

Critical Azure and Power Apps Flaws Enable Privilege Escalation and Data Exposure *

Mitel SIP Phones Exposed to Critical Vulnerabilities: Command Injection and File Upload Risks *

DOGE Employee's System Breached by Info-Stealer Malware, Data Security at Risk *

Google Search and Chrome Get AI Upgrade to Detect Sophisticated Scam Tactics *

Critical CloudVision ZTP Vulnerability Patched by Arista, Earning CVSS 10 Score *

Helpdesk Under Siege: Hackers Exploit IT Support Portals for Initial Access *

Stealthy .NET Malware Embeds Payloads in Bitmap Files to Evade Detection *

SAP Systems Under Attack: Chinese Hackers Exploit Critical RCE Vulnerability *

Brazilian Executives Targeted by Initial Access Brokers Using NF e Spam and Legit RMM Trials *

OtterCookie v4 Now Detects Virtual Machines and Steals Chrome, MetaMask Credentials *

U.S.-Dutch Operation Dismantles 7,000-Device Proxy Botnet Leveraging IoT and End-of-Life Systems *

Malicious npm Packages Backdoor Over 3,200 Cursor Users, Steal Credentials *

Threat Actors Exploit WinRM to Evade Security Measures in Active Directory Networks *

SEO Poisoning Attack Uses Trusted IT Tools to Distribute Malware to Professionals *

Security Flaw in Apache ActiveMQ Immediate Action Required to Prevent DoS Attacks *

Critical macOS Vulnerability CVE-2024-44236 Enables Remote Code Execution via Malicious ICC Profiles *

Attackers Leverage Host Header Injection for Web Application Breaches *

Severe Flaw in Ubiquiti UniFi Protect Cameras Enables Remote Code Execution *

New Spam Campaign Exploits Remote Monitoring Software to Infiltrate Organizations *

New Scam Exploits X Twitter Ad URL Display Flaw to Deceive Users *

Critical Flaws in Radware Cloud WAF Enable Bypass of Security Filters *

38,000+ FreeDrain Subdomains Used in SEO Scam to Steal Crypto Wallet Seed Phrases *

Insight Partners Confirms Data Breach Exposing Investor Information *

Kickidler Employee Monitoring Software Exploited in Ransomware Attacks *

Critical Microsoft Bookings Flaw Allowed HTML Injection and Meeting Manipulation *

LockBit Ransomware’s Internal Data, Wallets, and Passwords Leaked in Major Breach *

Remote Reboot Vulnerability in Cisco IOS, IOS XE, and IOS XR *

Critical Cisco IOS XE Wireless Controllers Flaw Grants Attackers Full Device Control *

Healthcare Sector Becomes Leading Target for Cyber Attacks in 2025 *

CoGUI Phishing Platform Sent 580 Million Emails in Massive Credential Theft Campaign *

Europol Dismantles Six DDoS-for-Hire Platforms Involved in Worldwide Cyberattacks *

OttoKit WordPress Plugin with Over 100K Installs Targeted by Exploits Leveraging Multiple Vulnerabilities *

Lampion Malware Exploits ClickFix Tactics to Steal Banking Information *

North Korean Hackers Exploit Trusted Vendor in $1B Crypto Theft, Researchers Reveal *

Critical CVE-2025-25014 Vulnerability in Kibana Allows Remote Code Execution via Prototype Pollution *

Samsung MagicINFO 9 Server RCE Vulnerability (CVE-2024-7399) Under Active Exploitation *

Hackers Target Educational Institutions in New Mexico with Cyber Attacks *

Apache Parquet Exploit Tool Identifies Servers Vulnerable to Critical Flaw *

Exploitation of Remote Code Execution Flaw in Samsung MagicINFO 9 Server Confirmed in Recent Attacks *

Hackers Use Fake Chrome Error Pages to Deliver Malicious Scripts to Windows Systems *

Hackers Target HR Teams with Fake Resumes to Spread More_eggs Malware *

Microsoft Warns Default Helm Charts May Expose Kubernetes Applications to Data Leaks *

CISA Warns of Active Exploits in Critical Langflow API Vulnerability *

Unauthorized Messaging App Used by Trump Aide Compromised in Data Breach *

Babuk Ransomware Deployed via SentinelOne Evasion by Stealthy Threat Actor *

Hackers Exploit 21 Popular Extensions to Seize Control of Ecommerce Servers *

Critical Zero Click Vulnerability in Microsoft Telnet Exposes Windows Systems to Credential Theft *

Ransomware Group DragonForce Targets UK Retailers in Major Data Breaches *

Email Validation Flaws Lead to XSS and SSRF in Major Web Apps *

Darcula PhaaS Leverages Phishing Texts to Steal 884000 Credit Cards *

Commvault CVE-2025-34028 Added to CISA KEV Following Confirmed Active Exploitation *

Zero-Click AirPlay Vulnerabilities Allow Wormable RCE on Apple Devices Over Public Wi-Fi *

Claude AI Misused in Coordinated Influence-as-a-Service Campaigns *

Luna Moth Launches New Social Engineering Attacks via Phony Helpdesk Sites *

Critical Bugs in SonicWall SMA Let Hackers Steal Data and Execute Admin Commands *

National Cyber Security Centre Alerts UK Organisations to Ransomware Risks *

Critical Webmin Flaw Allows Remote Privilege Escalation to Root Access *

Remote Code Execution Risk in Apache Parquet Java Through Malicious Avro Schemas *

SocGholish Toolset Powers RansomHub’s Web-Based Credential Attacks *

Stealerium Malware Campaign Leverages Tax Documents to Infiltrate U.S. Systems *

TerraStealer Campaign Exposes Users to Widespread Data Exfiltration *

CISA Warns of Critical Auth Bypass Flaws in KUNBUS Revolution Pi Devices *

Black Kingdom Ransomware Operator Charged in U.S. for Hacking Microsoft Exchange Servers *

Hackers Exploit Malicious PDFs to Deploy Remcos RAT on Windows Systems *

Disk-Wiping Linux Malware Spread Through Malicious Go Modules in Supply Chain *

Luna Moth Launches Callback Phishing Attacks on U.S. Legal and Financial Sectors *

Corporate Insider Threat: North Korean IT Workers Embedded in Major Companies *

New MintsLoader Campaign Delivers GhostWeaver Malware Through Phishing and ClickFix Exploits *

Magento Supply Chain Attack Hits Hundreds of E-Commerce Stores *

DragonForce Ransomware Hits Co-op, Customer Data Stolen *

Ascension Reveals Data Breach Possibly Connected to Cleo Cyberattack *

Cyberattack Disrupts Nova Scotia Power IT Systems *

SonicWall Issues Urgent Patch for SMA1000 Series Due to SSRF Flaw *

NVIDIA Patches Critical Vulnerability in TensorRT-LLM *

Malicious Python Packages on PyPI Leverage Gmail SMTP for Unauthorized Access *

LFI Vulnerability Detected in Multiple Windows Versions of Couchbase Server *

Ukrainian Suspect Extradited to U.S. in Connection with Nefilim Ransomware Campaigns *

Dutch Public Organizations Targeted by DDoS Attacks from Pro-Russia Hacktivists *

Cyberattack Targets Harrods in Latest UK Retail Breach *

Critical Use-After-Free Vulnerability (CVE-2025-47154) in Ladybird’s LibJS Engine Enables Arbitrary Code Execution *

Commvault Admits Hackers Used CVE-2025-3928 Zero-Day in Azure Environment Breach *

WordPress Sites Compromised by Fake Security Plugin in Global Attack *

DarkWatchman and Sheriff Malware Secretly Attack Russia and Ukraine Using Advanced Hacking Methods *

High-Severity RCE Vulnerability Found in Apache ActiveMQ NMS *

SonicWall Appliances Face High Risk as Critical Vulnerability is Actively Exploited by Threat Actors *

SonicWall Connect Tunnel Flaw Exposes Systems to DoS and File Corruption Attacks *

Nitrogen Ransomware Deploys Cobalt Strike and Log Wipers in Targeted Organizational Attacks *

Investment Scam Actors Employ Sophisticated DNS Tactics and RDGAs *

Fake CAPTCHA Lures Used to Deploy Stealthy NodeJS RAT in Evolving KongTuke Campaign *

TheWizards APT Leverages Spellbinder Tool for IPv6-Based Software Update Hijacking *

Malicious WordPress Plugin Masquerading as Security Tool Installs Backdoor *

IPv6 Vulnerability Enables Attackers to Hijack Software Updates *

AiTM Phishing Campaigns Bypass MFA with Credential and Session Token Hijacking *

Security Fixes Released by Mozilla for Firefox should be updated by Users *

Privilege Escalation Vulnerability Discovered in Avast Antivirus *

OrbitShade: Cyber Shadows in Space – The Rise of Satellite Sabotage *

PowerDNS DNSdist Flaw Enables Remote Denial-of-Service Attacks *

Tsunami Malware Wave Hits Harder with Stealthy Miners and Info-Stealers *

Unpatched Windows LNK Flaw Allows Silent Remote Code Execution – Proof of Concept Available *

Scattered Spider Suspected Behind Major Cyberattack on Marks & Spencer *

PurpleHaze Cyber Espionage Targets SentinelOne and South Asian Government *

Uyghur Activists Targeted by Windows Malware in Sophisticated Campaign *

Zero-Day Exploits Rise in 2024, Over Half Tied to Spyware Attacks *

Hitachi Vantara Targeted in Akira Ransomware Attack, Systems Taken Offline *

Apple 'AirBorne' Vulnerabilities Enable Zero-Click Remote Code Execution via AirPlay *

France Links Russian APT28 Hackers to 12 Cyberattacks on French Organizations *

SK Telecom Offers Free SIM Replacements to 25 Million Customers After Cyberattack *

Google Reports 75 Zero-Day Exploits in 2024, with 44 percent Targeting Enterprise Security Tools *

Apache Tomcat Vulnerability Allows DoS Attacks by Skipping Security Validations *

High-Severity Linux Kernel Vulnerability Enables Privilege Escalation *

4800 IP Addresses Linked to Global Campaign Against Git Configurations *

Cloudflare Defends Against Unprecedented Number of DDoS Attacks in 2025 *

Kali Linux Update Failure Imminent Due to Repository Signing Key Change: Users Must Manually Install New Key *

RansomHub Deploys Malware to Compromise Business Networks *

Threat Actors Exploit Valid Account Access Through Phishing Attack *

CISA Alerts on Active Exploitation of Commvault Web Server Vulnerability *

CISA Flags Critical Broadcom Brocade Fabric OS Vulnerability in Exploited Flaws Catalog *

Earth Kurma APT Targets Southeast Asian Governments and Telecoms with Sophisticated Malware *

Hackers Exploit Major Craft CMS Vulnerabilities, Potentially Compromising Hundreds of Servers *

Over 1,200 SAP NetWeaver Servers at Risk Due to Actively Exploited Vulnerability *

Phishing Campaign Impersonates WooCommerce Updates to Install Site Backdoors *

Zero-Day Vulnerability in Viasat Modems Allows Remote Code Execution by Attackers *

The Hidden Cyber Risks Behind Australia’s Election Spotlight *

Critical FastCGI Library Flaw Puts Embedded Devices at Risk of Remote Code Execution *

React Router Patch Urged as Spoofing and Data Injection Flaws Surface *

CISA Issues Alert on Major Security Risks in Planet Technology Devices *

Cybercriminals Market Advanced HiddenMiner Malware on Dark Web Forums *

Leveraging Digital Forensics to Enhance Organizational Cybersecurity Resilience *

Planet Technology Industrial Switch Vulnerabilities Expose Systems to Full Takeover *

Weekly Cyber Intelligence Report Attacks and Vulnerability Highlights *

Two Ransomware Attacks Expose Data of 1.1 Million Patients *

Critical IXON VPN Flaws Allow Attackers to Compromise Windows and Linux Systems *

Storm-1977 Exploits Education Cloud, Deploys 200+ Crypto Miners with AzureChecker *

Massive Data Breach Hits 4chan, Exposing Internal Systems and User Information *

Major API Security Lapse Exposes Confidential Employee Information *

Lazarus Group Launches 'Operation SyncHole' Against South Korean Industries *

Python h11 HTTP Library Vulnerable to Request Smuggling (CVE-2025-43859) *

ToyMaker Uses LAGTOY to Help CACTUS Ransomware Gangs in Double Extortion *

Fake WooCommerce Security Patches Hijack Admin Sites *

Two Major Jailbreaks Reveal Widespread Security Flaws in Generative AI Systems *

Warning to Gamers: New AgeoStealer Malware Targets Gaming Community *

Threat Actors Launch Ransomware Attacks Against Organizations in Thailand *

Microsoft Defender XDR False Positive Incident Exposes Over 1,700 Sensitive Documents *

MTN Confirms Cyberattack Exposed Customer Data *

Zero-Day Attack Leveraging Craft CMS RCE Vulnerability for Data Exfiltration *

North Korean Actors Use Fake Crypto Firms to Spread Malware in Job Scams *

Hackers Exploit OAuth 2.0 Flows to Hijack Microsoft 365 Accounts *

MTN Reports Cyberattack That Exposed Customer Data *

DslogdRAT Malware Exploits Ivanti ICS Zero-Day (CVE-2025-0282) in Japan-Based Attacks *

Static Vulnerability Discovered in Ruby Servers, Posing Data Breach Risks *

Hackers Target MS-SQL Servers to Deploy Malware and Gain Remote Access *

Google Chrome Affected by Actively Exploited Use-After-Free Vulnerabilities *

Yale New Haven Health Suffers Major Data Breach Impacting 5.5 Million Patients *

New Android Malware Disguised as Mapping App Targets Russian Military *

Frederick Health Confirms Cyberattack Impacting Over 930000 Patients *

Lazarus Group Targets Six South Korean Companies Using CrossEX, Innorix Bugs and ThreatNeedle Malware *

New Linux Rootkit Exploits io_uring to Bypass Syscall-Based Threat Detection *

Critical SAP NetWeaver Zero-Day Exploited in the Wild to Deploy Webshells and C2 Frameworks *

SVG Files Weaponized in Sophisticated Script in the Shadows Phishing Attacks *

Stego-Campaign Exploits Office Flaw and Steganography to Deliver AsyncRAT Covertly *

Hackers Leverage Ivanti Connect Secure 0-Day to Deliver DslogdRAT and Web Shell Payloads *

Google Alerts of Rising Cyber Threats as Sophisticated Attackers Exploit Zero-Days and Target Cloud Systems *

Redis DoS Vulnerability Can Lead to Server Crashes and Memory Exhaustion *

North Korean Hackers Pull Off $137M TRON Heist in One-Day Phishing Scam *

WhatsApp Boosts Privacy as Meta Faces EU Fine *

Critical Unauthenticated RCE Vulnerability Discovered in Commvault Command Center (CVE-2025-34028) *

Threat Actors Exploit TAG-124 Infrastructure to Distribute Malware *

Iran Aligned Hackers Deploy MURKYTOUR Malware in Fake Job Scheme Targeting Israel *

New SMS Phishing Scam Uses Google AMP Links to Bypass Security Filters *

Critical Synology DSM NFS Vulnerability Allows Unauthorized File Access *

Official Ripple XRPL NPM Package Compromised to Spread Private Key-Stealing Malware *

Security Researchers Reveal Major Design Flaws in Crypto Wallet Extensions *

Critical Vulnerability in FireEye EDR Enables Unauthorized Code Execution *

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Supporters Through Signal and WhatsApp *

Security Flaws in Zyxel USG FLEX H Series Firewalls Expose Devices to Privilege Escalation Attacks *

SK Telecom Cyberattack Exposes Sensitive USIM Data *

Docker Malware Exploits Teneo Node for Crypto via Fake Heartbeats *

IBM HMC Flaws Allow Local Privilege Escalation, Patches Released *

Critical Active Mail Zero Day Exploited in Widespread Attacks Across Japan 2 2 *

Marks Spencer Confirms Cyberattack Amid Order Delays for Customers *

Sophisticated Google Phishing Attack Exploits Infrastructure for Credential Theft *

Microsoft Enhances Security with Azure Confidential VMs and New Resilience Measures *

GCP Cloud Composer Vulnerability Allowed Privilege Escalation Through Malicious PyPI Packages *

Conduent Cyberattack Exposes Personal Data, Impacts Government Services *

Japan Raises Alert Over Hackers Draining Millions from Online Trading Accounts *

Cracked and BreachForums Attempt Comebacks Amid Cybercrime Market Turmoil *

FBI Warns of Impersonation Scam Involving Fake IC3 Officials *

WinZip Vulnerability Allows Silent Execution of Malicious Code by Bypassing Mark-of-the-Web *

Major Security Flaw in Windows Update Stack Allows Code Execution and Privilege Escalation *

Cybercriminals Exploit Russian Host Proton66 for Malware Delivery *

Critical Vulnerability in HPE Performance Cluster Manager Allows Unauthorized Access *

Lotus Panda Deploys Stealth Malware Attacks on Southeast Asian Governments *

SuperCard X Android Malware Facilitates Contactless ATM and PoS Fraud Using NFC Relay Attacks *

Hackers Leverage Stolen Credentials and Private Keys for Organizational Breaches *

New Obfuscation Technique Helps Hackers Bypass Antivirus and EDR *

Hackers Advertise ‘Baldwin Killer’ Malware Designed to Bypass Antivirus and EDR Systems *

Infostealer Attacks via Phishing Emails Surge Weekly *

Cybercriminals Disguise FOG Ransomware as DOGE Cryptocurrency in Malicious Email Campaigns *

Akira Ransomware Escalates Attacks Leveraging Stolen Credentials and Legitimate IT Tools *

Critical Speedify VPN Vulnerability on macOS (CVE-2025-25364) Allows Root Command Injection and System Takeover *

APT41’s RedGolf Infrastructure Briefly Exposed in Fortinet Zero-Day Attacks on Shiseido *

Yokogawa Recorders at Risk from Critical Flaw in Default Security Settings *

Critical Remote Code Execution Vulnerability in PyTorch (CVE-2025-32434) *

Kimsuky APT Leveraging RDP Flaws and Office Exploits in Precision Cyber Operations *

Cisco Webex Vulnerability Under Attack as ‘Voldemort’ Malware Spreads Globally *

Phishers Exploit Google OAuth in DKIM Replay to Impersonate Official Google Emails *

Threat Actors Exploit Zoom Remote Control Feature to Gain System Access *

Phishers Exploit Google OAuth for DKIM Replay Attacks, Spoofing Google *

APT29 Uses GRAPELOADER Malware in Wine-Tasting-Themed Attacks on European Diplomats *

Ransomware Attack on Harvest SAS Goes Public with Data Leak *

Nation-State Hackers Ramp Up Espionage Efforts Using ClickFix Exploit Technique *

ASUS Urges Firmware Update as Critical AiCloud Router Vulnerability Confirmed *

Malicious NPM Packages Imitate Telegram Bot API to Install SSH Backdoors on Linux Machines *

Gorilla Android Malware Steals OTPs by Intercepting SMS *

Malicious Android App Steals Credit Card Data via NFC Relay Attacks *

DOGE Accused of Breaching U.S. Security and Leaking Sensitive Documents *

KeyPlug Malware Infrastructure Leak Exposes Tools for Fortinet Firewall and VPN Exploitation *

Microsoft Warns of Sophisticated Attacks Targeting Exchange and SharePoint Servers *

GitHub Patches Critical Vulnerabilities in Enterprise Server, Urges Immediate Updates *

Upgraded MysterySnail RAT Targets Russian and Mongolian Governments *

Critical RCE Vulnerability Discovered in AnythingLLM *

CISA Alerts on Ongoing Exploitation of Critical Windows NTLM Flaw *

Interlock Ransomware Gang Distributes Fake IT Utilities in ClickFix Campaign *

Cisco Webex Vulnerability Allows Remote Code Execution via Meeting URLs *

Critical Auth Bypass Vulnerability Found in ASUS Routers with AiCloud *

GoDaddy Registry Error Causes Global Disruption of Zoom Services *

Over 6 Million Chrome Extensions Can Run Remote Commands on Users Browsers *

Legends International Reports Security Breach – Customer Data Compromised *

Hackers from CrazyHunter Group Exploit GitHub Resources to Breach Organizations *

Advanced Phishing Attack Uses Layered Techniques to Spread Malware *

Critical Flaw in GenAI Integration Protocol Exposes Systems to Attacks *

Ghost Ransomware Campaign Hits Organizations in Over 70 Countries *

CISA Urges Immediate Action on Exploited SonicWall Vulnerability *

Google Cracks Down on AI-Powered Ad Scams, Suspends 700K Accounts *

Advanced Malware Threat: Agent Tesla Delivered Using Script-Based Attack Vectors *

Chinese APT Group Mustang Panda Utilizes Advanced Techniques to Bypass EDR *

Unsecured API Endpoints Result in 33K Employee Record Breach *

Data Breach Hits Landmark Admin, Over 1.6 Million Users Affected *

Symlink Backdoor Found on Over 16,000 Compromised Fortinet Devices *

Apple Confirms Active Exploitation of Two iOS Zero-Day Flaws in Complex Attacks *

Windows Task Scheduler Bugs Let Attackers Evade UAC and Modify Logs *

Firefox 137.0.2 Patches High-Severity Race Condition Vulnerability Leading to Memory Corruption *

Gamma AI Platform Exploited in Sophisticated Phishing Campaign to Spoof Microsoft SharePoint Logins *

New Server Side Phishing Scam Targets Employee Portals *

Fake PDFCandy Converter Sites Distribute Info-Stealing Malware *

Erlang or OTP SSH Server Hit by Severe RCE Vulnerability (CVE-2025-32433) *

Hacktivists Turn Sophisticated, Deploy Ransomware Against Critical Infrastructure *

Critical Windows 11 Vulnerability Enables Rapid Privilege Escalation *

Turkish IT Firm Linked to ‘Araneida’ Web Hacking Service *

Emerging Threats: Unconventional Malware Trends *

Python Malware Masquerading as Coding Challenges Targets Crypto Developers *

Rising Cloud Threats: Attackers Intensify Focus on IAM and Data Exfiltration *

Major European Operation Targets Organized Crime Networks *

Malicious PyPI Package Hijacks MEXC API to Steal Credentials and Manipulate Trades *

Chinese APT UNC5174 Targets Linux and macOS with SNOWLIGHT Malware and VShell Tool in Stealthy Cyber Espionage Campaign *

Landmark Admin Data Breach Exposes Information of 1.6 Million People *

Russia-Linked Hackers Use New GrapeLoader Malware in Embassy Phishing Scam *

Google Chrome Flaws Expose Users to Data Theft and System Compromise *

AI Exploit Enables Creating Realistic Fake Passports with ChatGPT Image Generation *

BPFDoor: The Hidden Malware Spying on Networks *

Vulnerability in Apache Roller Allows Unauthorized Access *

DOGE 'Big Balls' Ransomware Employs ZIP LNK Shortcuts and BYOVD for Stealth *

Critical Flaws Found in Crush FTP Server *

Cloud Misconfigurations: A Major Driver Behind Data Breaches *

Microsoft Teams File Sharing Disruption Users Facing File Sharing Issues *

Galaxy S24 Quick Share Vulnerability Allows Attackers to Create Arbitrary Files *

WordPress Plugin with 100K+ Installs Targeted in Cyberattack 4 Hours Post-Disclosure *

Educational Institutions Emerging as Prime Targets for Cyber Threats *

NVIDIA Toolkit's Incomplete Fix for CVE-2024-0132 Still Enables Container Escape Attacks *

Cybercriminals Exploit Microsoft Teams Chats to Spread Malware to Windows Systems *

Threat Actor Claims to Sell Zero-Day Exploit Targeting Fortinet Firewalls *

AI-Generated Package Hallucinations Pose Emerging Threat to Software Supply Chains *

Morocco Probes Major Data Breach Allegedly Orchestrated by Algerian Hackers *

European’s GDPR Article 7 Poses New Challenges for Businesses to Secure AI-Generated Image Data *

SSL/TLS Certificates Set to Expire Every 47 Days by 2029 *

DaVita Hit by Weekend Ransomware Attack, Patient Care Continues Amid Investigation *

Conduent Confirms Client Data Breach from January Cyberattack *

Critical Ivanti VPN Flaws Exploited by Chinese APT Group *

Hertz Confirms Data Breach Involving Sensitive Customer Information *

Slow Pisces Hackers Target Developers with Python Malware and Coding Challenges *

Cyber risks in aviation are increased by vulnerable software and aging technology *

IBM Aspera Faspex Bug Lets Hackers Inject Harmful Code into Website Interface *

ResolverRAT Malware Campaign Strikes Global Pharma and Healthcare Sectors *

NASCAR Urged to Enhance Cybersecurity After Medusa Ransomware Strike *

Windows Server 2025 Restart Issue Disrupts Active Directory Domain Controller Connectivity *

Pakistan-Backed Threat Group Broadens Attacks in India Using CurlBack and Spark RATs *

Severe Security Flaw in Langflow Allows Remote Takeover of Servers *

Urgent Security Flaw in Yii 2 PHP Framework Affects Millions of Websites *

CVE-2025-27840: ESP32 Exploit Threatens Bitcoin Wallet Security Worldwide *

Gladinet’s CentreStack File sharing platform under zero-day Attack *

Houthi-Linked Influence Campaign Targets Israel and Gulf States via Facebook Disinformation *

Apache SeaTunnel Bug Allows Unauthenticated File Access & Code Execution *

Ransomware and Hacktivist Threats Targeting Satellite and Space Industries *

Smishing Triad eCrime Group Targets 121+ Countries with Advanced Smishing *

FortiGuard Labs Warns of Malicious NPM Packages Targeting PayPal Users *

Critical Heap Buffer Overflow Found in Perl – CVE-2024-56406 *

Jupyter Remote Desktop Proxy Vulnerability Allows Unauthorized Network Access to TigerVNC *

Npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transactions *

TROX Stealer MaaS Campaign Exploits Urgency Themes to Exfiltrate Consumer Data *

Widespread Smishing Scam Targets Toll Road Users Payment Information *

Cyberattack Forces Shutdown of Oregon Environmental Agency's Network *

Data Breach Confirmed by South African Telecom Provider Serving 7.7 million Subscribers *

Chrome 136 Patches Two-Decade-Old Browser History Privacy Flaw *

HelloKitty Ransomware Resurfaces, Now Targeting Windows, Linux, and ESXi Systems *

Massive Data Breach Hits Morocco’s Social Security Systems *

AI-Generated Code Dependencies Emerge as a New Supply Chain Threat *

Cyber Attackers Replicate Google Chrome Install Page to Spread Android Malware on Fake Google Play Sites *

Massive Health Data Breach Hits 1.6 Million at US Lab Testing Company *

Cybercriminals Alter Search Results to Direct Users to Malicious Sites *

Tycoon2FA Phishing Kit Unleashes New Tactics to Target Microsoft 365 Accounts *

Zero-Day Exploits Used in Ongoing Attacks Targeting Semiconductor Companies *

Western Sydney University Reports Cybersecurity Incident Involving Data Leak *

Hackers Attack Business Networks Via Router Vulnerabilities *

Palo Alto Networks Alerts on Brute-Force Attacks Aimed at PAN-OS GlobalProtect Portals *

Fortinet Issues Urgent Warning Over Ongoing FortiGate Exploitation *

Microsoft Warns: Do Not Delete 'inetpub' Folder Created by Windows Security Update *

GOFFEE Launches Coordinated Attacks Using PowerModul on Government and Energy Systems *

WordPress Sites at Risk Due to Critical InstaWP Connect Plugin Vulnerability *

Ransomware Attack Disrupts Sensata Technologies' Operations *

High-Severity Flaw in Popular WordPress Plugin OttoKit Under Active Exploitation *

AkiraBot: AI-Powered Spam Framework Targets 400K+ Websites with Sophisticated SEO Scam *

Gamaredon Breached a Western Military Mission in Ukraine *

Trend Micro Uncovers Incomplete Fix for Critical NVIDIA Container Toolkit Flaw *

TP-Link Smart Hub Security Flaw Leaks Wi-Fi Credentials *

Pakistan-Linked SideCopy Group Escalates Cyber Campaign Against Indian Ministries *

Jenkins Docker Vulnerability Exposes Network Traffic to Hacker Interception *

Operation Endgame: Authorities Arrest SmokeLoader Botnet Users in International Crackdown *

Licensing Glitch Disrupts Services for Microsoft 365 Family Subscribers *

Cybercriminals Turn Messaging Apps into Money-Making Tools *

Dell PowerScale OneFS Vulnerabilities Could Lead to User Account Hijacking *

AkiraBot Targets 80,000 Websites Using CAPTCHA Bypass and Network Evasion Techniques *

Shuckworm Group Utilizes GammaSteel Malware in PowerShell Attacks *

ViperSoftX Malware Campaign Targets Korean Users with Advanced Distribution Tactics *

Hackers Allegedly Breach WooCommerce, Exposing Data of 4.4 Million Customers *

APT32 Leverages GitHub to Infect Chinese Cybersecurity Professionals with Backdoored Tools *

Microsoft Exchange Admin Center Experiencing Worldwide Downtime *

Oracle Confirms Hack of Legacy Servers, Dismisses Cloud Breach Claims *

Critical USB Audio Driver Vulnerability Patched in Linux Kernel to Prevent Code Execution via Malicious USB Devices *

CISA Issues Alert on Active Exploitation of CentreStack Hard-Coded Encryption Key Flaw *

Hackers Exploit SSRF Vulnerabilities in EC2 to Steal AWS Credentials *

Hackers Spied on Over 100 Bank Regulators' Emails for More Than a Year *

Critical FortiSwitch Flaw Allows Remote Admin Password Changes *

Windows Active Directory Flaw Allows Unauthorized Privilege Escalation *

Windows Kerberos Flaw Facilitates Security Feature Bypass *

Ransomware Groups Target Data with Double Extortion and Leak Threats *

Fortinet Patches Critical Vulnerabilities in FortiAnalyzer, FortiManager, and Other Products *

Over 26,000 Discussions on Dark Web Forums Targeting Financial Organizations *

XSS Flaws in Zoom Workplace Apps Enable Malicious Script Injection *

CLFS Zero-Day Vulnerability Exploited by Storm-2460 Ransomware Group *

New Red Team Technique 'RemoteMonologue' Leverages DCOM to Harvest NTLM Authentication Remotely *

Microsoft Patch Tuesday Security advisory- April 2025 *

Shopware Releases Patch for Critical SQL Injection Vulnerability *

Security Breach at Oracle: Hackers Steal Client Login Information *

CISA Warns of Ongoing Attacks Exploiting CrushFTP Auth Bypass Flaw *

WhatsApp Vulnerability Allows Attackers to Execute Malicious Code Through Attachments *

Hackers Abuse Windows .RDP Files to Establish Rogue Remote Desktop Connections *

Threat Actors Using VPS Hosting to Distribute Malware and Bypass Detection *

Threat Actors Exploit Toll Payment Services in Widespread Cyberattack *

Kellogg Announces Data Breach Linked to Clop Ransomware Attack *

Google Patches Android Zero-Days Exploited in Attacks, Alongside 60 Other Vulnerabilities *

NEPTUNE RAT Targets Windows Systems, Harvests Credentials from Over 270 Applications *

Cybercriminals Leverage Fake CAPTCHAs and Cloudflare Turnstile to Spread LegionLoader Malware *

Sophisticated Phishing Campaign Uses Screensavers to Distribute Malware *

New Sakura RAT Released on GitHub Capable of Bypassing Antivirus and EDR Defenses *

PHP Vulnerability in Bitdefender GravityZone Console Allows Hackers to Execute Arbitrary Commands *

China-Linked APT Strikes Ivanti Users in Fresh Wave of Espionage Attacks *

PoC Released for Python JSON Logger Vulnerability Allowing Remote Code Execution *

Critical Vulnerability in pgAdmin Enables Remote Code Execution *

Dell PowerProtect Vulnerability Enables Remote Command Execution *

Europcar GitLab breach exposes data of up to 200,000 customers *

IngressNightmare: Critical RCE Flaws in Kubernetes NGINX Clusters Allow Full System Takeover by Attackers *

State Bar of Texas Acknowledges Data Breach, Initiates Consumer Notifications *

CISA Lists Actively Exploited Ivanti Connect Secure Flaw in Known Exploited Vulnerabilities Catalog *

Ransomware Attack at Port of Seattle Exposes Data of 90,000 Individuals *

Severe Security Vulnerability in Apache Parquet Library Exposes Systems to Remote Code Attacks *

Hackers Targeting Juniper Smart Routers Using Default Passwords *

AI-Driven Gray Bots Launch Relentless Web App Assaults at 17K+ Requests Hourly *

Verizon iOS App Flaw Exposed Call Logs of Millions of Users *

Hunters International Collaborates with Hive Ransomware to Target Windows, Linux, and ESXi Systems *

Qilin Operators Mimic ScreenConnect Login Page to Deploy Ransomware & Gain Admin Access *

Jenkins Plugin Vulnerabilities Expose Sensitive Data to Cyber Threats *

Cyberattackers Exploit Apache Tomcat Flaw to Steal SSH Credentials and Compromise Servers *

DarkCloud Stealer Exploits Weaponized .TAR Archives to Harvest Passwords from Targeted Organizations *

Cisco AnyConnect VPN Flaw Lets Attackers Trigger Denial-of-Service (DoS) Attacks *

SonicWall Firewall Vulnerability Allows Unauthorized Access *

Hackers Exploit DeepSeek and Remote Desktop Apps to Deploy TookPS Malware *

North Korean Cyberattack Campaign Targeting European Organizations to Breach Corporate Infrastructure *

Privilege Escalation Vulnerability in Google Cloud Platform Grants Unauthorized Access to Sensitive Data *

Royal Mail Probes Data Leak Claims, Confirms Operations Remain Unaffected *

Global ChatGPT Outage Affects Thousands of Users – Latest Security Advisory Updates *

Critical WordPress Vulnerabilities Expose 20,000 Sites to Takeover Risks *

Cybercriminals Use Microsoft Teams for Malware Delivery in Phishing Campaign *

New Outlaw Linux Malware Leverages SSH Brute-Forcing for Extended Botnet Management *

Gootloader Malware Distributes Weaponized Documents Through Google Ads *

Vulnerability in Plantronics Hub Enables Attackers to Escalate Privileges *

KoiLoader Uses PowerShell Scripts to Deploy Malicious Payloads *

Massive 400GB Twitter (X) Data Breach Exposes 2.8 Billion Records *

Ransomware Poses a Risk to 93% of Industries—Building Resilience Is Essential *

Sliver Framework Customization Enhances Evasion and Bypasses EDR Detection *

APT34 Targets Finance and Telecom Sectors with Custom Malware *

Critical XSS Vulnerability in Kentico Xperience CMS Leads to Remote Code Execution *

Check Point Responds to Misinformation About Recent Data Leak *

Vulnerability in Rockwell Automation Enables Attackers to Execute Arbitrary Commands *

Hackers Exploit WordPress MU-Plugins to Conceal Malicious Code *

Hackers Use SVG Files to Spread Phishing Malware and Avoid Detection *

VMware Workstation Auto-Update Failure Caused by Broadcom URL Redirect *

Lucid Phishing Service Exploits iOS & Android for Global Smishing Surge *

Microsoft Leverages AI to Identify Vulnerabilities in GRUB2, U-Boot, and Barebox Bootloaders *

Hacker Breach Exposes Samsung Customer Data *

CISA Warns of RESURGE Malware Exploiting Critical Vulnerability in Ivanti Connect Secure Devices *

Dell Unity Vulnerabilities Enable Attackers to Breach Systems *

Canon Printer Flaw Exposes Devices to Arbitrary Code Execution Risk *

Splunk Addresses Multiple Vulnerabilities with Latest Patches *

Russia-Linked Gamaredon APT Deploys Remcos RAT in Ukraine Using Military Lures *

Legacy Medical Devices: A Vulnerable Target for Ransomware Attacks *

Lotus Blossom APT Abuses WMI for Stealthy Post-Exploitation *

New Ubuntu Linux Vulnerabilities Enable Kernel Component Exploitation *

UK ‘Unprepared’ for Cyberattacks Amid Rising State-Sponsored Threats, Public Infrastructure Vulnerable *

TsarBot Android Trojan Targets 750 Banking and Finance Apps for Credential Theft *

Hackers Leverage DNS MX Records to Spoof Logins for 100+ Brands *

46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Manipulate Settings *

RESURGE Malware Exploits Ivanti Vulnerability with Advanced Rootkit and Web Shell Capabilities *

CVE-2025-2294 Exploits Vulnerability in Popular WordPress Plugin with Over 90,000 Active Installations *

Oracle Health Data Breach Exposes Patient Information in US Hospitals *

PlayBoy Locker Ransomware Targets Windows, NAS, and ESXi Systems *

Cyberattack Disrupts Kuala Lumpur Airport, Hackers Demand $10M Ransom *

Dozens of Vulnerabilities in Solar Inverters Could Be Exploited to Target Power Grids *

Mozilla Issues Critical Patch for Windows Following Chrome Zero-Day Exploit *

Cybercriminals Hijack 150,000 Websites to Push Chinese Gambling Sites *

CoffeeLoader Malware Overcomes Endpoint Security to Deploy Rhadamanthys Shellcode *

New macOS Malware ‘ReaderUpdate’ Evolves with Nim and Rust Variants *

Blacklock Ransomware Infrastructure Compromised, Exposing Upcoming Attacks *

Arkana Ransomware Group Claims Attack on US Telecom Companies *

Mozilla Patches Critical Sandbox Escape Vulnerability in Firefox 136.0.4 *

Hijacked Microsoft Stream Domain Causes Spam Issues on SharePoint *

Security Flaw in GitHub CodeQL Workflow Reveals Potential for Large-Scale Supply Chain Attack *

Exim Use-After-Free Vulnerability Enables Privilege Escalation *

CryptoLib Vulnerability: Heap Overflow Puts Space Communications at Risk *

Severe CrushFTP Vulnerability Puts Servers at Risk of Unauthenticated Access *

StreamElements Reveals Third-Party Data Breach Following Hacker Leak *

YouTube Creators Targeted by Fake Brand Deals in ‘Clickflix’ Attack Scheme *

Critical Vulnerabilities in Production Line Cameras Enable Attackers to Disable Recordings *

Splunk RCE Vulnerability Enables Arbitrary Code Execution via File Upload *

Google Chrome Zero-Day Vulnerability Under Active Exploitation *

NetApp SnapCenter Vulnerability Enables Attackers to Gain Admin Privileges *

UPI Service Outage Disrupts Financial Operations Across India *

CISA Warns of ICS Vulnerabilities and Offers Essential Security Tips *

New Malware Exploits Cross-Platform Framework to Evade Detection on Android *

Apache VCL Vulnerable to SQL Injection (CVE-2024-53678) and XSS (CVE-2024-53679) Flaws *

Multistage Info-Stealer Snake Keylogger Aims at Individuals and Businesses to Harvest Login Credentials *

Banking Malware Targets 248,000 Mobile Users via Social Engineering Tactics *

Hackers Leverage Windows MMC Zero-Day Flaw to Execute Malicious Code *

VMware Tools for Windows Vulnerability Allows Attackers to Bypass Authentication *

Huge Cyberattack Disrupts Ukrainian Railway's Online Services *

Chrome and Edge Users Targeted by Rilide Malware Posing as Legitimate Browser Extension *

ShibaCoin Ransomware Targets Developers Through Malicious VS Code Extensions *

Specter Insight C2 Tool Enhances ClickFix-Driven Hacking Campaigns *

Sophisticated Phishing Campaign Targets Pocket Card Users *

Critical Ingress NGINX Vulnerabilities (CVE-2025-1974) Threaten Kubernetes Security *

Hackers Deploying Fake Semrush Ads to Steal Google Account Credentials *

New Phishing Attack Targets Gamers with Browser-in-the-Browser Technique *

Next.js Flaw Allows Attackers to Bypass Middleware Auth Checks *

Chrome Security Update Patches Critical Code Execution Vulnerability *

Hackers Can Deliver Teams Malware Using Browser Cache Smuggling *

Critical Remote Code Execution Vulnerability in vLLM via Mooncake (CVE-2025-29783) Patched *

Chinese 'Web Shell Whisperer' Uses Shells and Tunnels for Stealthy Persistence *

Critical WordPress Plugin Vulnerability Threatens Over 200,000 Sites with Potential Code Execution *

Cybercriminals Leverage Gamma AI to Develop Advanced Microsoft-Themed Phishing Redirectors *

Hacker Group Behind 90 Global Data Breaches Exposed, Four Members Identified *

VanHelsingRaaS Targets Linux, BSD, ARM, and ESXi Systems *

Revolutionary Browser-Based RDP Solution Redefines Secure Remote Access *

Baidu Faces Data Breach, Compromising User Information *

Apache Druid Vulnerability (CVE-2025-27888) Exposes Real-Time Analytics Systems to SSRF and XSS Threats *

Steam Pulls Game Demo After Reports of Info-Stealing Malware on Windows *

MacOS Vulnerability CVE-2024-54471: Critical Security Flaw Exposed and Patched *

Kaspersky Links Head Mare to Twelve, Using Shared C2 Servers to Target Russian Entities *

Albabat Ransomware Targets Windows, Linux, and macOS Through GitHub Exploitation *

Cybercriminals Target Meta Users with Phishing Emails to Steal Ad Account Credentials *

JumpServer Vulnerabilities Enable Attackers to Bypass Authentication and Seize Full Contro *

Oracle Denies Data Breach After Hacker Says 6 Million Records Stolen *

FBI Warning: Fake File Converters Are Spreading Malware *

Coinbase Identified as Primary Target in Recent GitHub Actions Supply Chain Attack *

Cloudflare Enforces Encryption, Blocking All Unsecured API Traffic *

Microsoft Trust Signing Service Exploited to Code-Sign Malware *

Researchers Discover FIN7’s Stealthy Python-Based Anubis Backdoor *

UAT-5918 Threat Group Targets Taiwan's Critical Infrastructure with Web Shells and Open-Source Tools *

Attackers Exploit CAPTCHAs to Trigger PowerShell and Deliver Malware *

I-SOON’s ‘Chinese Fishmonger’ APT Targets Governments and NGOs *

VanHelsing Ransomware Hits Windows with New Evasion Tactics *

Infosys to Settle 2023 Data Breach for $17.5 Million *

Pennsylvania Teachers Union Data Breach Exposes 500,000 Individuals *

AI-Powered Phishing the Growing Threat to Browser Security *

VSCode Extensions Discovered Distributing Early-Stage Ransomware *

IBM AIX Vulnerability Allows Attackers to Execute Arbitrary Commands *

Swiss Telecom Firm Ascom Confirms Cyberattack by HellCat Group *

Dell SmartFabric OS10 Software Patches Multiple Security Vulnerabilities *

CISA Warns U.S. Federal Agencies of Active Exploitation of NAKIVO Backup Vulnerability *

Veeam Backup & Replication Vulnerability Allows Critical RCE *

Signal Messenger Exploited in Targeted Attacks on Defense Sector Employees *

Scareware-Phishing Campaign Targets macOS Users *

Critical AMI BMC Vulnerability (CVE-2024-54085) Allows Remote Authentication Bypass *

DollyWay Malware Campaign Compromises 20,000 WordPress Sites *

Orion Security Secures $6M Funding to Combat Insider Threats with AI-Powered DLP *

Cyber Threats Surge During March Madness as Scammers Exploit Fan Frenzy *

Zero-Day Windows Vulnerability Under Active Exploitation by 11 State-Sponsored Groups Since 2017 *

VPN Vulnerabilities Become a Key Weapon for Cybercriminals Exploiting Organizations *

ClearFake Infected 9,300 Sites with Impersonated reCAPTCHA and Turnstile to Distribute Malware *

Critical PHP Vulnerability (CVE-2024-4577) Exposes Systems to Cryptocurrency Miners and RATs *

Cybercriminals Steal 3.2 Billion Login Credentials and Compromise 23 Million Devices Globally *

Critical Bug in AMI MegaRAC Allows Attackers to Hijack and Brick Servers *

Exploitation of ChatGPT Vulnerability Targets US Government Organizations *

Western Alliance Bank Alerts 21,899 Customers About Data Breach *

Severe mySCADA myPRO Vulnerabilities Could Allow Attackers to Hijack Industrial Control Systems *

Microsoft March Updates Unintentionally Remove Copilot *

New 'Rules File Backdoor' Attack Allows Hackers to Inject Malicious Code Through AI Code Editors *

New ClearFake Variant Uses Fake reCAPTCHA to Run Malicious PowerShell Code *

Scammers Use Fake Coinbase Migration Messages to Steal Wallet Credentials *

Ransomware Group Develops Tool to Automate VPN Brute-Force Attacks *

Jaguar Land Rover Breached by HELLCAT Ransomware Using Stolen Jira Credentials *

Millions of RSA Keys Expose Serious Vulnerabilities to Exploitation *

Researchers Demonstrate Remote Hacking of Commercial Trucks & Buses *

GitHub Action Breach Exposes CI-CD Secrets in 23,000+ Repositories *

Apache Tomcat Vulnerability Exploited Within 30 Hours of Public Disclosure *

Hospitality and Recreation Sectors See Rise in Cyberattacks, Warns ReliaQuest *

Critical TP-Link Router Vulnerability Allows Hackers to Achieve Full System Takeover *

AWS SNS Exploited by Cybercriminals for Data Exfiltration and Phishing Attacks *

Fake 'Security Alert' on GitHub Exploits OAuth App to Hijack Accounts *

Hackers Using CSS to Bypass Spam Filters and Monitor User Activity *

Adobe Acrobat Reader Vulnerabilities Allow Attackers to Execute Arbitrary Code *

Grafana Vulnerabilities Exploited in Widespread SSRF Attack Campaign *

Critical Vulnerabilities in Bitdefender BOX v1 Expose Smart Homes to CyberAttacks *

RedCurl APT Exploits Active Directory Explorer and 7-Zip for Data Exfiltration *

Over 100 Auto Dealers Hacked via ClickFix Webpage, Leading to SectopRAT Malware Installation *

Critical Memory Corruption Vulnerabilities Discovered in Delphi, Undermining Its Safety Claims *

Critical ruby-saml Flaws Allow Attackers to Bypass Authentication *

DeepSeek R1 Manipulated to Generate Malware, Including Keyloggers and Ransomware *

Hackers Leverage Exposed Jupyter Notebooks to Launch Cryptominers *

Hackers Apparently Selling 3.17 Million Honda Cars India Customer Records *

PHP XXE Injection Vulnerability Exposes Config Files & Private Keys *

Undetected Anubis Malware Allows Hackers to Execute Remote Commands *

Hackers Exploit Microsoft Copilot in Advanced Phishing Scheme *

Phishing Attacks Target Microsoft 365 Users Using OAuth Vulnerabilities *

CISA Alerts About Apple WebKit Out-of-Bounds Write Vulnerability Being Actively Exploited *

Apache NiFi Vulnerability Leaks MongoDB Credentials to Unauthorized Users *

Cybercriminals Leveraging JSPSpy to Orchestrate Malicious Webshell Networks *

Siemens SINAMICS S200 Bootloader Vulnerability Allows Attackers to Compromise Devices *

GitLab Discovers Security Vulnerabilities Allowing Attacker Logins as Valid Users *

Misconfigured AWS S3 Bucket Exposes Over 86,000 Healthcare Worker Records *

Medusa Ransomware Strikes Over 300 Global Organizations, Targeting Critical Sectors *

Cisco Reveals Critical Privilege Escalation Vulnerability in IOS XR Software *

Fortinet Addresses Critical Vulnerabilities Across Multiple Products *

Hackers Employ Advanced MFA-Bypassing Techniques to Compromise User Accounts *

Massive Cyber Attack: Over 400 IPs Exploit Multiple SSRF Vulnerabilities in Coordinated Effort *

Facebook Reveals Exploited FreeType 2 Vulnerability in Recent Attacks *

Users Targeted by DCRat Malware Through YouTube to Steal Login Credentials *

Chinese Hackers Compromise Juniper Networks Routers Using Custom Backdoors and Rootkits *

NVIDIA Riva Security Flaws Allow Privilege Escalation *

CISA Warns of Critical Windows NTFS Vulnerability (CVE-2025-24991) *

MirrorFace APT Leverages Custom Malware to Target Windows Sandbox and Visual Studio Code *

AI-Generated Fake GitHub Repositories Used to Steal Login Credentials *

Apache Pinot Vulnerability Allows Attackers to Bypass Authentication *

Critical FreeType Vulnerability Puts Millions of Devices at Risk *

MassJacker Malware Uses 778,000 Wallets to Steal Cryptocurrency *

North Korean Lazarus Group Hacks Hundreds Using NPM Packages *

Zoom Patches Multiple High-Severity Vulnerabilities in Workplace Apps and SDKs *

New Botnet 'Eleven11bot' Compromises 30,000 Webcams *

Microsoft Patch Tuesday Security advisory- March 2025 *

Blind Eagle Hackers Utilizing Google Drive, Dropbox, and GitHub to Evade Security *

Threat Actors Bypass Security Defenses to Execute SIM Swap Attacks *

Severe Android Vulnerability CVE-2024-31317 Poses Risk of Privilege Escalation *

Critical Apache Tomcat Vulnerability CVE-2025-24813 Exposes Servers to Remote Code Execution *

Researcher Exploits Embedded Devices to Reveal Firmware Secrets *

Microsoft Time Travel Debugging (TTD) Vulnerability Exposes Security Risks *

North Korean Hackers Use Weaponized ZIP Files to Deploy Malicious PowerShell Script *

CISA Adds Two VeraCore Vulnerabilities to Actively Exploited Vulnerability Catalog *

CISA Warns of Actively Exploited Ivanti Endpoint Manager Vulnerabilities *

Threat Actors Leverage EncryptHub for Multi-Stage Malware Attacks *

Dark Storm Claims Responsibility as X Faces Massive Cyberattack *

Hackers Exploit Misconfigured Cloud Settings to Host Malware *

New 'Desert Dexter' Malware Compromises Over 900 Victims Worldwide *

7 Malicious Go Packages Targeting Linux & macOS to Install Stealthy Malware Loaders *

PrintSteal Cybercriminal Network Producing and Distributing Fake Aadhaar & PAN Cards at Large Scale *

Critical Laravel Vulnerability Exposes Web Apps to XSS Exploits *

Ransomware Attack on Retirement Services Firm Exposes Data of Thousands in US Schools *

Severe Authorization Flaw Found in Moxa PT Series Switches *

Hackers Register 10K Domains for Smishing Attack through iMessage *

Hackers Exploit x86-64 Binaries on Apple Silicon to Distribute macOS Malware *

Critical DrayTek Router Vulnerabilities Enable Remote Code Execution Attacks *

Researchers Uncover Critical ESP32 Vulnerability Affecting Over a Billion IoT Devices *

NTT Data Breach Exposes Sensitive Information of 18,000 Companies *

Akira Ransomware Exploits Webcam to Evade EDR and Attack Windows Servers *

Strela Stealer Malware Attacks Microsoft Outlook to Steal Credentials *

LibreOffice Vulnerability Allows Attackers to Execute Arbitrary Scripts via Macro URL *

Phantom Goblin Employs Social Engineering Tactics to Distribute Stealer Malware *

Misconfigured Apache Airflow Servers Expose Login Credentials to Hackers *

Threat Actors Impersonate Electronic Frontier Foundation to Target Gaming Community *

Critical IDOR Vulnerability in ZITADEL's Admin Interface Puts Organizations at Risk *

Critical Kibana Vulnerability Allows Attackers to Execute Arbitrary Code *

Critical Sitecore 0-Day Vulnerability Enables Remote Code Execution *

Cisco Secure Client for Windows Vulnerability (CVE-2025-20206) Allows SYSTEM Privilege Code Execution *

BadBox Malware Targets Over 50,000 Android Devices Through 24 Google Play Apps *

Cybercriminals Leverage Hacked Email Servers for Fraudulent Operations *

Critical Vulnerability in Chaty Pro Plugin (CVE-2025-26776) Puts Thousands of WordPress Sites at Risk *

Critical Code Execution Vulnerability (CVE-2025-25012) Patched in Elastic Kibana *

Sophisticated Malware Campaign Targets Go Ecosystem Through Typosquatted Packages *

Cybercriminals Target YouTubers to Distribute SilentCryptoMiner on Windows *

Security Vulnerability in Cisco Webex for BroadWorks Exposes User Credentials to Potential Attacks *

Over 41,500 VMware ESXi Instances Exposed to Critical Code Execution Vulnerability *

US Charges Chinese Hackers for Breaching Critical Infrastructure *

Android Devices Infected with Malware Drive Global Botnet Fraud *

Stealthy LummaStealer Malware Spreads via Fake CAPTCHA *

Vim Users Alerted: Malicious TAR Files May Lead to Code Execution (CVE-2025-27423) *

Zoho Fixes Critical Account Takeover Vulnerability in ADSelfService Plus *

PoC Exploit Released for CVE-2024-53676, Raising RCE Concerns *

Tactics Used in Microsoft Teams to Connect Black Basta and Cactus Ransomware Malware *

US CEOs Targeted in Postal Mail Scam with Fake BianLian Ransom Notes *

Windows KDC Proxy RCE Vulnerability Enables Remote Server Compromise *

CISA Alerts on Ongoing Exploitation of Microsoft Windows Win32k Vulnerability *

Google Issues Urgent Warning About Critical Android Vulnerabilities Being Exploited *

Cybercriminals Exploit PowerShell and Trusted Microsoft Apps to Spread Malware *

Threat Actors Exploit Microsoft Teams and Quick Assist for Unauthorized Access *

Hackers Exploit Google Ads and PayPal Links to Steal Users' Personal Data *

North Korean IT Workers Conceal Their IP Addresses with Astrill VPN *

Space Pirates Hackers Target IT Organizations With LuckyStrike Malware via OneDrive *

Vulnerability in Substack Custom Domains Exposes Thousands to Potential Hijacking *

Almost 12,000 API Keys and Passwords Exposed in AI Training Dataset *

Critical XXE Vulnerability Discovered in HPE Insight Remote Support: CVE-2024-53675 *

Critical Vulnerability Discovered in ToDesktop Electron App Bundler *

Android Phones Unlocked Using Cellebrite's Linux USB Zero-Day Exploit *

Microsoft Identifies Hackers Exploiting Azure OpenAI Service for Malicious Content *

Critical Vulnerability in Nakivo Backup & Replication Puts Sensitive Data at Risk *

Ransomware Groups Leverage Paragon Partition Manager Vulnerability in BYOVD Attacks *

ModSecurity Security Flaw Puts Web Applications at Risk *

PingAM Java Agent Vulnerability Enables Security Bypass by Attackers *

Hackers Can Take Over Car Cameras in Minutes by Exploiting Security Flaws *

Angel One Data Breach Personal Information of 8 million Users Compromised *

Hackers Exploit Pass-the-Cookie Attacks to Evade MFA and Hijack Accounts *

Chinese Hackers Attack Belgium State Security Service *

Chinese Hackers Exploit Check Point VPN Zero-Day in Global Cyber Attacks *

Cybercriminals Exploit Unpatched Vulnerabilities Amid EDR Blind Spots *

Wallbleed Exposes Memory Flaw in China’s Great Firewall DNS System *

Lynx Ransomware Targets Global Organizations with Advanced Attack Techniques *

VS Code Extension with 9 Million Installs Infects Developers with Malicious Code *

DragonForce Targets Critical Infrastructure to Steal Data and Disrupt Operations *

XSS Vulnerability in Krpano Framework Exploited to Inject Malicious Scripts on Hundreds of Websites *

Squidoor: Advanced Malware Leveraging Outlook API, DNS, and ICMP Tunneling for Command-and-Control Communication *

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communication *

Massive Phishing Campaign Uses 5,000 Malicious PDFs Across 260 Domains to Steal Credit Card Data *

1.5 Billion iPhones At Risk From nRootTag Attack *

New Phishing Attacks Hit Yodobashi Camera Users, Credentials at Risk *

Orange Communication Breach – Hackers Allegedly Leak 380,000 Emails *

Genea IVF Provider Hit by Cyberattack, Sensitive Patient Data Exposed *

Atomic macOS Info-Stealing Malware Targets 50 Cryptocurrency Wallets *

Critical Cisco Nexus Switch Vulnerability Enables DoS Attacks *

LibreOffice Vulnerabilities Enable Attackers to Execute Malicious Files on Windows *

Security Flaws in GitLab Allow Attackers to Bypass Protections and Run Arbitrary Scripts *

Critical Flaw Leaves 2,850+ Ivanti Connect Secure Devices Exposed to Attacks *

Stealthy Batch Script Leveraging PowerShell and VBScript to Deploy XWorm *

Have I Been Pwned (HIBP) Reports One of the Largest Data Breaches Linked to ALIEN TXTBASE *

Chinese Botnet with 130,000 Devices Targets Microsoft 365 Accounts *

Ghostwriter APT Targets Government Entities with Weaponized Excel Malware *

Hackers Exploit Cisco Small Business Router RCE Flaw to Deploy Webshells *

Sliver C2 Server Flaw Allows Attackers to Establish TCP Connections and Intercept Traffic *

GRUB2 Vulnerability CVE-2025-0690 Poses Secure Boot Bypass Risk *

CISA Flags Actively Exploited Vulnerabilities in Zimbra (CVE-2023-34192) and Microsoft (CVE-2024-49035) *

Google Alerts Higher Education Institutions About Surge in Phishing Campaigns *

Hackers Launch Devastating Cyber Attack on Critical Infrastructure *

GitVenom Attack Exploits Thousands of GitHub Repositories to Spread Malware *

KernelSnitch: Exposing a New Side-Channel Vulnerability in Kernel Data Structures *

Hackers Trick Outlook Spam Filters to Spread Malicious ISO Files *

Critical RCE Vulnerability Found in MITRE Caldera – Proof of Concept Released *

CISA Issues Alert: Oracle Agile Vulnerability Being Actively Exploited *

Moxa PT Switches Exposed to Denial-of-Service Attack via CVE-2024-9404 *

Libxml2 Vulnerabilities (CVE-2024-56171 & CVE-2025-24928) Could Allow Code Execution *

GhostSocks Malware Uses SOCKS5 for Detection Evasion *

Chinese Hackers Leverage FatalRAT to Target Industrial Organizations *

Stablecoin Hit by Major Hack, $49.5M Stolen, Triggering Market Volatility *

Hackers Leverage Confluence Server Vulnerability to Deploy LockBit Ransomware *

Phishing Scam Targeting ChatGPT Premium Users Aims to Steal Login *

Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL *

Parallels Desktop Zero-Day Vulnerability Exposes macOS to Root Privilege Escalation *

Critical Command Injection Vulnerability Discovered in F5 BIG-IP TMSH *

Bybit Suffers Largest Cryptocurrency Theft in History, Losing $1.46 Billion in Ethereum *

Cybercriminals Exploit CS2 Tournaments to Hijack Steam Accounts and Cryptocurrency *

Nagios XI Vulnerability Allows Unauthenticated Access to User Data and Emails *

Sitevision Auto-Generated Password Flaw Exposes SAML Signing Key *

Fluent Bit Security Flaw Leaves Cloud Services Vulnerable to Cyber Threats *

MongoDB Library Vulnerabilities Enable Remote Code Execution on Node.js Servers *

NSA Allegedly Breached Chinese University in Cyber Espionage Campaign *

CISA Issues Alert on Ongoing Attacks Exploiting Craft CMS Vulnerability *

CL0P Ransomware Targets Telecom and Healthcare Sectors in Massive Attacks *

Pegasus Spyware Expands Scope, Infiltrating Corporate and Financial Sectors *

Cybercriminals Exploit Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives *

China Hackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware *

North Korean Hackers Exploit Job Scams to Infect Freelance Developers with Malware *

Internal Chat Logs of Black Basta Ransomware Gang Leaked Online *

Venture Capital Firm Insight Partners Targeted in CyberAttack *

Salt Typhoon Hackers Exploit Cisco Vulnerability to Access Devices on U.S. Telecom Networks *

Cyber Threat Actors Using Exploits to Target Financial Sector with Sophisticated Malware *

Critical Vulnerability in Popular WordPress Plugin Exposes 90,000 Sites to Attacks *

Microsoft Patches Critical Privilege Escalation Vulnerability in Disk Cleanup Utility *

Russian Phishing Campaigns Take Advantage of Signal's Device-Linking Feature *

A Critical Microsoft Bing Vulnerability Allowed Remote Code Execution Attacks *

Australian Fertility Giant Genea Hit by Cybersecurity Breach *

FrigidStealer Infostealer Infects Macs Through Fake Browser Update Prompts *

Phishing Attack Conceals JavaScript with Invisible Unicode Trick *

Hundreds of US Military and Defense Credentials Leaked *

Global Cyberattack: Ghost Ransomware Targets Organizations in 70 Countries, Warns CISA and FBI *

Palo Alto Networks Identifies New Firewall Vulnerability Exploited in Attacks *

Cybercriminals Exploit Apple & Google Wallets with Stolen Cards *

Russian-Aligned Threat Groups Exploit Signal Messenger to Steal Sensitive Data *

Citrix Issues Security Patch for NetScaler Console Privilege Escalation Flaw *

Cracked Garry's Mod and BeamNG.drive Games Distribute Mining Malware to Gamers *

New Evolving Snake Keylogger Variant Targets Windows Users *

New OpenSSH Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks *

Mustang Panda Uses MAVInject.exe to Evade Detection, ESET Disputes Findings *

CISA Releases Two New ICS Advisories on Exploited Vulnerabilities and Patches *

Chrome Buffer Overflow Vulnerabilities Allow Hackers to Execute Code & Gain System Access *

Critical OpenSSH Vulnerabilities Expose Systems to Potential Attacks *

Cybercriminals Trojanize Popular Games to Bypass Security and Compromise Systems *

LibreOffice Vulnerabilities Allow Attackers to Modify Files and Access Sensitive Information *

Zacks Investment Data Breach Leaks 12 Million Emails and Phone Numbers *

Pro-Russian Hacker Group NoName057(16) Targets Italian Banks and Airports *

Palo Alto Networks and SonicWall Firewalls Under Active Exploitation—Urgent Patching Advised *

ChatGPT Prompt Injection Vulnerability Exposes Private Data *

Earth Preta APT Exploits Microsoft Utility Tool to Evade AV Detection and Control Windows *

RansomHub Now Threatens Windows, ESXi, Linux, and FreeBSD Systems *

Malware on WordPress Sites Enables Remote Code Execution *

Critical Vulnerabilities in Xerox Printers Enable Capture of LDAP & SMB Authentication Data *

Indian Post Office Portal Exposed Thousands of KYC Records, Including Usernames and Mobile Numbers *

New XCSSET Malware Infects Xcode Projects to Target macOS Users *

ExHub IDOR Vulnerability Allows Attackers to Modify Web Hosting Configuration *

New Microsoft Windows GUI 0-Day Vulnerability Under Active Attack *

FinalDraft Malware Exploits Outlook Mail Service for Stealthy Communication *

Hackers Leverage Microsoft Teams Invites for Unauthorized Access *

Rapid7 Identifies New PostgreSQL Zero-Day Linked to BeyondTrust Attacks *

Valve Removes PirateFi from Steam After Malware Discovery *

Hackers Exploit Device Code Phishing to Steal Microsoft Emails *

Google Chrome Deploys AI to Prevent Malicious Websites and Downloads *

Lazarus Group Targets Global Developers with New Malware Strategy *

Database Vulnerability on Elon Musk’s DOGE Website Allowed Unauthorized Entries *

New Go-Based Malware Hijacks Telegram as a Covert Command-and-Control Channel *

Chinese Hackers Exploit Unpatched Cisco Routers to Breach Multiple US Telecom Networks *

Security Flaw in NVIDIA Container Toolkit Enables Code Execution Attacks *

Sophisticated Phishing Attack Exploits Webflow CDN & CAPTCHAs to Steal Credit Card Data *

New Malware Targets Japanese Organizations in Winnti Cyberattack *

New Malware Exploits Microsoft Graph API for Outlook-Based Communication *

RedNote App Security Flaw Leaks User Files on iOS and Android Devices *

Security Flaw in CleanTalk Plugin Threatens 30,000 WordPress Sites – Immediate Update Required *

Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Other Third-Party Logins *

SQL Injection Vulnerability in Apache Fineract Enables Malicious Data Injection *

WhoAMI Exploit Grants Hackers Remote Code Execution on Amazon EC2 Instances *

Cybercriminals Exploiting ThinkPHP and OwnCloud Vulnerabilities on a Large Scale *

Threat Actors Leverage DeepSeek’s Popularity to Distribute Malware *

Critical Ivanti ICS Vulnerability Actively Exploited by SPAWNCHIMERA Malware *

Exploitation of ZeroLogon Ransomware in Active Directory to Access Domain Controllers *

WinZip Vulnerability Enables Remote Code Execution by Attackers *

AMD Ryzen Vulnerability Allows Code Execution via DLL Hijacking *

North Korean Threat Actor ‘Kimsuky’ Adopts ClickFix-Inspired Tactics for Cyber Espionage *

Microsoft Alerts: Russian Seashell Blizzard Hackers Breach Critical Infrastructure *

Palo Alto PAN-OS Zero-Day Vulnerability Lets Attackers Bypass Web Interface Authentication *

Massive IoT Data Breach Leaks 2.7 Billion Records, Including Wi-Fi Passwords *

APT43 Hackers Targeting Universities Through Exposed Credentials *

Microsoft Identifies Sandworm Subgroup’s Global Cyber Attacks *

Google Patches Major YouTube Privacy Flaw That Exposed User Emails *

New Chinese Cyber Attack on Manufacturing Sector Aims to Steal Intellectual Property *

Google Issues Urgent Chrome Update to Patch Critical Security Flaw *

Amazon Machine Image Flaw Lets Hackers Publish Fake Resources *

Critical Vulnerability in CrowdStrike Falcon Sensor for Linux Allows TLS MiTM Exploits *

Critical OpenSSL Flaw Enables Attackers to Perform Man-in-the-Middle Attacks *

Critical SonicWall Firewall Flaw Enables VPN Session Hijacking *

Zero-Day Exploit in Fortinet FortiOS & FortiProxy Enables Firewall Hijacking and Super Admin Access *

Intel Addresses 374 Security Vulnerabilities in 2024 *

Microsoft Patch Tuesday Security advisory- February 2025 *

Apple iOS Zero-Day Vulnerability Actively Exploited in Highly Sophisticated Attacks *

Exploited RCE Vulnerability Exposes Over 12,000 KerioControl Firewalls *

Cisco Data Breach – Ransomware Group Claims to Have Compromised Internal Network *

Georgia Hospital Notifies 120,000 Individuals of Data Breach *

New Report on 1M+ Malware Samples Exposes Application Layer Abuse for Stealthy C2 *

International Law Enforcement Seizes 8Base Ransomware Data Leak Sites in Major Operation *

Lee Newspapers Hit by Cyberattack, Disrupting Operations Nationwide *

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update *

Marvel Game Security Flaw Exposes PCs and PS5s to Remote Takeover Risks *

Critical Zimbra Vulnerabilities Allow Attackers to Access Internal Resources Without Authorization *

Autonomous LLMs in Pen Testing: AD Breaches & Cybersecurity Future *

Cybercriminals Exploit IIS Servers to Spread BadIIS Malware: A Rising Cyber Threat *

Zero-Day Vulnerability Found in Microsoft Sysinternals Tools Exposes Windows Systems to Security Risks *

Amazon Enhances Redshift Security with New Features to Prevent Data Leaks *

UK Reportedly Pressures Apple to Provide Backdoor Access to Encrypted iCloud Data *

Kimsuky APT Group Utilizes Custom RDP Wrapper and ForceCopy Stealer *

Global Brute Force Attack Targets Critical Networking Devices Across Multiple Countries *

F5 Alerts Users to Critical TLS Session Resumption Flaw in NGINX – CVE-2025-23419 *

Critical Security Flaw Exposes Vitest to Remote Code Execution Attacks *

IBM Cloud Pak Vulnerabilities Expose Sensitive Data to Cyber Threats *

Apache James Mail Server Faces Dual Denial-of-Service Vulnerabilities *

Critical Security Vulnerabilities Found in IBM Security Verify Directory *

Hackers Exploit SimpleHelp RMM Vulnerabilities for Persistence and Ransomware *

XE Hacker Group Exploits Veracode 0-Day to Deploy Malware and Steal Credit Card Data *

Trimble Cityworks Hit by Active Exploits Targeting Critical CVE-2025-0994 Vulnerability *

Critical Security Flaw Discovered in Logsign Unified SecOps Platform *

Dell Issues Security Advisory for Update Manager Plugin Vulnerability *

OpenAI Data Breach Allegedly Involves 20 Million Login Credentials for Sale *

Hackers Exploit SVG Files in Phishing Attacks Targeting Gmail, Outlook, and Dropbox Users *

Critical Vulnerabilities in HPE Aruba ClearPass Enable Arbitrary Code Execution *

Splunk Launches DECEIVE, an AI-Powered Honeypot for Tracking Cyber Threats *

Critical Cisco ISE Vulnerability Allows Attackers to Execute Commands as Root *

50,000 Users Impacted by Mobile Malware Targeting Indian Banks *

Malicious Android and iOS Apps with 242,000+ Downloads Target Crypto Recovery Keys *

BADBOX Botnet Infected 190,000+ Android Devices, Including LED TVs and Smartphones *

New DeepSeek Jailbreak Method Exposes Full System Prompt *

Microsoft Releases Script to Update Windows Media with Bootkit Malware Fixes *

AnyDesk Vulnerability Grants Admin Access via Malicious Windows Wallpapers *

New SSH Backdoor Targets Linux Devices in Chinese Hacker Attack *

Critical Veeam Backup Flaw Enables Remote Code Execution with Root Privileges *

Hackers Exploit ADFS to Bypass MFA and Breach Critical Systems *

Critical Netgear Flaws Expose Devices to Remote Code Execution *

AMD Fixes Critical CPU Flaw Threatening Confidential Computing Security *

CISA Issues New Guidelines for Securing Firewalls, Routers, and Internet-Exposed Servers *

Hackers Target Six-Year-Old IIS Vulnerability to Gain Remote Access *

PoC Released for Linux Kernel Vulnerability CVE-2024-36972 – Double Free Bug Allows Privilege Escalation and Container Escape *

New Phishing Attack Hijacks X Accounts to Promote Scam Sites *

New Attack Technique Enables Low-Privilege Users to Bypass EDR *

Critical XSS Vulnerability in Roundcube Webmail Exposes Users to Malicious Attachments *

GrubHub Data Breach Exposes Information of Customers, Drivers, and Merchants *

Casio UK Online Store Breach Exposes Customer Credit Card Data *

Multiple Dell PowerProtect Vulnerabilities Allow Attackers to Compromise Systems *

Microsoft Accounts Authentication Bypass Vulnerability Allows Attackers to Gain Remote Access *

Keir Starmer's Personal Email Reportedly Hacked by Russian Operatives *

Hackers Leverage AWS and Microsoft Azure for Widespread Cyber Attacks *

Lazarus Group Uses Trusted Apps to Steal Data via Dropbox *

NVIDIA Releases Security Updates to Address Critical Vulnerabilities in GPU Drivers and vGPU Software *

February 2025 MediaTek Security Bulletin Remote Attacks Enabled by Critical WLAN Vulnerabilities Affect Millions *

Data Breach at Connecticut Healthcare Provider Affects 1 Million People *

Security Flaw in Alibaba Cloud Storage Exposes Data to Unauthorized Uploads *

Coyote Banking Malware Exploits Windows LNK Files to Run Malicious Scripts *

CISA Issues Warning on Backdoor Vulnerability in Contec CMS8000 Patient Monitors *

Devil-Traff: New SMS Phishing Platform Targeted by Cybercriminals *

Critical Path Traversal Vulnerability Discovered in Deep Java Library *

TAG-124 Breaches 1,000+ WordPress Sites to Inject Malicious Code *

Gmail Confirms AI-Powered Hacking Threat, Issues Warning to 2.5 Billion Users *

Zero-Day Breach in BeyondTrust Exposes 17 SaaS Customers Through Compromised API Key *

One-Click RCE Vulnerability Discovered in Voyager Admin Panel with No Patch Available *

Rockwell Automation Patches Critical FactoryTalk View ME Vulnerability *

Israeli Firm Paragon Targets WhatsApp with New Zero-Click Spyware *

WantToCry Ransomware Targets SMB Vulnerabilities to Remotely Encrypt NAS Devices *

D-Link Router Vulnerability Allows Remote Attackers to Gain Full Control *

Vulnerabilities in Cisco Webex Chat Expose Organization's Message Histories to Attackers *

VMware Aria Operations Vulnerabilities Enable Attackers to Execute Admin-Level Actions *

Critical Flaw in Yeti Forensic Platform Enables Remote Code Execution *

Globe Life Data Breach Widens, Potentially Affecting 850,000 More Customers *

GitHub Copilot Flaw Enables Training of Malicious AI Models *

Hackers Send 40,000 Phishing Emails Impersonating Leading Tax Firm to Steal Credentials *

Tata Technologies Hit by Ransomware Attack, IT Systems Compromised *

Ransomware Attack Disrupts Operations at New York Blood Donation Center *

Google Prevented 2.36 Million High-Risk Android Apps from Entering Play Store in 2024 *

Backdoor Vulnerability Found in Two Healthcare Patient Monitors, Linked to Chinese IP *

Threat Actors Exploit Public-Facing IIS, Apache, and SQL Servers to Breach Government and Telecom Systems *

New Android Malware Masquerades as Wedding Invitations to Steal WhatsApp Messages *

RCE Vulnerability in AI Platform Allows Hackers to Gain Root Access *

TeamViewer Client Flaw Exposes System to Privilege Escalation *

Akamai SIRT Discovers Aquabotv3 Botnet Exploiting Critical Mitel SIP Phone Vulnerability *

FleshStealer: New Infostealer Targeting Chrome and Mozilla Users *

Researchers Reveal Advancements in SparkRAT Targeting macOS and Government Entities *

DeepSeek Database Publicly Exposes Sensitive Information, Secret Keys, and Logs *

Lynx Ransomware Framework Unveiled: Targeting Windows, Linux, and ESXi Systems *

Lazarus Group Uses React-Based Admin Panel to Orchestrate Global Cyber Attacks *

Hackers Exploit Critical Vulnerabilities to Compromise 3,000 Companies *

Hacker Exploits Vulnerability in Airline Integration Service to Access User Accounts *

PoC Exploit Released for XSS Vulnerability in TP-Link Router Web Interface *

Google Researchers Analyze ScatterBrain Behind POISONPLUG Malware *

New Phishing Scam Impersonates Amazon Prime to Steal Credit Card Details *

PureCrypter Spreads Agent Tesla and TorNet Backdoor in Active Cyberattacks *

Hackers Exploiting Vulnerabilities in SimpleHelp RMM to Infiltrate Networks *

Apple Releases Patch for Actively Exploited Zero-Day Impacting iPhones, Macs, and More *

Hackers Pose as USPS to Deliver Malicious PDF in Mobile Device Attack *

Cybercriminals Use Hidden Text Salting to Bypass Email Filters and Stay Undetected *

New Hacker Group Exploits 7z and UltraVNC to Stealthily Deploy Malware *

Fortinet Authentication Flaw Exploited for Super-Admin Privileges *

Critical Isolation Vulnerability in Intel Trust Domain Extensions Puts Sensitive Data at Risk *

Microsoft Launches Phishing Protection for Teams Chat *

Critical Apache Solr Vulnerability Allows Attackers to Gain Write Access on Windows *

Critical Flaw in IBM Security Directory Exposes Session Cookies to Theft *

DeepSeek Suspends New Registrations Following "Large-Scale" Cyberattack *

Severe Fleet Server Vulnerability Reveals Sensitive Data *

GitHub Vulnerability Exposed User Credentials Through Malicious Repositories *

Critical Vulnerability in Podman and Buildah Enables Container Breakout *

SCAVY Framework: Detecting Memory Corruption and Preventing Privilege Escalation in the Linux Kernel *

Electron-Based Malware Used by Lazarus Group to Target Crypto Enthusiasts *

Meta's Llama AI Framework Exposed to Critical Remote Code Execution Vulnerability *

Exploitation of Windows Charset Conversion Feature Leads to Remote Code Execution *

UnitedHealth Reports 2024 Data Breach Affecting 190 Million Individuals *

Subaru Starlink Vulnerability Exposed Cars to Remote Attacks *

TalkTalk Probes Data Breach Following Hacker Forum Listing *

OSINT Analysis Unveils IntelBroker’s Cybercriminal Operations *

PowerSchool Data Breach Exposes Millions of Student and Educator Records *

Microsoft Entra ID Bug Lets Unprivileged Users Modify Their User Principal Names *

Hackers Pose as Kremlin-Linked Group to Launch Attacks on Russian Organizations *

Over 370 Ivanti Connect Secure Devices Compromised via Zero-Day Vulnerability *

Critical Oracle WebLogic Server Vulnerability Enables Remote Code Execution *

Critical Vulnerability in AdForest Theme Enables Full Site Takeover, Threatening Thousands *

Government and University Websites Hijacked by New JavaScript Injection Attack *

Vulnerability in Android Kiosk Tablets Allows Attackers to Control AC and Lighting Systems *

Tycoon 2FA Phishing Kit Employs Custom Code to Bypass Detection *

Hundreds of Fake Reddit Sites Used to Spread Lumma Stealer Malware *

Malware Delivered to Windows Users Through Fake Microsoft Teams Page on Bing Ads *

Subaru Vulnerability in STARLINK System Allows Hackers to Remotely Control Millions of Cars *

phpMyAdmin Vulnerability Allows Hackers to Execute XSS Attacks via Malicious Tables *

New Ransomware Targets VMware ESXi Hosts Using SSH Tunneling *

GhostGPT Unrestricted ChatGPT Variant for Malware and Exploit Creation *

FBI: North Korean IT Workers Exploit Source Code to Blackmail Employers *

Custom Backdoor Leveraging Magic Packet Vulnerability in Juniper Routers *

SonicWall Vulnerability Enables Arbitrary OS Command Execution in Active Attacks *

Mercedes-Benz MBUX Vulnerabilities Expose User Data and Safety Risks *

0-Click Deanonymization Attack Uncovers Vulnerabilities in Signal and Discord *

Palo Alto Firewalls Exposed to Secure Boot Bypass and Firmware Vulnerabilities *

ICICI Bank Data Breach: BASHE Ransomware Group Allegedly Leaks Customer Data *

Critical Vulnerability in WordPress Plugin Puts Over 23,000 Websites at Risk of Hacking *

New Cookie Sandwich Attack Technique Exposes HttpOnly Cookies to Theft *

Cisco Alerts on Denial-of-Service Vulnerability with Available PoC Exploit *

TRIPLESTRENGTH Targets Cloud Platforms with Cryptojacking and On-Premises Systems with Ransomware *

Conduent Confirms Cybersecurity Incident Responsible for Recent Service Outage *

IPany VPN Compromised in Supply-Chain Attack to Deliver Custom Malware *

Hackers Target 16 Zero-Day Vulnerabilities on Day One of Pwn2Own Automotive 2025 *

Ransomware Groups Pretend to Be IT Support in Microsoft Teams Phishing Attacks *

Major Worldwide Outage Causes Bitbucket Services to Go Completely Down *

Botnet Hijacks 13,000 MikroTik Routers for Malspam and Cyberattacks *

Murdoc Botnet Variant Exploits AVTECH IP Cameras and Huawei Routers *

Fake Google Ads for Homebrew Target Mac Users with Malware *

Fake SBI Reward App Spreading Android Malware *

Brave Browser Flaw Lets Malicious Websites Appear as Trusted Domains *

UK Brit High School Closes for Students Due to Ransomware Attack *

Hackers Exploit MSI Packages and PNG Files for Multi-Stage Malware Delivery *

DoNot Team Linked to Tanzeem Android Malware for Intelligence Gathering *

HPE Investigates Alleged Source Code Theft in Cybersecurity Breach *

Critical Vulnerabilities in QNX Software Development Platform's Image Codecs Expose Systems to Potential Attacks *

Mongoose Vulnerability Exposes Millions of Downloads to Search Injection Attack *

Researchers Use ChatGPT to Identify S3 Bucket Takeover Vulnerability in Red Bull *

Hackers Use Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP *

Windows BitLocker Encryption Bypassed by Researchers Without Physical Disassembly of Laptop *

NBI Data Leak Exposes Sensitive Information of Millions of Filipinos *

Critical HPE Aruba Network Flaws Enable Remote Code Execution *

Star Blizzard Hackers Leverage WhatsApp to Target High-Value Diplomats *

Botnet Abuses Misconfigured DNS Records to Exploit 13,000 MikroTik Devices *

Zoom Patches Multiple Security Vulnerabilities to Prevent Privilege Escalation and Denial-of-Service Risks *

Critical Vulnerability in Windows LPD Service Allows Remote Code Execution *

Multiple Security Flaws Found in PowerDNS Impacting Ubuntu Users *

Critical Authorization Flaw in Moxa EDS-508A Series Ethernet Switches *

North Korean Hackers Exposed in Crowdfunding Scam Operation *

Phishing Campaign Exploiting FlowerStorm PaaS Targets Microsoft Users *

CISA Issues Critical Alert on Aviatrix Controllers Vulnerability *

U.S. Targets Chinese Cybersecurity Company and Actor for Involvement in Treasury Hack *

Critical Security Vulnerabilities Discovered in AWS Clients for Amazon WorkSpaces, AppStream 2.0, and NICE DCV *

Otelier Data Breach Compromises Millions of Hotel Guest Records and Reservations *

Hackers Can Bypass Active Directory Policies to Enable Vulnerable NTLMv1 Authentication *

Advanced Phishing Kit Bypasses 2FA to Compromise Microsoft 365 Accounts *

Critical Vulnerabilities in WGS-804HPT Switches Lead to Remote Code Execution and Network Compromise *

Yubico Patches Authentication Bypass Vulnerability in pam-u2f Package *

Millions of Internet Hosts Exposed to Attacks Due to Tunneling Protocol Vulnerabilities *

Hackers Exploit IIS Worker Using Web Shell for Data Exfiltration *

Critical Flaws in SimpleHelp Remote Access Software Could Expose Systems to Compromise *

Wolf Haldenstein Law Firm Reports 3.5 Million Affected by Data Breach *

W3 Total Cache Vulnerability Exposes 1 Million WordPress Sites to Potential Attacks *

Botnet Uses DNS Record Misconfigurations and Compromised Routers for Malware Distribution *

AIRASHI Botnet Exploits Zero-Day Vulnerabilities for Large-Scale DDoS Attacks *

European Privacy Group Takes Legal Action Against TikTok and AliExpress for Illegal Data Transfers to China *

Nominet Confirms Breach Due to Ivanti Zero-Day *

Russian Threat Group Star Blizzard Exploits WhatsApp Accounts Using QR Code Attacks *

Malware Campaign Targets Thousands of PHP-Based Web Applications *

Hackers Using California Wildfire Sparks to Launch Phishing Attacks *

380,000 Impacted by Data Breach at Stiiizy Cannabis Retailer *

Veeam Azure Backup Vulnerability Exposes Network to Attackers *

Exploitable UEFI Secure Boot Flaw Could Facilitate Malicious Bootkit Installation *

Malvertising Scam Targets Google Ads Users, Stealing Credentials and 2FA Codes *

Hackers Exploit Fortinet Zero-Day to Gain Super-Admin Privileges *

Widespread WP3.XYZ Malware Compromises 5,000 WordPress Sites *

ShadowSyndicate Hackers Introduce RansomHub Ransomware to Their Arsenal *

SAP Patches Critical Flaws in NetWeaver Application Servers *

Hackers Leak VPN Credentials and Configurations of 15,000 FortiGate Devices *

Vulnerability in Linux Rsync File Transfer Tool Allows Attackers to Execute Arbitrary Code *

Critical FortiSwitch Vulnerability (CVE-2023-37936) Requires Immediate Patch *

Critical Windows RD Gateway Vulnerability (CVE-2025-21225) Exposes Systems to Potential DoS Attacks. *

OneBlood Discloses Personal Data Breach from July Ransomware Attack *

Microsoft Patch Tuesday Security advisory- January 2025 *

Critical Flaw in Google’s Sign in with Google Puts Millions of Users at Risk *

Hackers Exploit Zero-Day Vulnerability in Internet-Exposed Fortinet Firewalls *

Microsoft Alerts Microsoft 365 Users to MFA Vulnerability *

ZACROS Corporation Discloses Personal Information Leak Following Ransomware Attack *

IBM Robotic Process Automation Vulnerability Exposes Sensitive Data to Attackers *

Critical Vulnerabilities Discovered in Atheos Web-Based IDE *

Cybercriminals Exploit YouTube to Spread Malware Through Hijacked Channels and Fake Software *

Over 4,000 Backdoors on Compromised Systems Gained Control Through Expired Domains *

Slovakia's Land Registry Suffers Unprecedented Cyber-Attack *

Furry Hacker Compromises Scholastic, Exposing Data of 8 Million Individuals *

LDAPNightmare PoC Exploit Disrupts LSASS and Forces Reboot of Windows Domain Controllers *

Multi-Plugin Malware Framework Deploys Backdoor on Windows Systems *

Phishing Texts Deceive Apple iMessage Users into Disabling Security Features *

Critical Vulnerability Discovered in GiveWP Plugin Affecting 100,000 Websites *

DoJ Charges Three Russians for Running Crypto Mixers Linked to Cybercrime Laundering *

RedDelta Cyber Espionage Group Targets Southeast Asia, Expands Attacks Globally *

AI-Powered Ransomware FunkSec Hits 85 Victims with Double Extortion *

Microsoft Files Lawsuit Against Hacking Group Exploiting Azure AI for Malicious Content Creation *

Juniper Networks Vulnerability Allows Remote Attackers to Execute Network Attack *

Researchers Exploit Vulnerability in Apple’s New USB-C Controller *

NonEuclid RAT Targets .NET Framework 4.8 Systems, Spreads via Phishing and Malicious Scripts *

Proton Global Outage Linked to Kubernetes Migration and Software Update *

Telefónica Confirms Breach of Internal Ticketing System Following Data Leak *

Fraudulent CrowdStrike Job Offers Target Developers to Install Cryptominer *

Samsung Patches Critical Vulnerabilities Allowing Arbitrary Code Execution *

Sophisticated PayPal Phishing Campaign Uses Legitimate Links to Steal Accounts *

Critical Vulnerabilities Found in Fancy Product Designer Plugin for WordPress *

Banshee Stealer's New Variant Bypasses Antivirus with XProtect-Inspired Encryption *

Phony CrowdStrike Job Offers Exploit Developers with Hidden Crypto Miners *

Major U.S. Addiction Treatment Provider Alerts Patients to Data Breach *

Critical Vulnerabilities Addressed in SonicWall, Palo Alto Expedition, and Aviatrix Controllers *

Green Bay Packers Store Breach Exposes Thousands of Credit Card Details *

Mirai Botnet Variant Targets Routers Using Zero-Day Vulnerabilities *

Ivanti Alerts of New Connect Secure Vulnerability Exploited in Zero-Day Attacks *

Critical RCE Vulnerability in GFI KerioControl Exposes Systems to Remote Code Execution via CRLF Injection *

Palo Alto Networks Expedition Tool Vulnerability Exposes Cleartext Passwords to Attackers *

GitLab Fixes Multiple Vulnerabilities Including Resource Exhaustion and User Manipulation *

Gravy Analytics Targeted in Cyberattack, Sensitive Data Allegedly Stolen *

Critical BIOS UEFI Vulnerabilities in Illumina iSeq 100 Expose Device to Remote Attacks *

Washington State Sues T-Mobile Over Massive Data Breach *

Chrome Update Addresses Multiple Security Vulnerabilities *

New WordPress Plugin Exploits Legitimate Sites to Steal Customer Payment Data *

CISA: Oracle WebLogic Vulnerability Actively Exploited in Cyberattacks *

Casio confirms that the personal data of 8,500 individuals was compromised in a ransomware attack in October *

PowerSchool Breach Exposes Student and Teacher Data from K-12 Districts *

New EAGERBEE Variant Exploits ISPs and Governments with Sophisticated Backdoor Techniques *

Critical RCE Vulnerabilities Addressed in Latest Android Security Update *

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Compromise *

Critical OpenVPN Connect Vulnerability (CVE-2024-8474) Exposes Private Keys: Update Now to Stay Protected *

Chinese Hackers Targeted Charter and Windstream Networks as Well *

Stealthy Steganography-Based Backdoor Attacks Target Android Applications *

CISA Confirms Recent Government Hack Is Limited to U.S. Treasury Department *

Malicious npm Packages Exfiltrating Developers' Sensitive Data *

Critical CVE-2024-40766 Vulnerability Puts Global SonicWall NSA Devices at Risk *

MediaTek Patches Critical Remote Code Execution Vulnerability *

New SwaetRAT Malware Delivered Through Weaponized Python Scripts *

Fake EditThisCookie Extension Found Stealing User Data *

Bad Likert Judge: A New Technique for Jailbreaking AI by Exploiting LLM Vulnerabilities *

Stealthy Steganographic Backdoor Attacks on Android Applications *

Moxa Urges Immediate Security Measures for CVE-2024-9138 and CVE-2024-9140 Vulnerabilities *

Weekly Threat: Users Targeted by Sophisticated Phishing Links *

North Korean Hackers Drain Cryptocurrency Wallets Through Phony Job Interviews *

PoC Released for Windows Registry Privilege Escalation Vulnerability *

Windows 10 Users Advised to Upgrade to Avoid Serious Security Risks *

Hikvision Camera Driver Vulnerability: CVE-2024-12569 - Critical Security Update for Milestone XProtect® Users *

Vulnerabilities in Trend Micro Apex One Allow Privilege Escalation *

Next.js Addresses Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions *

Tenable Advises Manual Upgrade to Fix Offline Nessus Agents Caused by Faulty Plugin Update *

Critical Vulnerability in UpdraftPlus Plugin Puts Millions of WordPress Sites at Risk *

FireScam Android Malware Disguises as RuStore App to Steal User Data *

Nuclei Vulnerability Allows Malicious Templates to Bypass Signature Verification *

LegionLoader Exploits Chrome Extensions to Deploy Infostealer Malware *

Thomas Cook Struck by Cyber Attack, Disrupting IT Systems *

Nikki-Universal Cyber Attack - 761.8 GB of Data Stolen *

Veritas Vulnerability Allows Attackers to Execute Arbitrary SQL Commands *

Vulnerability in Karmada Allows Attackers to Take Control of Kubernetes Systems *

India's VPN Crackdown: Popular Apps Removed from App Stores *

French Contractor Atos Refutes Allegations of Space Bears Ransomware Attack *

Siri Privacy Lawsuit Ends with $95M Settlement from Apple *

SysBumps: A New Kernel Break Attack Bypassing macOS Security *

New York Hospital Reports Data Breach Affecting 670,000 Due to Ransomware Attack *

Massive DDoS Attack Disrupts NTT Docomo Services Across Multiple Sectors *

ASUS Routers Exposed to Security Risks with CVE-2024-12912 and CVE-2024-13062 *

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Servers *

iTerm2 Patches Critical Vulnerability Exposing User Input and Output Data *

Researchers Discover Phishing-as-a-Service Domains Linked to Tycoon 2FA *

Critical Security Vulnerabilities Fixed in Microsoft Dynamics 365 and Power Apps Web API *

Three Russian German Nationals Indicted for Espionage on Behalf of Russian Intelligence *

Malicious NPM Package Posing as Ethereum Tool Drops Quasar RAT *

Critical Vulnerability in Angular Expressions (CVE-2024-54152): Code Injection Risk and Full System Access *

New PLAYFULGHOST Malware: Hacking Devices to Remotely Capture Audio Recordings *

EC2 Grouper Hackers Leverage AWS Tools to Exploit Stolen Credentials *

Cyberattack on State Health Benefits Website Exposes Rhode Islanders Data *

Iranian and Russian Entities Sanctioned for Election Interference via AI and Cyber Operations *

DoubleClickjacking Exploit Circumvents Clickjacking Defenses on Leading Websites *

Security Flaw in DrayTek Devices Enables Remote Execution of Arbitrary Commands *

Ukrainian Military Targeted by Stealthy Malware Leveraging SSH Over TOR *

Microsoft Issues Critical Alert for Developers to Update .NET Installer Links *

Critical Vulnerability in TrueNAS CORE Enables Remote Code Execution *

Major Healthcare Breaches Drive Overhaul of U.S. Cybersecurity Regulations *

Alleged 7-Zip Zero-Day Exploit Leaked Online Through Social Media Platform 'X' *

SquareX Researchers Reveal OAuth Vulnerability in Chrome Extensions, Days Before Major Breach *

NFS Protocol Security Bypassed to Access Remote Server Files *

Hackers Exploit Websites to Deliver Malware via Weaponized LZH File Using LNK File *

7-Zip Zero-Day Exploit: Alleged Vulnerability Sparks Cybersecurity Concerns *

Global Cyber Alliance Successfully Dismantles PlugX Worm *

Postman Security Flaw Exposes 30,000 Workspaces, Leaking API Keys and More *

Security Flaw in GStreamer Exposes Linux Systems to Potential Exploits *

Critical Vulnerability in Tabby Terminal Puts macOS User Privacy and Security at Risk *

PoC Exploit Released for Linux Kernel Vulnerability CVE-2023-4147 Allowing Privilege Escalation *

Proof of Concept Exploit Released for Oracle WebLogic Server Vulnerability *

AT&T and Verizon Hacked by Salt Typhoon, Targeting High-Profile Networks *

Four-Faith Industrial Router Vulnerability Exploited for Remote Access in the Wild *

APT29 Espionage Campaign: Russian Hackers Exploit Red Team Tools for Stealthy Data Theft *

Rspack Supply Chain Attack Injects Cryptojacking Malware into NPM Ecosystem *

Cloud Atlas Uses VBCloud Backdoor in New Cyber Espionage Campaign *

Webmin Security Flaw Exposes Servers to Command Injection Attacks *

Hackers Compromise ZAGG Customer Credit Card Data in Third-Party Breach *

NGate Trojan Exploits NFC to Loot Bank Accounts via ATMs *

Nebraska Attorney General Sues Change Healthcare and UnitedHealth Over Data Theft in Ransomware Attack *

Volkswagen Data Breach Exposes Personal Information of 800,000 Electric Car Owners *

Ransomware Attack on Ascension Health Exposes Data of Nearly 6 Million People *

Pittsburgh Regional Transit Links Recent Service Disruptions to Ransomware Attack *

FBI Accuses North Korean Hackers of Stealing $308 Million in Cryptocurrency *

General Dynamics Confirms Phishing Attack on Employees *

Critical SSRF Vulnerability Discovered in Invoice Ninja *

Fake Zoom Links Exploit Cryptocurrency Investors in Million-Dollar Heist *

White House Attributes Ninth Telecom Breach to Chinese Cyber Espionage *

FICORA and Kaiten Botnets Exploit Legacy D-Link Vulnerabilities in Global Cyberattacks *

Japan Airlines Cyberattack Disrupts Flights During Year-End Holiday Rush *

Palo Alto Networks Addresses PAN-OS DoS Vulnerability with Urgent Patch *

Cyberhaven Chrome Extension Breached in Sophisticated Cyberattack *

Flaws in Ruijie Networks Cloud Platform Could Have Exposed 50,000 Devices to Remote Attacks *

Brazilian Hacker Threatened to Sell Stolen Data for $3.2M in Bitcoin After Breaching 300,000 Accounts *

New OtterCookie Malware Exploits Fake Job Offers to Backdoor Developers *

Data Breach at American Addiction Centers Exposes Information of 422,000 Individuals *

Dark Web Scheme Exploits KYC Data to Bypass Identity Verification Systems *

Araneida Scanner: Hackers Exploiting Cracked Version of Acunetix Vulnerability Scanner *

Severe Apache MINA Vulnerability Enables Remote Code Execution *

CISA Warns of Active Exploitation of Acclaim USAHERDS Vulnerability CVE-2021-44207 *

libxml2 Exposed to Critical XXE Attack Risk *

Iran's Charming Kitten Unveils BellaCPP, a New C++ Variant of BellaCiao Malware *

Urgent Security Patch for Critical SQL Injection Vulnerability in Apache Traffic Control *

Massive Biometric Data Harvesting Operation Exposed *

U.S. Allegedly Conducts Cyber Attacks on Chinese Tech Firms *

Critical Authentication Flaw in Apache HugeGraph-Server Enables Unauthorized Access *

IBM AIX TCP/IP Flaw Enables Denial of Service Attacks by Exploiting Vulnerability *

Indonesia Government Data Leak Hackers Dump 82 GB of Confidential Information Online *

PyPI Packages Exploiting Keystrokes and Hijacking Social Media Accounts Uncovered by Researchers *

European Space Agency's Official Store Hacked to Steal Payment Card Information *

WikiKit Phishing Kit Targets Key Industries Using Evasive Tactics *

CrushFTP Vulnerability Puts Users at Risk of Account Takeover *

ColdFusion Critical Flaw Exposed with PoC Exploit, Adobe Issues Advisory *

Lazarus Group Deploys New VNC-Based Malware in Global Attacks on Organizations *

Premium WPLMS WordPress Plugins Fix Seven Critical Vulnerabilities *

Skuld Malware Exploits Weaponized Windows Utility Packages for Deployment *

Ransomware Attack on Three California Hospitals Exposes 17 Million Patient Records *

Critical Remote Code Execution Vulnerability Discovered in Craft CMS with PoC Released *

Apache Tomcat Security Update Addresses Critical RCE Vulnerability *

Hail Cock Botnet Exploits Vulnerability in DigiEver DVRs *

CISA Urges U.S. Mobile Users to Adopt Encrypted Messaging After Salt Typhoon Hack *

US Charges Alleged LockBit Coder with 41 Counts of Cybercrime *

North Korean Hackers Steal $1.3 Billion in Cryptocurrency This Year *

WhatsApp Secures Legal Victory Against NSO Group in Pegasus Spyware Case *

LockBit Developer Rostislav Panev Charged with Causing Billions in Global Ransomware Damage *

Juniper Alerts on Mirai Botnet Targeting Vulnerable Session Smart Routers *

Windows 11 Alert Privilege Escalation Vulnerability Exposes Users to Attack *

Critical Vulnerabilities in Foxit PDF Editor Enable Remote Code Execution *

Fortinet Releases Critical Patch for FortiWLM Vulnerability *

TA397 Utilizes Advanced Spearphishing Methods to Deliver Malware in the Defense Sector *

Critical Vulnerability in Siemens UMC Allows for Remote Code *

Diicot Threat Group Launches Advanced Malware Campaign Targeting Linux Systems *

Critical Vulnerabilities Discovered in Rockwell Automation PowerMonitor 1000 Devices *

Advanced Phishing Campaign Targets Users with Tax Lures and MSC File Backdoor *

Hackers Publish Malicious Packages on NPM Using Stolen Tokens *

Sophos Reveals Critical Remote Code Execution Vulnerability in Firewall *

Hackers Leverage LNK Files to Create Scheduled Tasks and Deploy Malware Payloads *

Malicious Supply Chain Attack Shifts From npm Community to VSCode Marketplace *

Stay Alert for Malicious SharePoint Notifications Delivering XLoader Malware *

BadBox Malware Botnet Infects 192,000 Android Devices Despite Interruption Efforts *

Android malware disguised as a health app discovered on Amazon Appstore *

Microsoft 365 Users Experience Unexpected Product Deactivation Issues *

Iranian Hackers Targeting Global ICS Infrastructure with Massive Cyberattack *

Authentication Bypass Vulnerability Discovered in Next.js Framework *

VIPKeyLogger Unleashed Office Docs Turned into Credential-Stealing Malware *

Russian Hackers Use RDP Proxies for Data Theft in Man-in-the-Middle Attacks *

Severe Apache Struts Vulnerability Discovered with Exploitation Attempts Ongoing *

Raccoon Stealer Operator Sentenced to 5 Years in Prison After Guilty Plea *

HubPhish Exploits HubSpot Tools to Steal Credentials from 20,000 European Users *

Active Phishing Campaign Exploits Google Calendar to Evade Spam Filters *

Exploring the Advanced Techniques and Capabilities of Nova: A Fork of Snake Keylogger *

Critical Vulnerabilities in SHARP Routers: Urgent Firmware Updates Required to Mitigate Security Risks *

Critical Vulnerability in MinIO Allows Unauthorized Users to Gain Full Admin Access *

Apache Tomcat Fixes RCE and DoS Security Issues *

CISA Highlights Active Exploits Targeting Adobe ColdFusion and Windows Vulnerabilities *

Cyber Criminals Use Windows Management Console to Deliver Backdoor Payloads *

Exploitable CyberPanel Flaw Exposes Servers to Total Compromise, PoC Released *

Data Exposure Incident in Cisco DevHub Environment *

'Bitter' Cyberspies Launch Attacks on Defense Organizations Using MiyaRAT Malware *

Hackers Target Hackers: MUT-1244 Steals Credentials Through GitHub Attack *

Fake Ledger Data Breach Emails Aim to Steal Crypto Wallets *

SADBRIDGE Loader Deploys GOSAR Backdoor in Cyber Attacks *

Microsoft Teams Voice Phishing Enables DarkGate Malware Deployment *

Severe XXE Vulnerability(CVE-2024-55875) Discovered in http4k Framework *

ConnectOnCall Data Breach Exposes Personal and Medical Information of Over 900,000 Individuals *

Exploitation of Undocumented DrayTek Vulnerabilities Affects Hundreds of Firms *

Security Flaw in Laravel Pulse Allows Remote Code Execution *

Severe Vulnerability in Windows LDAP Service Poses Remote Takeover Risk *

DeceptionAds Generates Over 1M Daily Impressions Through 3,000 Websites and Fake CAPTCHA Pages *

Amnesty International Links Cellebrite to Android Zero-Day Exploits in Spyware Campaigns *

FBI Detects HiatusRAT Malware Attacks Targeting Web Cameras and DVRs *

Data Breach at Texas Tech University System Compromises Data of 1.4 Million Patients *

Dubai Police Draws Attention Amid Growing Mobile Attacks in the UAE *

Tic TAC Alert Remote Code Execution Flaw in Medical Imaging Systems *

Digital Prison: Serbian Authorities' Use of Spyware and Forensic Tools to Target Journalists and Activists *

Critical GLPI Vulnerabilities Discovered, Putting User Accounts at Risk *

Critical Vulnerabilities Found in Mullvad VPN App During Penetration Test *

Spring Framework Path Traversal Vulnerability Exploited with PoC Release *

Hackers Target YouTube Creators with Fake Collaboration Offers *

Flaw in Golang Crypto Library Exposes Systems to Authorization Bypass *

Thai Officials Targeted in Yokai Backdoor Campaign via DLL Side-Loading *

Winnti Hackers Use New Glutton PHP Backdoor to Target Rival Threat Actors *

Clop Ransomware Takes Responsibility for Cleo Data Breach Attacks *

RepoJacking Vulnerability Exposes Over 300,000 Prometheus Servers to DoS Attacks *

New Android Banking Trojan Aims at Indian Users via Fake Apps *

Over 240,000 Affected in Cyberattack on SRP Federal Credit Union *

Curl Vulnerability Risks User Credentials in Redirect Scenarios *

Germany Takes Down BADBOX Malware Network on 30,000 Devices Using Sinkhole Operation *

Medusa Claims to Have Stolen 852.4GB of Data from Ainsworth Game Technology *

Citrix Warns of Global Password Spraying Attacks on NetScaler Appliances *

Abusing Microsoft’s UI Automation Framework: A New Evasion Technique for Bypassing EDR *

Careto APT Resurfaces A Decade-Old Threat with Increased Sophistication *

LKQ Reports CyberAttack Disrupted Canadian Operations *

Big Flaw in Ruijie Reyee Cloud Management Platform *

Microsoft Addresses Security Flaws in Windows Defender and Update Catalog *

Security Risks in Woffice WordPress Theme Prompt Immediate Updates *

GitHub Repository Hosting PoC Exploits Compromises 390,000+ WordPress Accounts *

Southeast Asia's High-Profile Organizations Targeted in Cyberattacks *

Apache Superset Security Alert CVE-2024-55633 Vulnerability Exposes Sensitive Data *

Citrix NetScaler Devices Targeted by Brute-Force Attacks Exploiting Zero-Day Vulnerabilities *

AntiDot Malware Infecting Android Devices to Deliver Malicious Payloads to Employees *

Center for Vein Restoration Notifies Over 446,000 Individuals of Data Breach *

New Zealand Telecom Provider Compass Communications Confirms Ransomware Attack *

CERT\CC Issues Advisory on PDQ Deploy Vulnerability Exposing Admin Credentials *

Over 300K Exposed Prometheus Instances Leaking Credentials and API Keys Online *

Dell Warns of High-Risk Security Flaws in Key Enterprise Solutions *

Gamaredon Targets Former Soviet States with Android Spyware BoneSpy and PlainGnome *

Researchers Discover Symlink Exploit Enabling TCC Bypass in iOS and macOS *

Chinese Hackers Behind Triad Nexus Using 200,000 Domains in Extensive Cyberattack *

New IOCONTROL Malware Targets Critical Infrastructure in Cyberattacks *

New Pumakit Linux Rootkit Malware Discovered Using Stealth Techniques *

Splunk Vulnerability Exposes Systems to Remote Code Execution *

Cyberattack Halts Krispy Kreme’s Doughnut Delivery System *

Critical Apache Struts Flaw Enables Remote Code Execution *

ChatGPT Faces Global Outage, Service Restored After Several Hours *

Global Meta Outage Disrupts Access to Instagram, Facebook, WhatsApp, and Threads *

Two Australian Companies Reportedly Targeted by Funksec Ransomware Gang *

Hackers Exploit Weaponized LNK Files for Delivering Malicious Payloads *

ZLoader Malware Resurfaces, Using DNS Tunneling to Conceal C2 Communications *

Blizzard Group Deploys Kazuar Backdoor in Ukraine via Amadey Malware-as-a-Service *

New Malware Technique Exploits Windows UI Framework to Bypass EDR Tools *

US Charges Chinese Hackers for Exploiting Thousands of Firewalls *

Vulnerabilities in Hunk Companion WordPress Plugin Exploited to Install Malicious Plugins *

Researchers Uncover New EagleMsgSpy Android Spyware Allegedly Used by Chinese Authorities *

Siemens Healthineers Fixes Major Flaw in Medical Imaging Software *

Apache Superset Addresses Multiple Security Flaws in Latest Update *

Hackers Exploit HTML Functions to Evade Email Security Filters *

Cisco Talos Exposes Unpatched Vulnerabilities in Industrial Routers and BGP Tool *

Schneider Electric Alerts Users to Critical Vulnerability in Modicon Controllers *

Critical Apple Flaw Exposed User Data on macOS and iOS *

Adobe Addresses Over 160 Vulnerabilities Across 16 Products *

Scottish Parliament TV Vulnerable to Deepfake Threats *

RedLine Malware Exploits Pirated Corporate Software to Steal Login Credentials *

Visual Studio Tunnels Exploited for Stealthy Remote Access *

Phishing Scam Uses Fake Job Offers to Distribute Banking Trojan via Malicious Apps *

Ivanti Releases Critical Security Patches for CSA and Connect Secure Vulnerabilities *

Threat Actors Leverage AI to Launch Advanced Social Engineering Attacks *

Google Unveils Vanir, an Open-Source Tool for Security Patch Validation *

Ransomware Attack Targets U.S. Subsidiary of Japanese Water Treatment Firm *

Phishing Attack Targets Ukrainian Defense Industry *

Microsoft Patch Tuesday Security advisory- December 2024 *

Critical Vulnerability in CPython Exposes asyncio Applications to Memory Exhaustion Risks *

Critical Vulnerability in WPForms Plugin Affects 6 Million WordPress Sites *

Urgent SAP Patch Released for NetWeaver AS for JAVA Vulnerability *

Deep Seek AI Chatbot Vulnerability Allows Account Takeover via Prompt Injection *

Black Basta Ransomware Adopts New Tactics: Email Bombing, QR Codes, and Social Engineering *

A Ransomware Attack Hits Romanian Energy Giant Electrica *

Indusface Reports a 3000 Percent Increase in API Attacks, Analyzing 1.26 Billion Cyberattacks in Q3 2024 *

Cyberattacks on Indian Government Entities Rise by 138 Percent Between 2019 and 2023 *

Active Exploitation of Critical Vulnerability in Cleo Software Detected *

OpenWrt Sysupgrade Vulnerability Enabled Hackers to Distribute Malicious Firmware *

Ransomware Attack Targets Major Heart Surgery Device Manufacturer *

Transaction-Relay Jamming Vulnerability Puts Bitcoin Lightning Network at Risk *

Supply Chain Attack Targets Ultralytics AI Library, Impacting 60 Million Downloads *

ABB ASPECT Vulnerabilities Leave Buildings Open to Cyberattacks *

Google's December 2024 Update Resolves Critical RCE Vulnerabilities in Pixel Devices *

QNAP Responds to Critical Vulnerabilities in License Center and Operating Systems *

Mauri Ransomware Leverages Apache ActiveMQ Vulnerability for Attacks *

Qlik Sense Faces Critical Vulnerabilities Impacting User Security *

Deloitte Denies Breach, Confirms Only One System Was Impacted *

Malicious C2 Communication Bypasses Browser Isolation Through QR Codes *

Solana Library Supply Chain Attack Puts Cryptocurrency Wallets at Risk *

DaMAgeCard Attack: New SD Card Exploit Enables Direct Access to System Memory by Hackers *

Spyware Campaign Targets Chinese Minority Groups Through WeChat *

CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Flaw Endangers 30,000 Websites *

Django Releases Security Patches for CVE-2024-53907 and CVE-2024-53908 to Address DoS and SQL Injection Vulnerabilities *

Ransomware Incident Impacts 300,000 Patients at Anna Jaques Hospital *

Chemonics International Discloses Data Breach Affecting Over 260,000 Individuals *

Critical AsyncHttpClient Vulnerability CVE-2024-53990 Threatens Java Applications *

Atrium Health Suffers Massive Data Breach, 585,000 Records Exposed *

Critical Security Flaw Identified in SailPoint IdentityIQ *

SonicWall SMA 100 Exposes Multiple Vulnerabilities That Could Enable Remote Code Execution *

Critical Security Flaw in Sweet Date WordPress Theme Exposed Thousands of Sites Vulnerability *

Major Zero-Day Vulnerability in Windows Compromises User Credentials *

Crypto-Stealing Malware Disguised as Meeting App Targets Web3 Professionals *

Russian Hackers Leverage Competitors' Infrastructure for Espionage *

Researchers Discover Vulnerabilities in Widely Used Open-Source Machine Learning Frameworks *

Cloudflare Exploited Hackers Hide GammaDrop Malware with Tunnels and Fast-Flux DNS *

Critical Vulnerability in Thinkware Cloud APK Version 4.3.46 *

Mitel MiCollab Zero-Day Vulnerability Receives Proof-of-Concept Exploit *

CISA Issues Alert on Exploited Vulnerabilities in Zyxel Firewalls, CyberPanel, North Grid, and ProjectSend *

ChatGPT Next Web Vulnerability Allowed Attackers to Exploit Endpoint for SSRF *

Android Spyware Uncovered on Device Seized by Russian FSB *

U.S. Organization Targeted in Four-Month Intrusion by Chinese Hackers *

Romania's Election Systems Hit by Over 85,000 Cyberattacks *

MirrorFace Campaign Targets Japan Using ANEL and NOOPDOOR Backdoors *

Hackers Target Docker Remote API Servers to Deploy Gafgyt Malware *

Cloudflare Developer Platforms Exploited in Cyber Attacks *

UK Disrupts Russian Money Laundering Networks Linked to Ransomware *

Ransomware Causes $17bn in Downtime for Manufacturing Sector *

Deloitte UK Falls Victim to Massive Hack 1 TB of Data Stolen *

White House: Salt Typhoon Targeted Telecoms in Dozens of Countries *

Cisco NX-OS Flaw Enables Bypass of Image Signature Verification *

BT Unit Shuts Down Servers After Black Basta Ransomware Breach *

760,000 Employee Records from Leading Companies Leaked Online *

Marin Housing Authority Cyberattack: $950,000 Stolen from City Housing Project *

MobSF XSS Flaw Allows Attackers to Inject Malicious Scripts *

Critical Vulnerability Found in I-O DATA Routers *

Zyxel Releases Firmware Updates to Secure Your Network *

Google Chrome Updates to Address High-Risk Vulnerability in V8 JavaScript Engine *

Ransomware Attack Disrupts Operations of Energy Sector Contractor ENGlobal *

Hackers Clone Websites and Exploit RCE Vulnerabilities to Target Shopping Platforms *

Veeam Issues Warning About Critical RCE Vulnerability in Service Provider Console *

Critical Remote Code Execution Vulnerability in Progress Whats Up Gold *

Threat Actors Increasingly Exploit Cloudflare’s Developer Domains *

Stoli Vodka Maker Files for Bankruptcy in the US Following Ransomware Attack *

Severe Security Flaw Discovered in Zabbix Network Monitoring Tool *

TP-Link HomeShield Vulnerability Allows Attackers to Inject Malicious Commands *

Cisco Confirms Ongoing Exploitation of 10-Year-Old WebVPN Vulnerability in ASA Software *

Critical Vulnerabilities in mySCADA myPRO Software Threaten Industrial Control Systems Security *

Over 600,000 Background Checks were Exposed in a Publicly Accessible Database *

ProFTPD Vulnerability Allows Attackers to Gain Root Access *

Major Cyberattacks Hit UK Hospitals, Disrupting Patient Care *

Horns&Hooves Campaign Deploys RATs Using Fake Emails and JavaScript Payloads *

Azerbaijan's Digital Influence Campaign Targeting France's Overseas Territories and Corsica *

SmokeLoader Malware Strikes Taiwan’s Manufacturing and IT Industries *

HPE IceWall Vulnerability Enables Unauthorized Data Modification *

CleverSoar Malware Targets Windows Users, Evades Security Mechanisms *

Security Alert: Bootkitty Bootkit Exploits UEFI Vulnerability (CVE-2023-40238) to Target Linux Systems *

CVE-2024-11980 (CVSS 10): Critical Vulnerability Discovered in Billion Electric Routers *

MediaTek Resolves Critical Vulnerability in Smartphone Chipsets (CVE-2024-20125) *

Bologna FC Faces Major Data Breach Following Ransomware Attack *

Operation Code on Toast TA-RedAnt Targets Internet Explorer with Zero-Day Exploit *

Trellix Patches Critical Vulnerabilities in Enterprise Security Manager *

New Phishing Campaign Exploits Corrupted Word Documents to Bypass Security *

Critical Vulnerabilities Discovered in Linux Tuned Daemon *

AI-Driven Fake News Targets Western Support for Ukraine and U.S. Elections *

SpyLoan Malware Infects 8 Million Android Devices via Google Play *

Industrial Networks at Risk Due to Over-the-Air Vulnerabilities in Advantech EKI Access Points *

Critical Security Flaw in Widget Options Plugin Affects 100,000+ Websites *

Hackers Can Stealthily Access ThinkPad Webcams by Disabling LED Indicators *

T-Mobile Reveals New Details About China-Linked Cyberattack *

Over 600,000 Sensitive Records Exposed by Background Check Service Provider *

Bologna FC Hit by RansomHub Ransomware and Confirms a Data Breach *

Cyberattack on UK Hospital Disrupts Operations, Interruptions Expected to Continue *

Critical Flaw in Apache Arrow R Package Enables Arbitrary Code Execution *

New Rockstar 2FA Phishing Service Aims at Microsoft 365 Accounts *

Critical Security Flaws in Contiki-NG IoT OS *

HPE Insight Remote Support Hit with Severe Vulnerabilities *

Researchers Discover 20 Vulnerabilities in Advantech Wi-Fi Access Point *

Critical Zyxel Firewall Vulnerability Under Active Exploitation *

New Skimmer Malware Harvests Credit Card Data from Online Checkout Pages *

XML-RPC npm Library Compromised: Data Theft and Crypto Mining Detected *

Malicious PyPI Package Targets Crypto Wallets with Infostealing Code *

Researchers Uncover Advanced Data Exfiltration Techniques Used by Ransomware Groups *

TIBCO Hawk Under Attack Mitigate Critical Security Risks (CVE-2024-10217 & CVE-2024-10218) *

Microsoft Fixes Exploited Vulnerability in Partner Network Website *

ProjectSend Vulnerability Actively Exploited in the Wild *

Zabbix Releases Patch for Critical Remote Code Execution Vulnerability *

Cybercriminals Exploit Popular Godot Game Engine to Infect Thousands of Computers *

APT-C-60 Leverages Trusted Platforms to Launch Attacks on Japan *

Lazarus Group Exploits macOS Extended Attributes to Bypass Detection *

Bootkitty: Researchers Uncover the First UEFI Bootkit Targeting Linux Kernels *

IBM Fixes RCE Vulnerabilities in Data Virtualization Manager and Security SOAR *

VMware Addresses High-Severity Vulnerabilities in Aria Operations with New Patches *

Critical GitLab Vulnerability Allows Attackers to Escalate Privileges *

NVIDIA UFM Vulnerability Exposes Systems to Privilege Escalation and Data Tampering *

New DDoS Campaign Targets IoT Devices and Server Misconfigurations *

Critical Flaws in WordPress Anti-Spam Plugin Put Over 200,000 Sites at Risk of Remote Attacks *

Chinese Hackers Exploit GHOSTSPIDER Malware to Target Telecoms in Over 12 Countries *

Keycloak Releases Critical Security Updates to Fix Multiple Vulnerabilities *

Palo Alto Networks Alerts to GlobalProtect App Vulnerability with Public Exploit Code (CVE-2024-5921) *

Starbucks and Grocery Stores Targeted in Blue Yonder Ransomware Attack *

RomCom Leverages Zero-Day Firefox and Windows Vulnerabilities in Advanced Cyberattacks *

SpyLoan Apps Exploit Social Engineering to Steal User Data *

Bingcom XSS Vulnerability Exposed: Attackers Could Send Malicious Crafted Requests *

The Face of Deception Phishing Scams Using Government IDs and Facial Recognition *

Hidden Risk in the Fortune 1000: 30,000 Exposed APIs and 100,000 Vulnerabilities Discovered *

Microsoft 365 Outage Disrupts Exchange, Teams, and SharePoint Services *

Massive Credit Card Database of 1,221,551 Records Leaked on Dark Web *

7-Zip Flaw Exposes Systems to Remote Code Execution *

Team Software Breach: Hackers Gain Unauthorized Access to Network Infrastructure *

New Phishing Scheme Exploits Google Docs and Weebly *

North Korean Hackers Exploit AI-Driven Scams and Malware on LinkedIn to Steal $10M *

Nearest Neighbor Attacks: Russian APT Infiltrates Targets via Exploited Nearby Wi-Fi Networks *

Critical Veritas Enterprise Vault Vulnerability Enables Remote Code Execution *

Malicious Python Crypto Library Update Steals Private Keys Through Telegram *

Critical Vulnerability in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover *

Yakuza Victim Data Exposed in Cyberattack on Japanese Agency *

Hackers Exploit Avast Anti-Rootkit Driver to Bypass Security Defenses *

Google Uncovers GLASSBRIDGE Pro-China Influence Network Using Fake News Sites *

Multiple Vulnerabilities in D-Link End-of-Life Routers Allow Remote Code Execution *

Faux ChatGPT and Claude API Packages Deliver JarkaStealer Malware *

NodeStealer Malware The Latest Cyber Threat to Facebook Advertisers and Credit Card Holders *

APT-K-47 Leverages Hajj-Themed Lures to Deploy Advanced Asyncshell Malware *

Wowza Streaming Engine Flaws Expose Thousands of Servers to Security Risks *

Cyberattack Takes Down Systems of Gambling Giant IGT *

WinZip Vulnerability Allows Execution of Malicious Code *

Meta Removes 2 Million Accounts Tied to Pig Butchering Scams *

US Firm Breached by Hackers via Russian Wi-Fi in Nearest Neighbor Attack *

Citrix Session Recording Vulnerabilities Being Actively Exploited by Threat Actors *

Russian Cyber Spies Unleash HatVibe and CherrySpy Malware *

Over 2,000 Palo Alto Firewalls Compromised by Newly Discovered Vulnerabilities *

Pro-Trans Rights Hackers Breach Andrew Tate’s The RealWorld Website *

Sensitive Data Leaked Through Apache NiFi Debug Logs *

Snow Brand Australia Confirms Ransomware Attack by SafePay *

New Zealand Importer Triton Sourcing & Distribution Confirms Ransomware Attack *

M-Files Releases Fixes for File Inclusion and Authentication Bypass Vulnerabilities *

Vietnam Cracks Down on Infostealers: VietCredCare and DuckTail Uncovered *

Chinese Hackers Deploy WolfsBane Malware to Target Linux Systems *

Researchers Unveil FrostyGoop Malware Targeting ICS Devices *

AnyDesk Security Flaw CVE-2024-52940 Allows IP Address Exposure - Patch Immediately *

Versa Director Under Attack Critical CVE-2024-42450 Vulnerability Exposes Networks to Risk *

Volt Typhoon Targeting U.S. Critical Infrastructure to Establish Persistent Access *

Fintech Leader Finastra Probes Data Breach Following SFTP Hack *

Hackers Exploit Misconfigured Servers to Hijack Live Sports Streaming *

Cyberattack on French Hospital Compromises Health Data of 750,000 Patients *

Decades-Old Vulnerabilities Identified in Ubuntu's Needrestart Tool *

Unsecured Jupyter Notebooks Hijacked by Hackers for Illegal Sports Streams *

Oracle Agile PLM Zero-Day Exploited in Attacks *

Apple Issues Critical Security Patches for Exploited Vulnerabilities in macOS and iOS *

Ngioweb Botnet Exploits IoT Devices to Power NSOCKS Residential Proxy Network *

CISA Flags Progress Kemp LoadMaster Vulnerability as Actively Exploited in Attacks *

Chinese Hackers Target T-Mobile and U.S. Telecoms in Expanded Espionage Campaign *

Palo Alto Networks Patches Exploited Zero-Day Vulnerabilities in Operation Lunar Peek *

Helldown Ransomware Variant Now Targeting VMware and Linux Platforms *

Ford Investigates Possible Data Breach After Hackers Claim to Have Stolen Information *

Apache Kafka Vulnerability Exposes Systems to Privilege Escalation Attacks *

Swiss Cyber Agency Issues Warning on QR Code Malware in Email Scams *

US Space Tech Leader Maxar Reveals Employee Data Breach *

AnnieMac Home Mortgage Reports Data Breach Impacting Over 171,000 Individuals *

Cybercriminals Use SEO Poisoning Attack to Redirect Shoppers to Fake Online Stores *

SQL Injection Vulnerability Exposed in Zoho Corp's ManageEngine ADAudit Plus *

Ransomware Attack Hits Oklahoma Medical Center, Affecting 133,000 *

Sitting Ducks DNS Attacks Expose Global Domains to Threats *

Phishing Attacks Surge with SVG Attachments to Bypass Detection *

Critical Flaw in WordPress Security Plugin Grants Admin Access *

SilkSpecter Targets Black Friday Shoppers with Sophisticated Phishing Campaign *

OpenBSD Double-Free Vulnerability Enables Exploitation of NFS Client and Server *

Tibetan Community Under Siege TAG-112's Waterholing Attack Exposed *

Icinga 2 Vulnerability Enables Impersonation and Remote Code Execution *

Researchers Expose Two-Step Phishing Attack Using Microsoft Visio Files *

Apache Airflow Flaw Puts Sensitive Configuration Data at Risk *

WP Time Capsule Plugin Flaw Puts Over 20,000 Websites at Risk of Takeover *

T-Mobile Confirms Breach in Latest Wave of Telecom Cyberattacks *

Fake AI Video Generators Spread Infostealers on Windows and macOS *

GitHub Repositories Exploited with Malicious Commits to Frame Security Researcher *

Laravel Security Alert Critical Vulnerability Exposes Unauthorized Access Risk *

Melofee Backdoor Evolves New Variant Targets Linux Systems with Enhanced Stealth Capabilities *

BrazenBamboo APT Exploits Zero-Day Vulnerability in FortiClient VPN *

Micon Office National Confirms Ransomware Attack in Wollongong *

GeoVision Zero-Day Exploited by Botnet to Deploy Mirai Malware *

Windows Users at Risk Russian Hackers Exploit Zero-Day Vulnerability with Simple File Actions *

Sitting Ducks Attacks Hijacking Known Brands and Government Domains *

Palo Alto Networks Confirms Exploitation of New Firewall Zero-Day Vulnerability *

Iranian Hackers Exploit Fake Job Offers to Target Aerospace Industry *

Cybercriminals Operate 4,700 Fake Shopping Sites to Steal Credit Card Information *

Data Breach at JewishCare NSW Affects Sensitive Personal Information *

Hive0145 Intensifies European Attacks with Strela Stealer Malware *

Hamas-Linked WIRTE Deploys SameCoin Wiper in Aggressive Attacks on Israel *

B2B Data Aggregator Breach Exposes Information of 122 Million Users *

Communications of U.S. Government Officials Exposed in Recent Telecom Breach *

Chrome 131 Released with Improved Security and Enhanced Performance *

Amazon Acknowledges Employee Data Breach Through Third-Party Vendor *

Halliburton Discloses $35M Loss Due to Ransomware Attack *

Microsoft Patch Tuesday Security advisory- November 2024 *

GitHub Developers are Targeted by GoIssue, a Phishing Tool *

Citrix and Fortinet Address Critical Vulnerabilities with Security Patches *

TA455s Iranian Dream Job Campaign Targets Aerospace Sector with Malware *

North Korean Hackers Use Flutter Apps to Evade macOS Security *

Siemens Issues Emergency Patch for Critical TeleControl Server Vulnerability *

Schneider Electric Alerts on Several Vulnerabilities in Modicon Controllers *

FBI Alerts U.S. Organizations to Fake Emergency Data Requests from Cybercriminals *

Ymir Ransomware Teams Up with RustyStealer in New Attacks *

New Android Malware SpyAgent Captures Screenshots of Users Devices *

Tor Network Hit by IP Spoofing Attack Through Non-Exit Relays *

Threat Actors Allegedly Announce Leak of 489 Million Records from Instagram *

Cyber Attack on Western Sydney University Compromises Personal Data *

Fake Antivirus App Launches Sophisticated SpyNote Malware Attack on Android Users *

Australian Non-Profit ANU Enterprise Confirms Ransomware Attack *

Silent Skimmer Resurfaces with New Tactics Targeting Payment Gateways *

FakeBat Loader Resurfaces, Using Malicious Google Ads to Target Notion Users *

Machine Learning Toolkit Vulnerabilities Expose Servers to Hijacking and Privilege Escalation *

HPE Releases Critical Security Patches for Vulnerabilities in Aruba Access Points *

Pro-Russian Hacktivists Attack South Korea Amid North Korea’s Entry into Ukraine War *

Hackers Exploit Excel Files to Deploy Remcos RAT on Windows Systems *

Australian Firm Goodline Hit by RansomHub Ransomware Attack *

DDoS Attack Targets South Korean Defense Ministry *

Scammers Target UK Seniors with Fake Winter Fuel Payment Texts *

US Agency Warns Employees to Limit Phone Use After China’s ‘Salt Typhoon’ Hack *

GodFather Malware Expands to Over 500 Banking and Crypto Applications *

IcePeony and Transparent Tribe Leverage Cloud-Based Tools *

Unpatched Vulnerabilities in Mazda Connect Allow Hackers to Install Persistent Malware *

Ethereum Smart Contracts Facilitate Evasive C2 in New Supply Chain Attack *

High-Risk Flaw in Popular WordPress Theme Threatens Thousands of Sites *

AndroxGh0st Malware Uses Mozi Botnet to Exploit IoT Devices and Cloud Services *

CISA Issues Alert on Active Exploitation of Critical Vulnerability in Palo Alto Networks Systems *

Remote Attackers Could Exploit Cisco Desk Phone Vulnerability to Access Sensitive Data *

Apache ZooKeeper Security Alert Critical Vulnerability Exposes Admin Server (CVE-2024-51504) *

D-Link NAS Devices Under Threat CVE-2024-10914 Command Injection Flaw Puts 61,000+ Devices at Risk *

Malicious npm Packages Deploy Data-Stealing Malware Targeting Roblox Users *

Texas Oilfield Supplier Newpark Disrupted by Ransomware Attack *

New CRONTRAP Malware Campaign Targets Windows Systems with Linux Backdoor *

SteelFox and Rhadamanthys Malware Leverage Copyright Scams and Driver Exploits to Attack Victims *

North Korean Hackers Deploy New macOS Malware Targeting Cryptocurrency Firms *

North Korean Hackers Adopting New Tactics to Secure Remote Jobs *

Interlock Ransomware Strikes US Healthcare, IT, and Government Sectors *

Aruba Access Points Vulnerable to Critical Attack CVE-2024-42509 (CVSS 9.8) *

Cisco NDFC Vulnerability Attackers Gain Unfettered Access to Networks (CVE-2024-20536) *

Gootloader Malware Campaign Targets Bengal Cat Owners in Australia *

Privilege Escalation Vulnerability Discovered in Veritas NetBackup for Windows *

Authentication Bypass Vulnerability Discovered in Veeam Backup Enterprise Manager *

Researcher Reveals 36 Vulnerabilities in IBM Security Verify Access *

VEILDrive Attack Leverages Microsoft Services for Stealthy Malware Distribution *

Hackers Intensify Use of Winos4.0 Post-Exploitation Kit in Cyber Attacks *

Cyberattack on Microlise Disrupts Tracking Services for DHL and Serco *

Proof-of-Concept Exploits Released for Critical Symlink Vulnerability in Apple’s iOS CVE-2024-44258 *

Critical Vulnerability in Cisco URWB Access Points (CVE-2024-20418, CVSS 10) Enables Remote Takeover *

Hackers Exploit AV EDR Bypass Tool from Cybercrime Forums to Compromise Endpoints *

APT36 Hackers Exploit Windows Devices with ElizaRAT Malware *

ClickFix Deceives Users with Fake Error Messages to Deploy Malicious Code *

New 'ToxicPanda' Android Malware Targets Users with Fraudulent Bank Transfers *

Synology Alerts Users to Critical Zero-Click RCE Vulnerability Affecting Millions of NAS Devices *

Ransomware Attack Exposes Personal Data of 500,000 Columbus Residents *

Critical Remote Exploitation Vulnerability in Century Systems Routers *

Critical Vulnerability in ZoneMinder (CVE-2024-51482) Exposes SQL Databases *

Nokia Probes Potential Breach Following Hacker’s Claim of Stolen Source Code *

DocuSign Envelopes API Exploited to Send Realistic Phishing Invoices *

Google Issues Warning on Actively Exploited CVE-2024-43093 Vulnerability in Android System *

Saint Xavier University Data Breach Impacts 210,000 Individuals *

Okta Verify Agent for Windows Vulnerability Exposes User Passwords to Attackers *

U.S. Soccer Federation Experiences Data Security Incident *

New FakeCall Malware Variant Exploits Android Devices to Impersonate Banking Calls *

Unpatched XSS Vulnerability in pfSense Allows Remote Exploits, PoC Published *

Phishing Campaign Targets ChatGPT Users Across the Globe *

LightSpy iOS Malware Updated with 28 New Malicious Plugins *

MediaTek Security Bulletin Exposes High-Risk Vulnerabilities in Mobile Chipsets *

LastPass Warns Users of Scam Support Centers Seeking to Capture Personal Data *

Unveiling Interlock: The New Ransomware Targeting FreeBSD Servers *

LiteSpeed Cache Plugin Vulnerability Could Grant Unauthorized Admin Access *

Google’s AI Tool Big Sleep has identified a zero-day vulnerability in the SQLite Database Engine *

Critical Remote Code Execution Vulnerability in qBittorrent Allows Attackers to Inject Malicious Scripts *

Chinese Hackers Breach Canadian Government Systems, Steal Sensitive Data *

North Korean Group Jumpy Pisces Tied to Play Ransomware Operation *

Emeraldwhale Attack Targets Misconfigured Git Configurations *

SYS01 Infostealer Campaign Leverages Meta Ads to Target Millions Globally *

CrossBarking Vulnerability in Opera Browser Enables Account Hijacking by Malicious Extensions *

Okta Reveals AD/LDAP DelAuth Authentication Vulnerability, Advises Customer Log Review *

18 Year Old Vulnerability in X.Org Server Exposes Systems to Potential Attacks *

Supply Chain Attack on Widely Used Lottie Player Library Targets Web3 Wallets *

A Sophisticated Vishing Attack Threatening Mobile Banking Security *

LA Housing Authority Confirms Cactus Ransomware Breach *

Safeguarding the Healthcare Supply Chain from Russian Ransomware Threats *

CISA Alerts on Major Software Vulnerabilities in Industrial Devices *

PoC Exploit Released for Spring WebFlux Authorization Bypass *

Critical Vulnerability in Apache Lucene.NET Exposes Users to Remote Code Execution *

Hikvision Network Cameras Vulnerable to Credential Exposure Patch Released *

Over One Thousand Online Shops Compromised with Fake Product Listings *

Yahoo Reveals NetIQ iManager Vulnerabilities Enabling Remote Code Execution *

Data Breach at Mystic Valley Elder Services Affects 87,000 Individuals *

Iranian Hackers Target Olympics and Surveillance Cameras, Warn US and Israel *

Sophos Reveals Ongoing Cyber Attacks by Chinese Threat Groups on Network Devices *

Microsoft: Chinese Hackers Exploit Quad7 Botnet to Steal Credentials *

Hackers Exploit Critical Zero-Day Vulnerability in PTZ Cameras *

Interbank Confirms Data Breach Following Unauthorized Data Leak of Customer Information *

QNAP Releases Patch for Second Zero-Day Vulnerability Exploited at Pwn2Own for Root Access *

Critical Denial-of-Service Vulnerability in Squid Proxy Server *

A Critical 9.8 Severity Vulnerability in IBM Power Systems *

Urgent Chrome Security Update Addresses Critical CVE-2024-10487 and 10488 Vulnerabilities *

Notorious WrnRAT Spread as Gambling Games *

Free Unofficial Patches Released for New Windows Themes Zero-Day Vulnerability *

PSAUX Ransomware Strikes 22,000 CyberPanel Servers in Widespread Attack *

Open-Source AI and Machine Learning Models Exposed to Vulnerabilities *

Apple Addresses More Than 70 Vulnerabilities in iOS, macOS, and Other Products *

Dutch Police Disrupt RedLine and MetaStealer Info Stealers in Operation Magnus *

New Tool Circumvents Google Chrome's Latest Cookie Encryption System *

Russia Deploys Windows and Android Malware to Target Ukrainian Conscripts *

Chinese Hackers Exploit CloudScout Toolset to Steal Session Cookies from Cloud Services *

Microsoft Windows Kernel Vulnerability OS Downgrade Exploit Puts Users at Risk *

France’s Second-Largest Telecom Company, Free, has Confirmed it was Targeted in a Cyberattack *

Critical Vulnerability in HashiCorp Vault (CVE-2024-7594) Unrestricted SSH Access Poses Security Risks *

Critical Vulnerability in Rancher Exposes vSphere Credentials in Plaintext *

Change Healthcare Data Breach Impacts 100 Million Americans *

HeptaX Campaign Exposes Healthcare Sector to Data Theft and Manipulation *

Critical Authentication Bypass Flaw Exposed for WhatsUp Gold Users *

Delta Sues CrowdStrike Following Tech Outage That Led to Flight Cancellations *

Critical RKE2 Vulnerability Allows Privilege Escalation on Windows Nodes *

Senator Claims Lax Domain Registrars Enable Russian Disinformation Campaigns *

LinkedIn Bots and Spear Phishing Campaigns Target Job Seekers *

LockBit Ransomware Campaign Targets macOS Systems *

Fog Ransomware Exploits SonicWall VPN Vulnerabilities to Infiltrate Corporate Networks *

OPA Vulnerability on Windows Exposes NTLM Hashes *

Mallox Ransomware Vulnerability Allows Victims to Recover Files *

New Trojan Framework Poses Significant Threat to Brazilian Banking Customers *

Critical Authentication Bypass Vulnerability in wpDiscuz Plugin Poses Risk to Over 80,000 Websites *

New Cisco ASA and FTD Features Mitigate VPN Brute-Force Password Attacks *

APT29 Emulates AWS Domains to Harvest Windows Credentials *

Advanced Rust-Based Embargo Ransomware Emerges as a New Threat to US Companies *

Threat Actors Reportedly Selling Database of 1,000 NHS Email Accounts *

The Prometei Botnet A Growing Menace in the World of Cryptojacking *

Notorious Hacker Group Launches New Cloud-Based Crypto Mining Attacks *

Authentication Bypass Vulnerability Found in One Identity Safeguard for Privileged Sessions *

Security Researchers Find Command Injection Vulnerability in Wi-Fi Alliance Testing Suite *

Apple Unveils PCC Source Code for Researchers to Uncover Cloud AI Security Bugs *

Okta Verify for iOS Vulnerability Could Lead to Unauthorized Access *

Amazon Seizes Domains Tied to Data Theft via Rogue Remote Desktop Campaign *

Black Basta Ransomware Masquerades as IT Support on Microsoft Teams to Breach Networks *

Critical Security Vulnerabilities Discovered in Siemens InterMesh *

Xerox Printers Exposed to Remote Code Execution Vulnerabilities *

North Korean Cyber Group Pungsan Infiltrates Open-Source Repositories with Backdoored npm Packages *

OnePoint Patient Care Data Breach Affects Nearly 800,000 Individuals *

UnitedHealth Reports Data Breach at Change Healthcare Exposing 100 Million Records *

Landmark Insurance Administrator Reports Data Breach Affecting 800,000 Individuals *

Henry Schein Reports Data Breach One Year After Ransomware Attack *

GitLab Fixes HTML Injection Vulnerability Enabling XSS Attacks *

Cisco Fixes Vulnerability Exploited in Widespread Brute-Force Attacks *

New WarmCookie Malware Targets Organizations Across Sectors *

Nvidia Releases Security Patches for Windows and Linux Graphics Drivers *

AWS CDK Vulnerability Exposes Users to Account Takeover Threats *

Samsung Galaxy S24 Exploited at Pwn2Own Ireland 2024 *

CISA Alerts on Active Attacks Targeting Microsoft SharePoint Vulnerability (CVE-2024-38094) *

WhatsApp Introduces Encrypted Contact Databases for Secure Syncing Across Devices *

Lazarus Hackers Exploit Google Chrome Zero-Day Through Fake DeFi Game *

Chrome Patches High-Risk Vulnerabilities in Latest Stable Release *

Fortinet Alerts on Actively Exploited Vulnerability in FortiManager *

IcePeony Hackers Target Public Web Servers to Deploy Webshells *

Grayscale Investments Suffers Data Breach, Exposing Records of Approximately 693,000 Users *

Threat Actors Abusing Docker API Servers for SRBMiner Cryptomining Attacks *

Gophish Framework Leveraged in Phishing Campaigns to Deliver Remote Access Trojans *

VMware Releases vCenter Server Update to Address Critical Remote Code Execution Vulnerability *

Critical Vulnerabilities Found in mbNET.mini and Helmholz Industrial Routers *

Johnson & Johnson Insurance Firm Hit by Data Breach *

Cyberattack Disrupts Winnebago Public Schools, Forcing Service Shutdowns *

Chinese Nation-State Group APT41 Targets Gambling Industry for Financial Gains *

Over 6,000 WordPress Sites Hacked to Deploy Plugins Distributing Infostealers *

Bumblebee Malware Resurfaces Following Recent Law Enforcement Crackdown *

Microsoft Patches Critical Kernel Streaming Flaw *

Red Barrels Hit by Cyberattack, Outlast Trials Delayed *

Atlassian Issues Patches for Bitbucket, Confluence, and Jira *

Critical Security Flaw in Synology Camera Firmware Puts Devices at Risk of RCE and DoS Attacks *

Beast Ransomware RaaS Service Platform Targets Windows, Linux, and VMware ESXi *

Critical File Reading Vulnerability Found in Vendure E-commerce Platform *

Spring Framework Vulnerability Poses Path Traversal Risk in Web Applications *

Critical Vulnerability in SICK Products Opens Systems to Remote Attacks *

Internet Archive Restores Services After Website Defacement and DDoS Attack *

Cyprus Prevents Cyberattack on Government's Main Online Portal *

Brazil Arrests ‘USDoD,’ Hacker Involved in FBI InfraGard Breach *

Internet Archive Hit by Another Breach Caused by Stolen Access Tokens *

Severe Flaws in E2EE Cloud Storage Put Millions of Users at Risk *

Hackers Exploit Roundcube Webmail Vulnerability to Steal User Logins *

Vietnamese Threat Actor’s Complex Strategy Targeting Digital Marketing Professionals *

Radiant Capital Reports $50 Million in Digital Coins Stolen After Account Breaches *

Hackers Target Ukrainian Conscripts with MeduzaStealer Malware *

New Spectre Bypass Impacts Intel and AMD CPUs on Linux *

Fortigate SSLVPN Vulnerability Actively Exploited by Hackers *

ESET Partner Breached to Deliver Data Wipers to Israeli Organizations *

SolarWinds Web Help Desk Vulnerability Enables Remote Code Execution *

Nidec Confirms Data Breach After Ransomware Attack *

Cisco Takes DevHub Portal Offline After Data Leak *

Omni Family Health Data Breach 470,000 Individuals' Personal Data Compromised *

F5 BIG-IP Security Alert High-Severity Elevation of Privilege Vulnerability Patched *

Undercover North Korean IT Workers Engaging in Data Theft and Extortion *

Patch Grafana Now to Mitigate 9.9 Severity RCE Vulnerability *

Hybrid Work Uncovers Emerging Print Security Vulnerabilities *

Microsoft Discloses macOS Vulnerability Allowing Bypass of Safari's Privacy Controls *

BianLian Ransomware Group Targets Boston Children's Health Physicians in Alleged Attack *

Researchers Expose Cicada3301 Ransomware Operations and Affiliate Network *

Microsoft Alerts Customers to Month-Long Security Log Loss *

Fake Google Meet Errors Deliver Info-Stealing Malware *

Russian RomCom Attacks Unleash New SingleCamper RAT Variant on Ukrainian Government *

Ragic Enterprise Cloud Database Patches Critical Vulnerabilities *

Varsity Brands Hit by Data Breach, Leaving 65,000 Vulnerable to Identity Theft *

Cisco Releases Patches for High-Severity Vulnerabilities in Analog Telephone Adapters *

Apache Solr Addresses Critical Authentication Bypass Vulnerability with New Patch *

VMware Issues Patch for High-Severity SQL Injection Vulnerability in HCX Platform *

Critical Vulnerability in Kubernetes Image Builder Exposes Nodes to Root Access *

SolarWinds Web Help Desk Flaw Actively Exploited in Attacks *

Astaroth Banking Malware Reappears in Brazil Through Spear-Phishing Attacks *

Google Reports 70 Percent of Vulnerabilities Exploited in 2023 Were Zero Day Bugs *

Iranian Hackers Selling Access to Critical Infrastructure as Brokers *

ScarCruft a North Korean Group Exploits Windows Zero-Day to Spread RokRAT Malware *

Google Chrome Patches Critical Security Flaws *

New Malware Campaign Uses PureCrypter to Distribute DarkVision RAT *

EDRSilencer: Red Team Tool Exploited to Bypass Security Defenses *

WordPress Jetpack Plugin Patches Critical Vulnerability in 101 Updates *

Splunk Enterprise Update Addresses High-Severity Remote Code Execution Vulnerabilities *

Critical Vulnerability Patched in GitHub Enterprise Server *

Nation-State Actors Exploit Ivanti CSA Vulnerabilities for Network Breaches *

New Linux Variant of FASTCash Malware Targeting Financial Sector *

Cisco Probes Potential Breach Following Sale of Stolen Data on Hacking Forum *

Entry Points in Python, npm, and Open-Source Ecosystems Vulnerable to Supply Chain Attacks *

TrickMo Malware A Sneaky Threat to Android Users' PIN Security *

Gryphon Healthcare and Tri-City Medical Center Announce Major Data Breaches *

Keycloak Patches CVE-2024-3656 Allowing Low-Privilege User Access to Admin Rights *

Australian Owner of Strike Bowling and Other Venues Acknowledges Ransomware Attack *

Google has alerted users that uBlock Origin and other extensions might be disabled shortly *

Progress Fixes Critical Security Vulnerability CVE-2024-8015 (CVSS 9.1) in Telerik Report Server *

FBI Introduces Fake Cryptocurrency to Reveal Extensive Manipulation in the Crypto Market *

Pokémon Developer Confirms Data Breach Leaking Employee and Game Data *

HashiCorp Vault Vulnerability (CVE-2024-9180) May Lead to Privilege Escalation *

OilRig Strikes Again Windows Kernel Flaw Exploited in UAE and Gulf Espionage Campaign *

Researchers Identify Critical Security Flaws in Industrial MMS Protocol Libraries *

GitLab Releases Critical Patches for Pipeline Execution, SSRF, and XSS Vulnerabilities *

Casio Confirms Customer Data Compromised in Ransomware Attack *

CreditRiskMonitor Data Breach Exposes Employee Information *

SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Vulnerabilities Exposed *

Unpatched MiCollab Vulnerability Exposes Systems to Unauthorized Access *

Fidelity Investments Announces Data Breach Affecting Over 77,000 Customers *

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Security Systems *

U.S. and U.K. Warn of Russian APT29 Hackers Targeting Zimbra and TeamCity Servers *

Akira and Fog ransomware now exploit critical Veeam RCE flaw *

Ukraine Arrests Operator of Illegal VPN Service Enabling Access to Runet *

Firefox 131 Update Fixes Actively Exploited Zero-Day Vulnerability *

Schneider Electric Warns of Serious Security Vulnerability in Industrial PCs *

Code Execution Flaw in Apache Subversion for Windows *

Internet Archive Faces Data Breach, Exposing 31 Million Accounts *

Crypto-Stealing Malware Campaign Affects 28,000 Victims *

CISA Reports Active Exploitation of Critical Fortinet RCE Vulnerability *

Mamba Service Exploits 2FA Weaknesses to Target Microsoft 365 Accounts *

Palo Alto Networks Issues Warning on Firewall Hijacking Vulnerabilities with Public Exploit *

Zero-Day Alert: Three Ivanti CSA Vulnerabilities Actively Being Exploited *

Microsoft Announces End of Servicing for Windows 11 22H2 Home and Pro Editions *

New Tool Identifies Linux and UNIX Servers Vulnerable to CUPS RCE Exploits *

The Gorilla Botnet has Attacked over 100 Countries With More Than 300,000 DDoS Attacks *

Microsoft and DOJ Take Down Hundreds of Websites Operated by Russian Hackers *

Microsoft Patch Tuesday Security advisory- October 2024 *

ADT Reports Second Data Breach in Two Months, Hacked Through Stolen Credentials *

MoneyGram Confirms Cyberattack Resulted in Stolen Customer Data *

American Water Halts Online Services Following Cyberattack *

Data Breach at FBCS Impacts Comcast and Truist Bank Customers *

MediaTek Releases Security Updates for Smartphone, Tablet, and IoT Devices *

Qualcomm Issues Patch for Critical Vulnerabilities Affecting Snapdragon, FastConnect *

High-Severity Vulnerabilities Patched in Latest Chrome and Firefox Updates *

Ransomware Group Releases Allegedly Stolen Data from Kawasaki Motors *

Data Breach at Patelco Credit Union Affects Over 1 Million Individuals *

Vesta Control Panel Vulnerability Compromises Admin Accounts *

Hawaii Health Center Reports Data Breach Following Ransomware Attack *

Apple Issues Critical iOS and iPadOS Updates to Fix VoiceOver Password Exposure Vulnerability *

Northern Ireland Police Fined £750,000 for Data Breach *

WordPress LiteSpeed Cache Plugin Vulnerability XSS Attack Risk Alert *

UMC Health System Redirects Patients After Ransomware Attack *

Highline Public Schools Confirms Ransomware Attack Led to Shutdown *

MoneyGram Denies Ransomware Involvement in Recent Cyber Incident *

Hacking Group Targets U.S. Organizations through Spear-Phishing *

Cisco Addresses Critical Vulnerability in Data Center Management Software *

Dutch Police Suspect State Actor Involvement in Recent Data Breach *

Over 4,000 Adobe Commerce and Magento Stores Compromised in CosmicSting Attacks *

Jenkins Addresses Critical Vulnerabilities in Server and Plugins *

FIN7 Hackers Use Deepfake Nude "Generator" Websites to Distribute Malware *

North Korean Hackers Deploy VeilShell Backdoor in Covert Cyber Operations *

Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking *

Critical Vulnerability in Ivanti Endpoint Manager *

14 Newly Discovered Vulnerabilities Expose 700,000+ Devices to Cyber Threats *

China-Linked CeranaKeeper Targets Southeast Asia for Data Exfiltration *

Fake Job Applications Deliver Dangerous More_Eggs Malware Targeting HR Professionals *

Fake Browser Update Campaign Distributes Updated WarmCookie Malware *

Critical Zimbra Vulnerability Poses Serious Security Risk *

Rhadamanthys Stealer Uses AI-Driven Image Recognition to Target Crypto Wallets *

New Cryptojacking Attack Exploits Docker API to Build Malicious Swarm Botnet *

Data Breach at Rackspace Due to ScienceLogic Zero-Day Vulnerability *

Israeli Cyberattack on Beirut Air Traffic Control Aims to Warn Off Iranian Planes *

North Korean Hackers Tried to Steal Sensitive Military Data *

Ransomware attackers are moving from on-premises systems to the cloud in order to compromise Microsoft 365 accounts *

Three Iranian Hackers Charged in Election Interference Hack-and-Leak Campaign *

UK Hacker Accused of $3.75 Million Insider Trading Scheme Through Hacked Executive Emails *

Critical WordPress Plugin TI WooCommerce Wishlist Vulnerability Exposes Thousands of Sites *

Two Critical Vulnerabilities Discovered in WatchGuard Authentication Gateway and Single Sign-On Client *

A Data Breach Disclosed by Accounting Firm which Impacted 127,000 Individuals *

VLC Player Vulnerability Allows Attackers to Execute Malicious Code *

Microsoft Audio Bus Vulnerability Allows Attackers to Execute Remote Code *

Google’s Gemini for Workspace Susceptible to Prompt Injection Attacks *

Hackers Leverage HTML Smuggling to Deliver Sophisticated Phishing Sites *

Russian Hackers Breach Ukrainian Security Service *

Indian-Linked Hackers Target South and East Asian Entities, Warns Cloudflare *

MoneyGram Confirms Cyberattack Behind Prolonged System Outage *

Hackers Use AI-Generated Malware in Targeted Attacks *

HPE Fixes Three Critical Vulnerabilities in Aruba Access Points *

Critical Vulnerabilities Found in OpenPLC *

Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Campaigns *

Millions of Kia Vehicles Exposed to Remote Hacking Vulnerabilities *

Progress Urges Administrators to Immediately Patch Critical WhatsUp Gold Vulnerabilities *

Critical SQL Injection Vulnerability in The WordPress Events Calendar Plugin *

Critical Vulnerabilities Discovered in NVIDIA Container Toolkit *

North Korean Hackers Launch New KLogEXE and FPSpy Malware in Targeted Operations *

New RomCom Malware Variant SnipBot Discovered in Data Theft Campaigns *

RansomHub Ransomware Employs Multiple Tactics to Bypass EDR and Antivirus Protections *

Octo2 Android Malware Targets Banking Credentials Theft *

CUPS Vulnerabilities Allow Remote Code Execution on Linux, With Important Limitations *

Cisco Releases Patches for Multiple High-Severity Vulnerabilities *

Valencia Ransomware Group Strikes Again Businesses Warned of Data Leaks and Cyber Threats *

Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool *

macOS ChatGPT Vulnerability Could Have Allowed Persistent Spyware via Memory Feature *

The SolarWinds Web Help Desk Vulnerability has been Demonstrated (CVE-2024-2987) *

Mozilla Accused of Tracking Firefox Users Without Consent *

Massive MC2 Data Leak 100M+ US Citizens' Personal Data Exposed *

CISA Warns Hackers Use Unsophisticated Methods to Breach Industrial Systems *

Taiwan is Accused of Waging Cyberwarfare by China *

Researcher Reveals Cisco Smart Licensing Vulnerability Allowing Device Control by Attackers *

Infostealer Malware Evades Chrome’s Latest Cookie Theft Defenses *

Data Breach at U.S. Government Agency CMS Affects 3.1 Million People *

Cyberattack on Kansas Water Plant Forces Shift to Manual Operations *

AutoCanada Hit by Ransomware Attack: Employee Data at Risk *

Deloitte Denies Data Breach Despite Hacker's Claims of Server Compromise *

The New Version of Windows Server 2025 offers Hotpatching without Rebooting *

A Android Banking Trojan New Octo2 Emerges with Device Takeover Capablities *

FreeBSD Releases Critical Security Advisory for CVE-2024-41721 (CVSS 9.8) *

Mandiant Provides Insights on Detecting and Preventing North Korean Fake IT Workers *

Hackers Pose as Company HR to Deceive Employees *

Necro Trojan Targets Popular Google Play Apps with Millions of Downloads *

Critical Vulnerability Alert Dragonfly2's Hardcoded Key Exposes Admin Access *

Grafana Plugin SDK Vulnerability CVE-2024-8986 Allows Unauthorized Access to Sensitive Information *

ESET Releases Patches for Two Local Privilege Escalation Vulnerabilities in Windows and macOS Products *

Critical Vulnerabilities Disclosed in Microchip ASF and MediaTek Wi-Fi Chipsets, Enabling Remote Code Execution *

Hackers Claim Responsibility for Breach of Dell Employee Database *

CISA Issues Critical Advisories for Industrial Control Systems *

Cyber Attackers Leverage GitHub Repositories to Spread Malware *

Chinese Hackers Leverage GeoServer Vulnerability to Spread EAGLEDOOR Malware in APAC Region *

Telegram Banned for Ukrainian Officials Over Security Concerns *

Update Required: Critical Authentication Bypass Vulnerability in Safeguard for Privileged Passwords (CVE-2024-45488) *

Hertz Car Rental Platform Exposes 60,000 Insurance Claim Reports *

Worldwide Infostealer Malware Campaign Targets Cryptocurrency Users and Gamers *

Critical API Vulnerability Discovered in Versa Director by Versa Networks *

High-Severity Acronis Plugin Vulnerability Poses Significant Risk *

Chinese-Originated Noise Storms: A Surge in Spoofed Web Traffic *

Ivanti Cloud Appliance Vulnerability Under Active Exploitation *

Microsoft Identifies CVE-2024-37985 as Zero-Day Vulnerability in Windows *

New SambaSpy Malware Connected to Brazil Targets Italian Users via Phishing Emails *

Miami Authorities Arrest Suspects in $230 Million Cryptocurrency Theft *

CISA Adds Critical Apache HugeGraph-Server RCE Flaw and Four Other Vulnerabilities to KEV Catalog *

Microsoft Alerts on New INC Ransomware Threatening U.S. Healthcare Sector *

Chrome 129 Patches High-Risk V8 Engine Vulnerability *

Critical GitLab Vulnerability Exposes Users to Authentication Bypass Attacks *

Europol Takes Down 'Ghost' Encrypted Messaging Platform Used for Criminal Activities *

"Raptor Train" IoT Botnet Compromises More Than 200,000 Devices Globally *

Severe Vulnerabilities in Red Hat OpenShift: CVE-2024-45496 (CVSS 9.9) and CVE-2024-7387 (CVSS 9.1) *

Discord Introduces End-to-End Encryption for Audio and Video Calls *

New MISTPEN Malware Deployed by North Korean Hackers to Attack Energy and Aerospace Sectors *

WhatsUp Gold Users Beware Recent Vulnerabilities Linked to Ransomware Attacks *

Azure Storage Explorer Exploited: Ransomware Groups Steal Sensitive Data *

Brute Force Attacks on Accounting Software Compromise Construction Firms *

Hackers Exploiting Selenium Grid for Deploying Exploit Kits and Proxyjackers *

Google Chrome Adopts ML-KEM for Post-Quantum Cryptography Protection *

Temu Denies Breach Following Hacker's Claim of Stealing 87 Million Data Records *

Malware Attacks Targeting Cryptocurrency Users are on the Rise, According to Binance *

VMware Plugs Critical RCE Flaw Exploited by Chinese Hackers *

Russian Hacker Group Unleashes .NET Built Ransomware Attacks *

Data from over 1,000 ServiceNow Instances has been found to be Leaking *

Health and Government Sectors Report Highest Data Breaches in Early 2024 *

Rhysida Ransomware Group Demands $5.8M Ransom for Seattle-Tacoma Data *

Microsoft Resolves Bug Causing Microsoft 365 Apps to Crash While Typing *

D-Link WiFi Routers Under Attack Critical Vulnerabilities Exposed *

NixOS Package Manager Flaw Exposes Critical Vulnerability *

Access Sports Data Breach Affects 88,000 Due to Ransomware Attack *

Cryptocurrency Users on LinkedIn are Targeted by North Korean Hackers with RustDoor Malware *

Remote Code Execution Flaw Fixed in Google Cloud Platform Composer *

Hackers Deploy Supershell Malware in Attacks Targeting Linux SSH Servers *

Attackers Exploit HTTP Headers in Massive Phishing Attacks to Steal Credentials *

Increased OT Risks Due to Remote Access Tool Sprawl *

Windows Vulnerability Exploited Through Braille 'Spaces' in Zero-Day Attacks *

Critical Vulnerabilities Patched in Citrix Workspace App *

Critical Remote Code Execution Vulnerability in SolarWinds Access Rights Manager *

Critical Docker Desktop Flaws Allow Remote Code Execution *

A New Malware Campaign Targeting Microsoft Office *

Ivanti Alerts on Active Exploitation of Recently Patched Vulnerability in Cloud Appliance *

"Hadooken" Linux Malware Targets Oracle WebLogic Servers *

Palo Alto Networks Releases Security Updates to Fix Multiple Vulnerabilities *

Apple Fixes Critical Vision Pro Vulnerability to Thwart GAZEploit Attacks *

Fraudulent TrickMo Android Trojan Exploits Accessibility Services *

Fortinet Confirms Data Breach Following Hacker Leak of 440 GB *

Warning: Vo1d Malware Infects 1.3 Million Android TV Boxes Globally *

Urgent: GitLab Issues Patch for Critical Flaw Enabling Unauthorized Pipeline Execution *

New Android Malware 'Ajina.Banker' Targets Financial Data and Circumvents 2FA Through Telegram *

Hackers Actively Targeting Progress WhatsUp RCE Vulnerability in the Wild *

Adobe Issues Critical Patches for Multiple Products *

Cisco Releases Patches for High-Risk Vulnerabilities in Network Operating System *

Systemic vulnerability has emerged from tech stack uniformity *

The Quad7 Botnet has Expanded to Target SOHO Routers and VPN Appliances *

DragonRank Black Hat SEO Campaign Targets IIS Servers in Asia and Europe *

DDoS Attacks Surge, Governments Become Prime Targets *

Malicious Fake Password Manager Targets Python Developers in Coding Test Scam *

Chrome 128 Update Addresses High-Severity Security Vulnerabilities *

Data Breach Alert 1.7 Million Affected in Slim CD Security Incident *

Microsoft Patch Tuesday Security advisory- September 2024 *

Microsoft Resolves Windows Server 2019 Boot and Performance Issues in September 2024 Update *

CosmicBeetle Launches Custom ScRansom Ransomware, Partnering with RansomHub *

Ivanti Resolves Critical RCE Vulnerability in Endpoint Management Software *

Ransomware Strikes London High School Students Dismissed as Authorities Investigate *

Chinese Hackers Leverage Open-Source Tools in Sophisticated Cyber Attacks *

Cryptocurrency Scams Surged in 2023 says FBI Report *

Young Gamers at Risk: Top Games Targeted by Cyber Attacks *

Ransomware Campaigns Actively Exploiting Critical Flaw in SonicWall SSLVPN *

Windows Elevation of Privilege Vulnerability CVE-2024-26230 PoC Exploit Released *

Red Hat Patches Pulpcore Authentication Bypass Vulnerability *

RAMBO Attack Exploits RAM to Steal Data from Air-Gapped Systems *

IBM Product Vulnerabilities Enable Attackers to Exploit and Launch DOS Attacks *

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar Attack *

BBTok Misuses Windows Utility Tool to Avoid Detection *

SpyAgent Android Malware Targets and Steals Crypto Recovery Phrases from Images *

Critical Vulnerability CVE-2024-7591 Identified in Progress LoadMaster *

A Critical Flaw in IBM webMethods Integration Fixed Immediately *

Car Rental Giant Avis Reveals Data Breach Affecting Customer Information *

North Korean Hackers Use LinkedIn Job Scams to Spread COVERTCATCH Malware *

Cyberwar on Malaysian Politicians Unleashed by Babylon RAT *

A Critical Vulnerability in OpenStack Ironic (CVE-2024-44082) should be Patched by Users *

Veeam Releases Patches for High-Severity Vulnerabilities in Enterprise Software *

VMware Fusion Patch Released to Fix High-Severity Code Execution Vulnerability *

Pavel Durov Condemns Outdated Laws Following Arrest Linked to Telegram Criminal Activity *

LiteSpeed Cache Vulnerability Puts 6 Million WordPress Sites at Risk of Takeover Attacks *

Russian Military Hackers Involved in Critical Infrastructure Attacks *

Apache Addresses Critical Remote Code Execution Vulnerability in OFBiz *

Fake OnlyFans Checker Tool Spreads Lummac Stealer Malware to Hackers *

D-Link Alerts Users to Critical Code Execution Vulnerabilities in Legacy Router Model *

Cisco Addresses Critical Security Flaws in Smart Licensing Utility *

Android Users Advised to Install Latest Security Updates to Patch Actively Exploited Vulnerability *

Hackers Inject Malicious JavaScript into Cisco Store to Steal Credit Card Details and Credentials *

Hackers Abuse Red Team Tool 'MacroPack' to Deploy Brute Ratel in Attacks *

Crypto Flaw Enables Cloning of YubiKey Security Keys *

Emerging Supply Chain Attack: 'Revival Hijack' Threatens Large-Scale PyPI Takeovers *

Emansrepo Malware A New Threat to Windows Users, Delivered via HTML Files *

Cisco Addresses Root Escalation Vulnerability in Latest Patch *

WinRAR vulnerability exploited by hackers in attack on Russia and Belarus *

Critical Vulnerability in Zyxel Secure Routers Allows OS Command Execution via Cookie (CVE-2024-7261) *

Canonical Releases New Patches to Address Critical Linux Kernel Vulnerabilities in AWS *

Hackers Deploy Fake GlobalProtect VPN Software in Latest WikiLoader Malware Attack *

Verkada Pays $2.95 Million for Failing to Secure Data, Leading to Massive Breach *

Customer Data Breach Disclosed by Business Services Ginat CBIZ *

Ongoing Cyber Security Incident Disclosed by Transport for London *

Hacker Exposes Data of 390 Million Users from VK, Russia's Leading Social Network *

RansomHub Ransomware Group Strikes 210 Victims in Critical Sectors *

Global Phishing Scam Targets Canadian Pizza Chains, Stealing Credit Card Information *

LockBit Claims Breach of Toronto School Board, Student Information Stolen *

Air Traffic Control Agency in Germany Suffers Cyberattack, Operations Continue Uninterrupted *

The Sarawak Campus of Swinburne University has been hacked, Swinburne University confirms *

Vietnamese Human Rights Defenders Targeted by Advanced Persistent Threat *

Cicada3301 Ransomware's Linux Encryptor Targets VMware ESXi Servers *

New Windows Vulnerability Exploited in Phishing Campaign Targeting and Originating in China *

Fake 'noblox.js' npm Packages Target Roblox Developers, Compromising Systems *

A silent intrusion: Godzilla Fileless Backdoors exploiting Atlassian Confluence *

Iranian Hackers Launch Spear Phishing Attacks on WhatsApp Users *

Severe Security Risks Exposed in Progress Software's WhatsUp Gold *

An attack on Dick's Sporting Goods Exposed Sensitive Data *

Researcher Faces Lawsuit for Sharing Ransomware Stolen Data with Media *

Researchers Discover SQL Injection Vulnerability Allowing Bypass of TSA Airport Security Checks *

Windows is Attacked by a .NET-Based Keylogger Using Weaponized Excel Documents *

Hackers in North Korea Target Developers With Malicious NPM Packages *

Malware Impersonates Palo Alto VPN to Target Middle East Organizations *

Voldemort Malware Misuses Google Sheets for Data Exfiltration *

WPS Office Patch Addresses Zero-Day Vulnerability Exploited by South Korean Hacker Group *

FBI: RansomHub Ransomware Hits 210 Victims Since February *

Vietnamese Human Rights Group Targeted by Ongoing Cyberattack from APT32 *

Russian Hackers Leverage Safari and Chrome Vulnerabilities in Major Cyberattack *

Fortra Releases Critical Patch for High-Risk FileCatalyst Workflow Vulnerability *

Cisco Fixes Multiple NX-OS Software Vulnerabilities *

New Unicode QR Code Scam Evades Traditional Security Measures *

BlackByte Ransomware Exploits New VMware Vulnerability in VPN Attacks *

CrowdStrike Implements Safeguards to Mitigate Impact of Recent Outage *

Employee Arrested for Locking Out Admins from 254 Servers in Extortion Scheme *

TDECU MOVEit Data Breach Exposes Sensitive Info of 500,000+ Members *

Microsoft Sway Exploits by a New QR Code Phishing Campaign to Steal Credentials. *

Pidgin Messenger’s Official Plugin Repository Infiltrates by Malware *

Park'N Fly Informs 1 Million Customers of Data Breach *

U.S. Marshals Service Rejects Ransomware Gang's Breach Allegations *

macOS HZ RAT Backdoor Targets Users of Chinese Messaging Apps *

Volt Typhoon Hackers Exploit Versa Zero-Day Vulnerability to Compromise ISPs and MSPs *

Major WPML Plugin Flaw Puts WordPress Sites at Risk of Remote Code Execution *

New Chrome 0-Day Vulnerability (CVE-2024-7965) Exploited in the Wild` *

365 Copilot Data Theft Caused by an ASCII Smuggling Flaw is Fixed by Microsoft *

A Data Breach Involving Ransomware has been Reported by Patelco to 726,000 Customers *

“FreeDurov” Hacktivist Campaign Launches After Telegram CEO’s Arrest *

Dutch Regulator Hits Uber with €290 Million Fine for GDPR Breaches in U.S. Data Transfers *

Cheana Stealer Targets Windows and macOS VPN Users with Malware Payloads *

Small Rural Alabama Hospital Reports Major 2023 Hacking Breach *

Microsoft Exchange Online error incorrectly flags emails as malware *

Seattle-Tacoma Airport IT Systems Disrupted due to a cyberattack *

SonicWall Fixes Critical SonicOS Vulnerability *

Hundreds of Online Stores Targeted in Widespread Cyberattack *

Critical Vulnerabilities in Traccar GPS Tracking System Could Lead to Remote Code Execution *

Halliburton Confirms Cyberattack Leading to Systems Shutdown *

Slack Fixes AI Vulnerability That Allowed Data Theft from Private Channels *

Crypto Scammers Exploit McDonald's Instagram to Promote Grimace Coin *

CISA Mandates Urgent Patch for Versa Director Vulnerability *

A new Linux malware called 'sedexp' hides credit card skimmers using Udev rules *

Meta exposes an Iranian hacker group targeting global political figures using WhatsApp *

One million Dollars has been Paid as Ransom by the American Radio Relay League *

PEAKLIGHT Downloader Used in Windows Attacks via Malicious Movie Downloads *

Qilin Ransomware Targets VPN Credentials and Extracts Chrome Data *

New Cthulhu Stealer Targets macOS, Exploits User Credentials and Cryptocurrency Wallets *

Ongoing Log4j Exploits Continue to Target Unpatched Systems Two Years Later *

CISA Warns of Active Exploitation of Dahua Vulnerabilities *

Atlassian Releases Patches for High-Severity Vulnerabilities in Bamboo, Confluence, Crowd, and Jira *

China-Nexus ‘Velvet Ant’ Hackers Leveraged Zero-Day Exploit to Install Malware on Cisco Nexus Switches *

SolarWinds Patches High-Severity Vulnerability in Web Help Desk Software *

Critical Hardware Backdoor Found in MIFARE Classic Cards, Threatens Hotel and Office Security *

Caching Plugin Flaw Could Lead to Mass WordPress Site Exploitations *

Cisco Fixes High-Severity Vulnerability Reported by the NSA *

High Severity Chrome Flaw Actively Exploited in Wild fixed by Google *

India’s Zee Media Website for Mocking floods Defaced by Bangladesh Hackers *

MoonPeak Trojan is Used by North Korean Hackers in Cyber Attack Campaign *

Microsoft Fixes Critical Copilot Studio Flaw Exposing Sensitive Data *

Cryptojacking Hackers are Targteing Poorly Configured PostgreSQL Databases *

QNAP Boosts NAS Security with New Ransomware Protection *

Arden Clients Impacted by Data Breach: 139,000 Records at Risk *

Digital Wallets Vulnerable to Fraudulent Transactions Using Stolen Credit Cards *

Hackers Exploit PHP Vulnerability to Install Backdoor Malware on Windows Systems *

CannonDesign Reports Data Breach Linked to Avos Locker Ransomware *

Microchip Technology Reports Cyberattack Disrupting Operations *

Czech Mobile Users are Targeted in a New Banking Credential Theft Attack *

Styx Stealer New Threat Stealing Your Passwords *

Ransomware Epidemic Costs Victims $460 Million in First Half of 2024 *

CISA Alerts to Critical Jenkins RCE Vulnerability Actively Exploited *

Critical Linux Kernel Flaw Allows Direct System Access *

Xeon Sender Tool Abuses Cloud APIs for Massive SMS Phishing Campaigns *

Toyota Confirms Data Breach After Hackers Release Information on Forum *

UULoader Malware Spreads Gh0st RAT and Mimikatz in East Asia *

Jewish Home Lifecare Data Breach Affects 100,000 Individuals *

Massive Carespring Data Breach Compromises Medical Records of 77,000 Patients *

Zero-Day Windows Vulnerability Exploited by Lazarus Group to Deploy FudModule Rootkit *

Massive Extortion Campaign Exploits Exposed Environment Variables in Cloud Infrastructures *

OpenAI Disables Iranian Operation Misusing ChatGPT for Manipulating U.S. Election *

BeaverTail Malware Uses Weaponized Games to Attack Windows Users *

Russian Citizen Arrested for Selling Thousands of Stolen Credentials *

Mad Liberator Uses AnyDesk Request for Data Exfiltration Using Fake Windows Update Screem *

New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack *

Palo Alto Networks Patches Unauthenticated Command Execution Vulnerability in Cortex XSOAR *

Malicious Search Ads are Used by Tech Support Scammers to Impersonate Google *

Misuse of Azure Domains and Google to Spread Disinformation and Malware *

Chinese Hackers iSoon Target European Networks *

Bank Systems in Iran are Reportedly Targeted by a Major Cyberattack *

Sensitive Customer Data from Thousands of NetSuite E-Commerce Sites Exposed *

GitHub Flaw 'ArtiPACKED' Could Allow Repository Takeovers *

National Public Data Discloses Breach Affecting Social Security Numbers *

Massive Cloud Extortion Campaign Targets 110,000 Domains via Exposed .env Files *

Sophisticated Phishing Attacks Hit Western and Russian Civil Organizations *

Security Flaw in Pre-installed Verizon Demo App Poses Risk to Google Pixel Devices *

New Banshee Stealer Malware Targets macOS with Advanced Evasion Techniques *

Threat Actors Use Phishing Emails To Deliver Advanced Infostealer Malware *

Malspam Attacks Targets AnyDesk and Microsoft Teams To Gain Unauthorised Access *

Eastern Europe's NGOs and Media Face New Threats from Russian Hackers *

China-Supported Earth Baku Grows Cyber Attacks in Europe, Middle East, and Africa" *

Critical Remote Code Execution Vulnerability Found in SolarWinds Web Help Desk, Hotfix Released *

New EDRKillShifter Tool Used by RansomHub Group to Disable Endpoint Detection Software *

Ivanti Alerts of Critical vTM Authentication Bypass Vulnerability with Public Exploit *

Black Basta Campaign Exploits Social Engineering to Deploy SystemBC Malware *

NIST Introduces New Encryption Techniques to Defend Against Quantum Attacks *

Cyberattack Targets AutoCanada’s Internal IT Infrastructure *

Privilege Escalation Vulnerabilities Fixed in Zoom *

Technical Analysis of the Zero Click Outlook RCE vulnerability *

SAP Releases Critical Patches for Vulnerabilities in BusinessObjects and Build Apps *

Critical Flaws in T-Head CPUs Enable Total Device Compromise *

Microsoft Patch Tuesday Security Advisory - August 2024 *

FreeBSD Issues Patch for High-severity Vulnerability in OpenSSH *

Critical AWS Services Flaws Alows Attackers to Perform Remote Code Execution *

The FBI Siezed the Servers and Webistes of the Dispossessor Ransomware Operation *

Data Breach at Kootenai Health Exposes Over 464,000 Patient Records Following Ransomware Attack *

Microsoft Alerts on OpenVPN Vulnerabilities *

Multiple Vulnerabilities Enable Remote Code Execution in Google Quick Share *

Report Suggests that Fake HR Emails are Most Likely to Trick Employees *

Trump Campaign Blames Iran for Hacking After Documents are Leaked *

Rhysida Allegedly Stolen Data from BayHealth and Community Care Alliance *

The U.S. Department of Justice Arrests a Person Who Helped Hackers to Get Remote Jobs in U.S. and U.K. Firms *

EastWind Campaign Uses Malicious LNK Files to Deploy PlugY and GrewApacha Backdoors *

Extensive Customer Information Stolen in CSC ServiceWorks Breach *

Hacking of UK Government Systems and Emails by Russian Spies *

North Korean Kimsuky Group Targets Universities with Phishing Attacks *

Physical Security Firm ADT Suffers Major Data Breach *

Shadow Resource Vector AWS Vulnerabilities Reveal by Researchers *

Microsoft Warns of Unpatched Office Flaw Allowing Data Theft *

Critical Jenkins Vulnerabilities Expose Servers to Remote Code Execution *

Advanced Phishing Campaign Targeting Windows Systems *

New AMD SinkClose Vulnerability Enables Nearly Undetectable Malware Installation *

FBI Sounds Alarm on BlackSuit Ransomware *

Russia Bans Signal Over Anti-Terrorism Claims *

Critical "UnOAuthorized" Vulnerabilities Found in Microsoft Entra ID Allowing Privilege Escalation *

NCC Group Uncovers Eavesdropping Vulnerability in Sonos Smart Speakers at Black Hat USA 2024 *

Cisco Warns of Critical Exploit for Vulnerabilities in Smart Software Manager On-Prem *

Cisco Warns of Critical Zero-Day Vulnerabilities in End-of-Life Small Business IP Phones *

CISA Alerts Organizations to Critical Apache OFBiz RCE Vulnerabilities *

McLaren Health Care Systems Disrupted by INC Ransomware Attack *

0.0.0.0 Day: MacOS and Linux Devices Affected by an 18-Year-Old Browser Vulnerability *

State Sponsored Malware Found in Microsoft and Google Cloud Storage *

North Korean Cyber Espionage Targets University Academics *

Cisco Sounds Alarm on Severe RCE Vulnerabilities in Legacy IP Phones *

Fake AI Editor Ads on Facebook Infect Users with Password-Stealing Malware *

New Go-Based Backdoor Targets South Asian Media via Microsoft Graph API *

Self-Spreading Worm Named CMoon Targets High-Value Russian Entities *

Roundcube Webmail Vulnerabilities Allows Access to Email and Password *

Apple's macOS Sequoia Improves Gatekeeper to Block Unauthorized Software *

Critical Downgrade Attack Reintroduces Vulnerabilities in Patched Windows Systems *

Critical Remote Code Execution Vulnerbility in Progress WhatsUp Gold is being Abused *

Microsoft Azure Faces Significant Outage, Impacting North American Users *

Critical Security Fixes in Latest Chrome and Firefox Updates *

13000 School Devices Erased in an Attack on Moble Guardian *

National Public Data Suffered a Massive Breach Leaking 2.9 Billion Records With SSN *

IT Professionals Are Being Targeted by Chameleon Device-Takeovers Malware *

Apache OFBiz Zero-Day Vulnerability Allows Remote Code Execution *

Cyberattack on Grand Palais Rmn Causes Operational Disruptions, Museums Remain Open *

Bug in Microsoft Teams Impacts Image and Screenshot Sharing *

Researchers Found Vulnerabilities in Windows Smart App Control and SmartScreen *

Google Address the Exploitation of a Zero-Day Vulnerability in the Android Kernel *

North Korea Exploits VPN Vulnerability to Deploy Malware *

Leaked Wallpaper Vulnerability Allows Privilege Escalation Attacks on Windows *

Critical Flaw Found in Rockwell Automation Controllers *

Voter Records of Millions of US Voters Compromised Due to 13 Misconfigured Databases *

The National Crime Agency (NCA) Successfully Shut Down the Cyber Fraud Platform 'Russian Coms' *

World's First AI Act from the European Union are Taking Effect *

The Hunters International Ransomware Group Uses New SharpRhino Malware to Attack IT Professionals *

Magniber Ransomware Rampage Home Users Under Siege *

Bitdefender Error Allows Attackers to Manipulate Server Requests *

Ransomware Incident Columbus Under Investigation for Potential Data Breach *

Children's Privacy Laws Violated by TikTok according to the DOJ and FTC *

Attacks on Bytecode Interpreters Hide Malicious Code Injections *

Linux Kernel Vulnerable to New SLUBStick Cross-Cache Attack *

Cybercriminals Exploit ISP Vulnerability to Infect Users with Malware *

Minecraft DDoS Tool Unleashed on Misconfigured Jupyter Notebooks *

Hackers Exploiting Arbitrary File Upload Vulnerability in WordPress Plugin *

Microsoft Patches Critical Edge Flaw Allowing Arbitrary Code Execution *

New BITSLOTH Malware Uses BITS for Hidden Communication on Windows *

The CISA Warns of a Vulnerability in Avtech Cameras that has been Exploited in the Wild *

Russia-Linked APT28 Targets Diplomats with New Phishing Campaign Using HeadLace Malware *

Cyberespionage Group XDSpy Strikes Russian and Moldovan Entities *

New Sitting Ducks DNS Attack Allows Threat Actors to Takeover Domains *

New Variant of TgRAT Malware Targets Linux Servers *

New Android RAT BingoMod Steals Funds and Deletes Data *

Hackers Deploy Remote Access Malware by Abusing Free CloudFlare Service *

Malicious PyPI Packages were Distributed through StackExchange Answers *

DNS Compromise Hackers Take Over 35,000 Websites *

Apple Updates macOS Monterey to Fix Critical Vulnerability Exploited in the Wild *

Pharma Giant Cencora's Data Breach Exposes Extensive Personal and Health Information *

Chrome Security Update: Critical Vulnerability Patch Released to Prevent Exploitation *

Malware Associated with North Korea Attacks Windows, Linux, and macOS Developers *

Data Theft on Locked Apple Devices is Possible Due to a Siri Vulnerability *

As per CISA and FBI, DDoS Attacks Won't compromise US Elections Integrity *

Fake Google Authenticator Advertisements are Installing Malware *

OneBlood Faces Critical IT Systems Outage Due to Ransomware Attack *

Polish Businesses are Being Targeted by Malware such as Agent Tesla and Formbook *

Microsoft DDoS Attack Causes Azure Outages Affecting Critical Services *

After Two Years of Infiltration, new Mandrake Spyware was Found in Google Play Store *

SideWinder Cyberattacks Aiming for Maritime Facilities in Several Nations *

Users are tricked by the OneDrive phishing scam into running a malicious PowerShell script *

Malicious Campaign Targets Android Devices Using Telegram Bots to Steal SMS and OTPs *

Apple Releases Major Security Updates for iOS, macOS, and Safari *

Malware Campaign Targets Users with Obfuscated JavaScript and MSI Files *

Cybercriminals are Exploiting LLMs to Create Malicius Code *

Active Exploitation of Critical Vulnerability in Acronis Cyber Infrastructure *

OAuth Implementation Flaw Puts Millions of Websites at Risk of XSS Attacks *

New Specula Tool Exploits Outlook for Remote Code Execution on Windows Systems *

Proofpoint Vulnerabilities Exploited to Send Millions of Daily Phishing Emails *

Nvidia Patches High-Severity Flaws in AI and Networking Products *

Massive HealthEquity Data Breach Affects 4.3 Million People *

Malware Spreads Through 3,000 Fake GitHub Accounts *

Hackers Exploit Newly Disclosed ServiceNow Vulnerabilities *

Play and LockBit Ransomware Team Up to Amplify Cyber Attacks *

GXC Team's Advanced Phishing Tactics Exploit Android Apps and AI Technology *

Insula Group Confirms BianLian Ransomware Attack in Victoria *

Vulnerable Selenium Grid Servers Hijacked for Monero Mining *

Unveiling the Latest Banking Trojan Threats in Latin America *

Ukraine Hackers Hit Major Russian banks with DDoS attacks *

Columbus Cyber Incident Amid Wave of Ransomware Attacks on Cities *

U.S. Puts $10M Bounty on North Korean Hacker Tied to Maui Ransomware Attacks *

Malicious PyPI Package Exploits macOS Vulnerability to Capture Google Cloud Credentials *

North Korean hacker charged by the US for hospital ransomware attacks *

Paris Olympics Targeted by Cyberterrorism *

FBCS Data Breach Affects 4.2 Million People *

WhatsApp for Windows Vulnerability Enables Unwarned Execution of Python and PHP Scripts *

Belarus-Linked Hackers Target Ukrainian Organizations Using PicassoLoader Malware *

French Authorities Initiate Operation to Eradicate PlugX Malware from Infected Systems *

MCG Health Settles $8.8 Million Lawsuit regarding Data Breach *

The Crypto Exchange Gemini has Disclosed a Data Breach involving a Third Party *

Google Chrome Alerts Users to Risky Files During Download *

July Updates for Windows Server Disrupt Remote Desktop Access *

Google Resolves Chrome Password Manager Bug Hiding Credentials *

Researchers Trace Fake Postal Mailings Targeting Indian Users to China *

Siemens Patches Critical Vulnerabilities in Sicam Power Grid Products *

A PKfail Secure Boot Bypass Vulnerability Enables Attackers to Install UEFI Malware *

Progress Software Issues Patch for Severe Vulnerability in Telerik Report Server *

Researchers Reveal Flaw Allowing Access to Deleted and Private GitHub Repository Data *

Critical Vulnerability in Docker Engine Allows Attackers to Bypass Authorization Plugins *

French Law Enforcement Targets PlugX Malware with Self-Destruct Strategy *

Security Flaw in BlueStacks Emulator for Windows Puts Millions of Gamers at Risk *

Patchwork Targets Bhutan with Advanced Brute Ratel C4 Tool *

Thousands of GitHub Accounts Compromised by Malware Distribution Network *

North Korean State Actor Poses as KnowBe4 Engineer to Install Malware *

Michigan Medicine Data Breach Exposes 57,000 Patients' Information *

Hacking Forum BreachForums v1 Data Leak Exposes Members' Information *

Magento Sites Targeted by Concealed Credit Card Skimmer *

Windows 10 Update KB5040525 Fixes WDAC Issues Leading to Memory Leaks and Application Crashes *

Hackers Exploit Google Cloud for Phishing *

Chinese Hackers Deploy MgBot Malware to Target Taiwan and US NGOs *

Chinese Hackers Unleash New Version of Macma macOS Backdoor *

Dragos Unveils FrostyGoop Malware Targeting Industrial Control Systems in Ukraine *

CERT-UA Alerts on Spear-Phishing Campaign Targeting Ukrainian Research Institutions *

Cadre Holdings Hit by Cyberattack Affecting Operations *

SonicOS IPSec VPN Vulnerability Enables Attackers to Cause Denial of Service *

Daikin Targeted by Meow Hackers: 40 GB of Confidential Data Compromised *

Telegram Zero-Day Vulnerability Allowed Malicious Android APKs to Disguise as Videos *

Google Abandons Plan to Remove Third-Party Cookies in Chrome *

SocGholish Malware Exploits BOINC for Stealthy Cyberattacks *

Threat Actors Exploit Cloud Services for Credential Phishing and Malware Distribution *

Ransomware Attack Causes Severe Disruption to UK's Blood Supply *

Ubuntu Releases Patches for Critical Linux Kernel Vulnerabilities in Azure *

Microsoft Releases Tool to Remove Faulty CrowdStrike Driver on Windows *

Network Failures Force Retailers to Close Doors: Chaos Ensues *

Alert for Grand Theft Auto Fans: Fake GTA VI Beta Downloads Spreading Malware *

Federal Agencies Scramble to Resolve Major Software Outage *

NHS Overwhelmed by 999 Calls and Disruptions to GP and Hospital Services Amid Microsoft Global Outage *

Fake "CrowdStrike Hot Fix" (crowdstrike-hotfix.zip) Distributes RemCos RAT *

Crypto Pig-Butchering Exposed: The Role of Operation Spincaster *

The Role of WAN Optimization in Accelerating GenAI Networks *

MacOS Users Targeted by North Korean Hackers *

A new Linux variant from Play Ransomware Group targets ESXi *

ShadowRoot Ransomware Targets Businesses Using Weaponized PDFs *

Vulnerability in Thousands of Cloud Websites with TE.0 HTTP request smuggling *

The CrowdStrike outage leads to fake websites and phishing *

Hacker Linked to MGM Attack Arrested in UK *

Hackers Use Legitimate RMM Software to Distribute BugSleep Malware *

Octo Tempest Adds RansomHub and Qilin to VMware ESXi Attacks *

Hackers Claim Dettol Breach Affects 453,646 Users *

US Data Breach Victims Surge Over ElevenFold Yearly *

Technical Details on the Recent crowdStrike Outage *

Ransomware Gang Steals Data of 12.9 Million People from MediSecure *

Critical Splunk Vulnerability Enables Password Theft *

Pro-Houthi Threat Group Targets Humanitarian Organizations in Yemen with Android Spyware *

Major Microsoft 365 Outage Triggered by Azure Configuration Change *

Cisco Patches Critical SEG Vulnerability Allowing Root Access and Crashes *

Indian Crypto Exchange WazirX Hit by $230 Million Security Breach *

HotPage Adware Masquerades as Ad Blocker, Installs Malicious Kernel Driver *

Microsoft Massive Global Outage Disrupts Airlines, Banks, and Emergency Services Globally *

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager *

TAG-100 Cyber Espionage Campaign Targets Global Organizations Using Open-Source Tools *

Bassett Furniture Shuts Down Manufacturing After Ransomware Attack *

Vulnerabilities in SAP AI Expose Customer Data to Cyberattacks *

Cisco SSM On-Prem Vulnerability Enables Hackers to Reset Any User's Password *

Romania Confronts Hacktivist Attacks Amid Rising Geopolitical Tensions *

Chinese Hacker Group APT17 Targets Italian Firms and Government Agencies with New 9002 RAT Malware *

New Phishing Tactics Pose as HR Communications to Target Employees *

FIN7 is promoting a security-evading tool on dark web forums *

Life360 Customer Data Breach Exposes 442,519 Users *

Threat Actors Exploit Critical RCE Vulnerability in Apache HugeGraph-Server *

15 Million Trello Users' Email Addresses Exposed on Hacking Forum *

Coast Guard Faces Cyberthreats Amid Industry Reluctance *

NuGet Campaign Targets Developers with Injected Malicious Code *

MirrorFace Exploits Vulnerabilities in Internet-Facing Assets to Target Organizations *

Malicious npm Packages Hide Backdoor Code in Image Files *

Massive Ad Fraud Operation 'Konfety' Exploits Google Play Apps *

Former SEXi Ransomware Rebrands APT INC, Targets VMware ESXi Servers *

Kaspersky Lab Shutting Down U.S. Operations Following Sanctions *

Victoria's Royal Brighton Yacht Club Confirms Ransomware Attack by Medusa *

CISA Issues Warning on Actively Exploited RCE Vulnerability in GeoServer GeoTools Software *

Risk to Python's Core Repositories Following GitHub Token Leak *

Fake Microsoft Teams Ad Used in Phishing Campaign Targeting Mac Users *

Info-Stealing Malware Spread Through Windows Desktop Themes in Facebook Ads *

MuddyWatter Hacking Group Deploys New BugSleep Malware in Global Phishing Attacks *

Data Breach Exposes Personal Details of Thousands at Nokia and Microsoft *

Hacktivist Group SiegedSec Targets Heritage Foundation, Leaks Sensitive Data *

Lulu Hypermarket Data Breach Exposes 200,000 Customer Records *

Alert: DeFi Users Beware of DNS Hijacking Vulnerability Found in Squarespace Domains *

Advancements in Cybercrime Investigation Techniques *

FishXProxy Phishing Kit Makes Phishing Easy for Script Kiddi *

Leader of Zeus Malware Sentenced to 9 Years in Prison *

Singapore Banks to Phase Out One-Time Passwords in Three Months *

Hackers use PoC exploits in attacks 22 minutes after release *

NullBulge Hack: 1.1 TiB of Disney's Internal Communications Leaked *

Monitoring tool mSpy suffers data breach, revealing customer details *

Atomic Stealer delivered by fake Microsoft Teams for Mac *

APT41 Enhances Arsenal with New Stealthy Malware Loader and Backdoor *

Exim Mail Server Vulnerability Puts Millions at Risk from Malicious Attachments *

Hackers Target Advance Auto Parts, Exposing 2 million Users' Data *

Rite Aid Acknowledges Data Breach Post June Ransomware Incident *

Attacking Windows Users With Coyote Banking Trojan *

Data breach exposes 109 million AT&T call logs *

Samba file shares are exploited by DarkGate Malware *

Netgear Urges Immediate Firmware Update to Patch Critical WiFi 6 Router Vulnerabilities *

Siemens, Schneider Electric, and CISA Issue Critical ICS Patch Advisories *

RansomHub Leaks Sensitive Data from Florida Department of Health *

CrystalRay Utilizes SSH-Snake and Open Source Tools in Wide-Scale Attacks on 1,500 Targets *

ARRL Confirms Ransomware Attack Compromising Employee Data *

Palo Alto Networks Issues Critical Security Updates for Expedition Tool and PAN-OS *

Critical Zero-Click RCE Vulnerability Affects Microsoft Outlook *

Microsoft Fixes Windows 11 Bug Causing Reboot Loops and Taskbar Freezes *

PHP Vulnerability Facilitates Malware Distribution and DDoS Attacks *

Apple Warns iPhone Users of Potential Mercenary Spyware Attacks Across 98 Countries *

Evolve Bank & Trust Reports Data Breach Impacting 7.6 Million Individuals *

VMware Patches High-Risk SQL Injection Vulnerability in Aria Automation *

Citrix Releases Critical Patches for NetScaler Vulnerabilities *

Ransomware Group Exploits Vulnerability in Veeam Backup Software *

ViperSoftX Malware Utilizes AutoIT Scripting to Stealthily Execute PowerShell *

Researchers have identified new malware targeting the mining sector *

CISA Urges Developers to Eliminate OS Command Injection Vulnerabilities *

Critical Vulnerability in GitLab Allows Attackers to Execute Pipelines on Behalf of Other Users *

Microsoft 365 and Office Users Affected by '30088-27' Update Errors *

Adobe Releases Critical Patches for Multiple Products, Warns of Code Execution Risks *

SAP Patches Critical Vulnerabilities in July 2024 Security Update *

U.S. Disrupts AI-Driven Bot Network Spreading Russian Propaganda on Social Media *

New OpenSSH Vulnerability Discovered: Remote Code Execution Risk *

Apache HTTP Server Patch Released to Address Source Code Disclosure Vulnerability *

Windows 10 KB5040427 Update: Copilot Enhancements and 12 Issue Fixes *

Critical RADIUS Vulnerability: BlastRADIUS Exposes Networks to MitM Attacks *

Microsoft Patch Tuesday Security Advisory - July 2024 *

Hackers Exploit Critical Flaw in Rejetto's HFS to Spread Malware and Cryptocurrency Miners *

Alabama State Department of Education Thwarts Ransomware Attack but Data Breached *

Active Campaign Exploits Microsoft SmartScreen Vulnerability to Deliver Stealers *

Cybersecurity agencies are warning about APT40's swift adaptation in exploit tactics *

Zotac Customer RMA Information Exposed on Google Search *

Neiman Marcus Discloses Data Breach Affecting 31 Million Customer Email Addresses *

CloudSorcerer APT Group Targets Russian Government Agencies *

Dark Web Malware Logs Reveal Identities of 3,300 Users Connected to Child Abuse Websites *

Critical Ghostscript Vulnerability CVE-2024-29510 Actively Exploited in the Wild *

Cybercriminals Exploit YouTube to Spread Scams and Malware *

Concerns Rise Over OpenAI’s Security After Undisclosed Breach *

Critical Vulnerabilities Disclosed in Gogs Open-Source Git Service *

Threat Actors Target Cybersecurity Researchers with Pseudo-Exploit for regreSSHion *

Exploiting Vulnerabilities: Targeting Microsoft Exchange Servers for Sensitive Data *

Mekotio Banking Trojan Targets Latin American Financial Data *

Key Details and Impact of Shopify Data Incident *

Formula 1 Governing Body Reveals Data Breach Due to Email Compromises *

New Variant of Mallox Ransomware Targets Linux Systems *

Ticketmaster has experienced a data breach involving purported Taylor Swift tickets. *

DragonForce Ransomware Strikes New Zealand Fitness Retailer *

CISA Confronts Challenges After Major Ivanti VPN Breach *

OVHcloud Mitigates Record-Breaking 840 Mpps DDoS Attack *

New Eldorado Ransomware Targets Multiple Sectors with Advanced Customization *

Malicious QR Code Reader App on Google Play Distributes Anatsa Banking Malware *

Patelco Credit Union Hit by Ransomware, Shuts Down Banking Systems *

Brazil Halts Meta's AI Data Processing Due to Privacy Concerns *

Ethereum Email Breach Exposes 35,000 Users to Phishing Attacks *

New Botnet Zergeca, Based on Golang, Enables Powerful DDoS Attacks *

Microsoft Identifies Critical Flaws in Rockwell Automation PanelView Plus *

Google Fixes 25 Android Flaws, Including Critical Privilege Escalation Bug *

Operation MORPHEUS: Global Law Enforcement Shuts Down Cybercrime Network *

Twilio's Authy App Breach Exposes Millions of Phone Numbers *

HealthEquity Data Breach Exposes Protected Health Information *

Cisco Patches Zero-Day Vulnerability Exploited by China-Linked Velvet Ant *

Splunk Patches Multiple High-Severity Bugs in Enterprise and Cloud Platforms *

Critical OpenSSH Vulnerability Puts Millions of Servers at Risk *

Global Xbox Outage: Users Unable to Log In or Play Games *

A cyberattack using Donut and Sliver frameworks targets Israeli entities *

CapraRAT Spyware Targets Android Users Through Popular Apps *

Severe CocoaPods Vulnerabilities Put iOS and macOS Apps at Risk of Supply Chain Attacks *

HubSpot Alerts Customers to Ongoing Cyberattacks on Accounts *

Prudential Financial Reports Data Breach Impacting 2.5 Million Individuals *

Juniper Networks Issues Critical Security Updates for Router Authentication Bypass *

Ransomware Attack Hits Lurie Children’s Hospital, Compromising Personal and Health Information *

Google Chrome to Permit Isolated Web Apps Secure Access to Sensitive USB Devices *

Google Chrome to Block Entrust Certificates Starting November 2024 *

Fake IT Support Sites Spread Malicious PowerShell Scripts *

Data breach exposes customer information of dairy giant Agropur *

Infosys McCamish claims that LockBit has stolen the data of 6 million people *

A malicious npm package is targeting AWS users *

Unfurling Hemlock Threat Actor Floods Systems with Malware *

Geisinger Healthcare System Discloses Data Breach Involving Former Nuance Employee *

Critical Vulnerabilities Discovered in Emerson Gas Chromatographs by Claroty *

GitLab Releases Security Patches for 14 Vulnerabilities *

Critical Security Flaw in Vanna.AI Library Allows Remote Code Execution *

South Korean Telco KT Accused of Infecting P2P Users with Malware *

Medusa Banking Trojan Resurfaces with Stealthier, More Capable Variants *

Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow *

Snowblind Malware Exploits Android Security Feature to Bypass Protection *

New MOVEit Transfer Vulnerability Under Exploit - Apply Patch Immediately *

P2Pinfect Worm Attacks Redis Servers with Ransomware and Cryptominers *

Indonesia's National Data Center Hit by Ransomware Attack, Government Refuses to Pay $8 Million Ransom *

Neiman Marcus Data Breach Exposes Personal Information of 64,472 Individuals *

New Threat Actor Boolka Targets Websites with BMANAGER Trojan *

Hackers Drain $2 Million from CoinStats Cryptocurrency Wallets *

Google Chrome Update Fixes High-Severity Memory Safety Vulnerabilities *

Phishing Attack Hits Any.Run Malware Sandbox Service, Compromises Employee Accounts *

Supply Chain Attack on Polyfill.io JavaScript Affects Over 100,000 Websites *

Google Explores Digital Credential API for Secure Identity Verification on Chrome for Android *

New SnailLoad Attack Allows Remote Inference of User Activity Without Direct Network Access *

CISA CSAT Breach Alerts Chemical Facilities to Potential Data Theft *

New Exploit Using MSC Files and Windows XSS Vulnerability to Compromise Networks *

RedJuliett Intensifies Cyberattacks on Taiwanese Organizations *

Google Unveils Project Naptime to Enhance AI-Driven Vulnerability Research *

Path Traversal Vulnerabilities Persist Despite Modern Programming Languages *

LivaNova USA Reports Data Breach Affecting 130,000 Individuals *

Los Angeles Unified School District Data Breach: Cybersecurity Alert and Response *

Enhancing Network Security: Modern Approaches Beyond Traditional VPNs *

High-Severity UEFI Firmware Vulnerability Affects Hundreds of Intel-Based Devices *

ExCobalt Cybercrime Gang Targets Russian Organizations with New GoRed Backdoor *

Malvertising Campaign Deploys Oyster Backdoor via Trojanized Software Installers *

Critical Vulnerability in PrestaShop's pkfacebook Module Used to Steal Credit Card Data *

AdsExhaust Adware Campaign Deceives Meta Quest Users with Fake Downloads *

Twelve Kaspersky executives sanctioned by U.S. Treasury *

SneakyChef Espionage Campaign Targets Government Entities with SugarGh0st Malware *

CDK Global Cyberattack Hits Thousands of US Car Dealerships *

Chinese Cyber Espionage Groups Target Telecom Sector in Long-Running Campaign *

Change Healthcare Notifies Customers of Massive Cyberattack Impacting Patient Data *

French Diplomatic Entities Targeted by Cyber Attacks Linked to Russia *

Critical Path-Traversal Flaw in SolarWinds Serv-U Actively Exploited *

Kraken Security Flaw Exploited by Researcher to Steal $3 Million in Crypto *

Cross-Platform Scam Targets Crypto Users with Stealer Malware *

Forklift Manufacturer Crown Equipment Hit by Cyberattack, Shutting Down IT Systems *

Statewide 911 Outage in Massachusetts Linked to Firewall Error *

Chinese Users Targeted by Threat Actor Void Arachne Cyberattack Utilizing Malicious VPN MSI Files *

New Phishing Platform ONNX Store Targets Microsoft 365 Accounts *

Critical Failures in Medibank Security Exposed in Data Breach Report *

Legrand CRM CEO Addresses Data Breach, Dispels Misinformation *

Cleveland City Hall Closed Amid Confirmed Ransomware Attack *

Speculative Execution Attack on Arm CPUs' Memory Tagging Extension Raises Security *

Signal Foundation Opposes EU Proposal to Scan Private Messages for CSAM *

AMD Investigates Data Breach Amidst Cybersecurity Concerns *

Emerging Threat: Malware Targeting Docker API Endpoints for Cryptocurrency Mining *

BadSpace: Sophisticated Malware Exploiting WordPress in Multi-Stage Attacks *

Cyber Shadows: Hunt3r Kill3rs Infiltrate Schneider Electric's German Operations *

ASUS Fixes Critical Authentication Bypass Vulnerability in Various Router Models *

Microsoft Delays Recall Feature Amid Privacy and Security Worries *

High-Stakes SQL Injections in Low-Code Environments *

NiceRAT Malware Targets South Korean Users via Pirated Software *

Operation Celestial Force Uses Android and Windows Malware to Target Indian Users *

Chinese Hackers Compromise East Asian Firm for Three Years *

Social Engineering Tactics Fuel Malware Distribution! *

Data Breach Alert: The New York Times GitHub Repositories Compromised *

Pakistan-Linked Malware Campaign Expands to Target Windows, Android, and macOS *

Keytronic Confirms Data Breach Following Leak by Ransomware Gang *

Emoji-Controlled Havoc: Unmasking the New Linux Malware Operated via Discord *

New ARM 'TIKTAG' Threat Targets Chrome and Linux Systems *

Austrian Non-Profit Alleges User Tracking in Google's Privacy Sandbox *

Notorious Scattered Spider Hacker Arrested *

Grandoreiro Banking Trojan Spreads in Brazil as Smishing Scams Escalate in Pakistan *

CISA Warns of Zero-Day Windows Vulnerability Exploited by Black Basta Ransomware *

Ransomware Attack Hits Toronto's Largest School Board, TDSB *

Arid Viper's Mobile Espionage Campaign Leveraging Trojanized Android Apps *

Truist Bank Confirms Data Breach Following Appearance of Stolen Data on Hacking Forum *

Ascension Healthcare System Targeted in Hack After Employee Downloads Malicious File *

New Attack Method 'Sleepy Pickle' Targets Machine Learning Models *

Siemens, Schneider Electric, Aveva, and CISA Publish ICS Patch Tuesday Advisories *

Critical Vulnerability in JetBrains IntelliJ IDEs Exposes GitHub Tokens: Urgent Patch Required *

CISA Issues Warning on Impersonation Scams Targeting Financial Transfers *

Microsoft Patches High-Risk Zero-Click Flaw in Outlook *

Emerging Phishing Campaigns Deploy WARMCOOKIE Backdoor and Windows Search Malware *

Chrome 126 and Firefox 127 Patch Critical Security Vulnerabilities *

Black Basta Ransomware Exploits Windows Zero-Day Vulnerability, Symantec Reports *

Chinese Threat Actor SecShow's DNS Probing Activities and Emergence of Rebirth Botnet in Gaming Community *

Apple Releases visionOS 1.2 Update, Addressing First Vision Pro-Specific Vulnerability *

Cyber Incident Shuts Down Cleveland's IT Infrastructure *

Enhanced ValleyRAT Malware Campaign Unveiled with Advanced Capabilities *

Critical Vulnerabilities Discovered in Discontinued Netgear WNR614 Routers *

Adobe Patches Critical Security Flaws in Photoshop, After Effects, and Illustrator *

SAP’s June Patch Update: Critical XSS and DoS Vulnerabilities Fixed *

Microsoft Patch Tuesday Security Advisory - June 2024 *

Brooklyn DA Seizes Domains in Cryptocurrency Scam Targeting Russian Diaspora *

Microsoft Warns of Azure Service Tag Vulnerabilities for Cloud Security *

Researchers Discover Malicious VSCode Extensions with Millions of Installs *

Japanese Media Giant Kadokawa Hit by Major Cyber Attack, Properties Offline for Days *

Phishing Attack Disguised as Resume Distributes More_Eggs Malware Targeting Recruiters *

Arm Issues Warning on Actively Exploited Vulnerability in Mali GPU Kernel Drivers *

Vietnam Post Restores Operations After Ransomware Attack *

Cylance Confirms Legitimacy of Stolen Data Being Sold on Hacking Forum *

CyRC Advisory: Critical Vulnerability in EmailGPT Threatens Data Security *

Frontier Communications Discloses Data Breach Affecting Over 750,000 Individuals *

Panasonic Australia Acknowledges Cyber Incident After Akira Ransomware Claim *

SolarWinds Releases Version 2024.2 with Security Patches and Enhanced Features *

New York Times Source Code Compromised via Exposed GitHub Token *

New Phishing Campaign Employs "Paste and Run" Technique to Deliver DarkGate Malware *

Critical RCE Flaw Fixed in All PHP for Windows Versions *

CERT-UA Warns of Espionage Campaigns Targeting Ukrainian Defense Forces with SPECTR Malware *

Facing the Threat: SMBs' Concerns Over Cyberattacks and Business Continuity *

Fake Browser Update Campaigns Exploit Websites to Distribute Malware *

Hackers Leveraging Legitimate Packer Software for Covert Malware Distribution *

LAUSD Investigates Alleged Sale of Stolen Databases by Threat Actor *

Muhstik Botnet Exploits Apache RocketMQ Vulnerability for DDoS Attacks and Cryptomining *

New Attack Campaigns Exploit Years-Old ThinkPHP Flaws *

Sniffnet: A User-Friendly, Open-Source Network Monitoring Tool *

Advance Auto Parts' Snowflake Account Compromised, 3TB of Data for Sale *

Critical Vulnerabilities Discovered in Zyxel's Discontinued NAS Products *

Club Penguin Fans Hack Disney Server, Exposing 2.5 GB of Internal Data *

Belarusian Hackers Target Ukrainian Defense with Sophisticated Cyberespionage Campaign *

Critical Vulnerability in Ariane Systems' Self Check-In Kiosks Exposes Guest Data and Room Keys *

RansomHub: Evolution of Knight Ransomware Linked to Surge in Cyber Attacks *

TikTok Patches Vulnerability Used to Compromise Celebrity and Brand Accounts *

Australian Miner Northern Minerals Discloses Cyberattack, Data Leak *

Decoy Dog Trojan Targets Russian Power Companies, IT Firms, and Government Agencies *

Excel Macro Exploit Used in Multi-Stage Malware Attack on Ukraine *

Cox Modem Vulnerabilities Exposed Millions to Remote Hacking *

Critical Flaw in Telerik Report Server Allows Creation of Rogue Admin Accounts *

WhatsApp Cryptocurrency Scam Targets Cash Rewards *

Confluence RCE Patched (CVE-2024-21683) *

Google Chrome Users Must Update or Uninstall Within 72 Hours *

NPM Package Targeting Gulp Users Found Delivering RAT Malware *

Ransomware Gang RansomHub Claims Responsibility for Cyberattack on Telecom Giant Frontier *

Active Exploitation of OS Command Injection Flaw in Oracle WebLogic Server *

Microsoft India's X Account Compromised in Roaring Kitty Crypto Scam *

Kaspersky Releases Free Linux Virus Removal Tool KVRT *

Debt Collection Agency FBCS Reports Data Breach Affecting Over 3.2 Million People *

Chinese State-Sponsored Cyber Espionage Operation "Crimson Palace" Targets Southeast Asian Government *

Everbridge Reports Data Breach Involving Business and User Data *

Guardian Childcare Victoria Discloses Cyber Attack Leading to Data Breach *

Ticketek Reports Cyber Incident Impacting Customer Data *

BBC Notifies Employees of Data Breach Involving Pension Scheme Information *

BlueDelta Cyber-Espionage Campaign Targets European Networks with Headlace Malware *

Fake Browser Updates Delivering BitRAT and Lumma Stealer Malware *

CISA Warns of Active Exploitation of Linux Kernel Vulnerability CVE-2024-1086 *

Massive Cyber Attack "Pumpkin Eclipse" Bricks Over 600,000 SOHO Routers in the U.S *

Chinese Nationals Sanctioned for Botnet Linked to Massive COVID-19 Relief Fund Fraud *

Okta Issues Alert on Credential Stuffing Attacks Exploiting Cross-Origin Authentication *

New Study Exposes Most Hackable Pop Culture Passwords *

Linux Cyber Threat Actors Exploit Kiteshield Packer for Malicious Activities *

Critical WordPress Plugin Flaws Exploited for Malicious Script Injection and Backdoors *

RedTail Malware Exploits PAN-OS Flaw with Advanced Techniques and Private Mining Pools *

Cloudflare Disrupts FlyingYeti Phishing Campaign Targeting Ukraine *

US Shuts Down 911 S5 Botnet, Arrests Chinese Administrator *

Shell Data Breach Affects Thousands of Customers Worldwide *

Check Point Warns of Zero-Day Vulnerability in Network Security Gateway Products *

Critical Vulnerabilities Discovered in Eclipse ThreadX IoT Operating System *

Cooler Master Data Breach Exposes 103GB of Sensitive Information *

Cybercriminals Exploit Stack Overflow to Spread Malicious PyPi Package 'Pytoileur' *

Brazilian Banks Targeted in New AllaSenha Malware Campaign *

Microsoft Uncovers Moonstone Sleet: North Korean Threat Group's Diverse Cyber Campaign *

First American Financial and Fidelity National Financial Hit by Cyberattacks *

CatDDoS Botnet Exploits 80+ Security Flaws to Launch Widespread DDoS Attacks *

Christie’s Data Breach Highlights Cybersecurity Threats in the Auction Industry *

SingCERT Alerts Critical WordPress Plugin Vulnerabilities *

Mitigating Cybersecurity Risks: The Intersection of TLS and Dynamic DNS in Appliance Services *

ShinyHunters Allegedly Breach Ticketmaster and Live Nation, Offer Data for Sale *

Critical Vulnerabilities in Fortinet's SIEM Solution Exploited: PoC Exploit Released *

Eroding Trust: The Hidden Vulnerabilities Threatening Cybersecurity *

CERT-UA Warns of Surge in Cyberattacks by Financially-Motivated UAC-0006 *

Unveiling Targeted Malicious PyPI Packages on MacOS *

Sav-Rx Discloses Data Breach Impacting Over 2.8 Million Individuals *

Enhancing System Security with Fail2Ban: A Versatile and Proactive Approach *

New Phishing-as-a-Service Tool "Greatness" Exploits Microsoft 365 Credentials with Advanced Evasion Tactics *

TP-Link Archer C5400X Gaming Router Vulnerable to Critical Security Flaws *

Check Point Warns of Targeted Attacks on Remote Access VPN Devices and Issues Security Recommendations *

New Wave of Cyberattacks Targeting Indian Government and Aerospace Sectors Linked to Transparent Tribe *

New ATM Malware Threatens Global Banking Security with Flexible Payment Options *

New Malvertising Campaign Targets Users with Trojanized Arc Browser Installers *

Security Vulnerability Uncovered in AI-as-a-Service Provider Replicate *

Unveiling BloodAlchemy: Evolution of a RAT from ShadowPad to Deed RAT *

U.S. Pharmaceutical Giant Cencora Discloses Data Breach Affecting Sensitive Medical Information *

Microsoft Report Reveals Cybercriminal Operation Exploiting Retailers for Gift Card Fraud *

Python Minesweeper Game Used as Cover in Financial Cyberattacks *

Fake Antivirus Websites Spread Malware to Steal Sensitive Data *

Google Releases Chrome Update to Fix Fourth Zero-Day Vulnerability in Two Weeks *

Microsoft Outage Disrupts Services Including Bing and Copilot *

Ransom House Threatens Data Leak of Advance Press, Allegedly Steals 300GB of Data *

WhatsApp Warns of Government Surveillance Vulnerabilities Despite Encryption *

CentroMed Reports Data Breach Affecting Patient Confidentiality *

MITRE Reveals Cyberattack Exploiting VMware Systems for Persistence *

CISA Adds Actively Exploited Apache Flink Vulnerability to KEV Catalog *

ACSA Notifies 55,000 Individuals of Cyberattack Data Breach *

Malware Backdoored JAVS Courtroom Software Compromises Systems Worldwide *

Zoom Implements Post-Quantum Encryption for Enhanced Security *

Microsoft Introduces Recall Feature: Security and Privacy Implications *

Critical Remote Code Execution Vulnerability Discovered in Honeywell's Virtual Controller *

Nissan Oceania's Call Centre Hit by OracleCMS Data Breach *

Veeam Releases Critical Update for Backup & Replication Software *

China-Linked Hackers Increasingly Use Proxy Networks for Cyberespionage *

Newly Disclosed Threat Group Unfading Sea Haze Targets South China Sea Entities *

Blackbasta Group Claims Hack on Atlas, Major US Oil Distributor *

MediSecure Data Breach Prompts Calls for Enhanced Cybersecurity Measures *

GhostEngine Mining Campaign Disables EDR Security Through Exploiting Vulnerable Drivers *

ANZ Bank Faces Major Online Banking Outage: Customers Struggle to Access Accounts *

Critical Vulnerability Unveils Pre-auth RCE in Mirth Connect *

OpenSSF Launches Siren Mailing List for Open Source Threat Intelligence Sharing *

Western Sydney University Reveals Data Breach, Notifying 7,500 Affected Individuals *

SolarWinds Introduces Generative AI for Enhanced IT Management in Service Desk *

Critical Vulnerability "Linguistic Lumberjack" Identified in Fluent Bit *

Critical Vulnerability Discovered in Fluent Bit Utility *

Exposing Critical Infrastructure: The Risk of Public Internet Exposure for ICS Assets *

Hackers Exploit Foxit PDF Reader Vulnerability to Deploy Various Malware *

New Public RCE Exploit Targets Unpatched QNAP QTS Zero-Day Vulnerability *

New BiBi Wiper Malware Variant Deletes Disk Partition Tables, Targets Israel and Albania *

Unveiling LATRODECTUS: A Rising Threat in the Malware Landscape *

New 'Antidot' Trojan Hacks Android Devices for Data Theft and Remote Access *

Critical Vulnerability in Python Package Threatens AI Systems *

Chinese Nationals Arrested for Orchestrating $73 Million Laundering Scheme Through Pig Butchering Crypto Scam *

ARRL Cyberattack Disrupts IT Systems and Online Services *

Chinese Hackers Target U.S. AI Organizations in Sophisticated Cyber Campaign *

Ransomware Group Uses Malicious Ads to Target Windows Admins via PuTTY and WinSCP *

Grandoreiro Trojan Returns, Targets 1,500+ Banks Globally *

Chinese Cyber Espionage Group BlackTech Deploys Advanced Deuterbear RAT *

Data Breach at WebTPA Exposes Information of 2.4 Million Insurance Policyholders *

Critical Vulnerabilities Discovered in GE Ultrasound Systems *

Large-Scale Ransomware Attack Hits MediSecure E-Script Firm *

Indian Universities Targeted by a Sidecopy APT Campaign *

Facebook Messenger Exploited by North Korean Hackers in Targeted Malware Campaign *

Foxit Reader Users Targeted by PDF Exploits *

Critical Vulnerabilities Fixed in Ubuntu 24.04 LTS *

City of Wichita Ransomware Breach Exposes Personal Information *

Nissan Data Breach Compromises 53,000 Employees' Personal Information *

Cybercriminals Exploiting Ransomware Attacks Through Microsoft's Quick Assist Feature *

Intel Releases 41 Security Advisories Addressing 90 Vulnerabilities *

Massive Data Breach Affects 900k Individuals at Mississippi Healthcare Provider *

ICS Patch Tuesday: Siemens, Rockwell, Mitsubishi Electric Release Advisories *

Santander Customer and Employee Data Compromised in Third-Party Breach *

U.S. and China Clash Over AI Misuse and Restrictions *

Ebury Botnet Targets 400,000 Linux Servers *

Wireshark 4.2.5 Addresses Security Vulnerabilities and Enhances Network Analysis Capabilities *

Malicious Actors Exploit GitHub for Spreading Multiple Information Stealers *

Researchers Discover 64 Billion Annually Stolen by Southeast Asian Scam Syndicates *

Adobe Fixes Critical Flaws in Reader, Acrobat *

City of Helsinki Cyberattack Compromises Student and Personnel Data *

New Chrome Zero-Day Flaw CVE-2024-4761 Under Active Exploitation *

VMware Releases Patches for Exploited Vulnerabilities from Pwn2Own 2024 *

SAP Patches Major Vulnerabilities in CX Commerce and NetWeaver Platforms *

NHS Digital Warns of Potential Exploitation of Arcserve UDP Vulnerabilities *

Microsoft Patch Tuesday Security Advisory - May 2024 *

Black Basta Ransomware Hits Over 500 Organizations in North America, Europe, and Australia *

IoT Devices at Risk Due to Flaws in Integrated Cellular Modems *

Data Breach at FBCS Collection Agency Exposes Personal Information *

INC Ransomware Source Code Offered for Sale at $300,000 on Hacking Forums *

Apple Releases Patches for Code Execution Bugs in iPhones, iPads, and macOS *

PyPi Package Exploits macOS with Sliver Pen-Testing Suite Backdoor *

Nmap 7 95 Update Introducing Fresh OS and Service Detection Signatures *

Researchers Demonstrate GhostStripe Attack on Autonomous Vehicles *

Firstmac Limited Issues Data Breach Warning Following Cyberattack *

Ohio Lottery Data Breach Exposes Over 538,000 Individuals' Personal Information *

Google Releases Security Updates to Address Zero-Day Flaw in Chrome *

FIN7 Exploits Malicious Google Ads to Distribute NetSupport RAT *

Android Malware Impersonates Popular Apps for Credential Theft *

Ransomware Attacks Evolve into Psychological Warfare, Targeting Individuals and Families *

Government of British Columbia Investigating Cybersecurity Incidents on Government Networks *

French Medical Imaging Provider Coradix-Magnescan Faces Cyberattack, Patient Appointments at Risk *

Final Fantasy Servers Targeted by Ongoing DDoS Attacks, Players Face Login Issues *

Ascension Healthcare Cybersecurity Incident: Network Interruption Update *

Dell Technologies Issues Data Breach Notice to Customers *

LiteSpeed Cache Vulnerability Exploited by Hackers for Complete Control of WordPress Sites *

Brandywine Realty Trust Falls Victim to Ransomware Attack *

Critical Vulnerability Patched in Latest Android Update *

Critical Vulnerability Found in Tinyproxy Exposes Thousands of Instances to DoS and RCE Attacks *

BogusBazaar: Massive Online Fraud Network Scams Thousands, Stealing Millions *

Zscaler Investigates Potential Data Breach Following Hacker's Claims *

Hijack Loader Malware Adopts Advanced Anti-Analysis Techniques *

Poland Condemns Alleged Cyberattacks by Russian Group APT28 *

TunnelVision Attack Exposes Vulnerabilities in VPN Applications *

Indian Government Takes Action Against Cyber Terror, Blocks 14 Messenger Apps in J&K *

DocGo Reveals Cyberattack as Hackers Breach and Steal Patient Health Data *

LockBit Ransomware Administrator Unmasked and Charged by U.K. National Crime Agency *

Unveiling the Proliferation of Cyber Scams on Social Media and Messaging Platforms *

MITRE Corporation Reveals Details of Cyber Attack Targeting NERVE Environment *

Supply Chain Breaches Surge 68 Percent Year Over Year, Reveals DBIR *

UK Ministry of Defence Faces Data Breach Impacting Military Personnel *

New macOS Malware 'Cuckoo' Targets Intel and ARM-based Macs *

APT42 Expands Tactics with New Backdoors Targeting NGOs and Government Entities *

Law Enforcement Takes Down LockBit Group's Tor Website *

Xiaomi Devices Affected by Multiple Vulnerabilities in Apps and System Components *

City of Wichita, Kansas, Faces Ransomware Attack *

Mitigating Threats Posed by NiceCurl and TameCat Backdoor Variants *

Ukraine Reports Surge in Russian Cyberattacks Targeting Financial and Critical Infrastructure *

U.S. Reports North Korean Hackers Exploiting Vulnerable DMARC Settings *

Russian APT28 Exploits Outlook Flaw to Hack Czech, German Targets *

Chinese Researchers Identify Security Flaws in Government Websites *

Android Malware Campaign Targeting Bank Accounts in Finland *

Tamil Nadu Police Data Breach: Information Available for Sale on Dark Web *

US Government Warns of North Korean Phishing Campaigns Exploiting Weak Email Policies *

Bitwarden Debuts MFA Authenticator App for iOS and Android *

File Overwrite Flaw Endangers Popular Android Apps Xiaomi and WPS Office *

Russian Hackers Breached and Sabotaged Texas Water Treatment Plant *

LockBit Exposes Stolen Data from Cannes Hospital in France *

1,400 GitLab Servers Affected by Exploited Vulnerability *

Surge in DDoS Attacks Targeting Sweden Amid NATO Bid Process *

FortiGuard Labs Discovers Goldoon Botnet Exploiting Decade-Old D-Link Vulnerability *

Belarusian Cyber-Partisans Target KGB and State-Owned Enterprises in Recent Cyberattacks *

Latrodectus Malware Exploits Microsoft and Cloudflare Themes in New Attacks *

Data Breach at Dropbox Exposes Passwords and Authentication Information *

HPE Aruba Networking Releases Patch for Critical RCE Flaws in ArubaOS *

ZLoader Malware Evolution: New Anti-Analysis Feature and Stealthy Tactics Unveiled *

Siemens Energy Manager Software Vulnerability Highlights Persistent Deserialization Risks *

Cuttlefish: A New Malware Threat Targeting Networking Equipment and Cloud Authentication Data *

Critical Security Flaws in Judge0 Enable Sandbox Escapes and Host Takeover *

London Drugs Pharmacy Temporarily Closes Stores Due to Cybersecurity Incident *

GAO Identifies New Security Deficiencies in IRS Management Controls *

Unveiling the DarkGate Threat: Exploiting AutoHotkey and Evading SmartScreen *

Researchers Uncover Novel Attacks Targeting High-End Intel Processors *

JFrog and Docker Collaborate to Mitigate Malware Threats in Docker Hub Repositories *

U.K. Bans Default Passwords in Smart Devices to Combat Cyber Threats *

Muddling Meerkat Hackers Exploit China’s Great Firewall to Manipulate DNS *

Kaiser Permanente's Data Breach Affects 13.4 Million Patients *

Critical Vulnerability in R Programming Language Enables Supply Chain Attacks *

Google Enhances Security Measures on Play Store to Combat Malicious Apps *

Japanese Police Use Fake Payment Cards to Protect Elderly from Tech Support Scams *

DDoS Attacks Persist Against Russian Independent Media Site Meduza Post-Election *

Okta Warns of Surge in Credential Stuffing Attacks and Residential Proxy Abuse *

CISA's Ransomware Notification Pilot Resolves Over 800 Vulnerabilities *

Password Security Survey Highlights Urgent Need for Improved Cybersecurity Practices *

Ukraine Targeted in Cyber Attack Exploiting Microsoft Office Flaw *

Belarusian Hacker Group Claims Breach of KGB Network, Exposing Thousands of Personnel Files *

Security Breach Exposes 19,000 Welfare Program Accounts in California *

Organizations Remain Vulnerable to Cactus Ransomware Exploiting Qlik Sense Vulnerabilities *

New Android Banking Trojan Brokewell Enables Extensive Device Takeover and Remote Control *

Over 90,000 IP Addresses Affected by Self-Spreading PlugX USB Drive Malware *

North Korean Threat Actors Targeting Developers with Fake Job Interviews *

Malicious Websites Exploit SEO Poisoning to Spread Malware *

FTC Announces $5.6 Million Refunds to Ring Users Over Privacy and Security Issues *

North Korea-Linked Lazarus Group Unveils Complex Attack Chain Targeting Asia *

Security Research Reveals Vulnerabilities in Microsoft Warbird and Protected Media Path Technologies *

Phishing Campaign Exploiting Compromised Email Accounts Targets Autodesk Drive Users *

DOJ Announces Arrest of Samourai Wallet Founders for Money Laundering Conspiracy *

Critical Vulnerabilities in Brocade SANnav Management Application Expose Fibre Channel Infrastructure *

Hackers Exploit Cisco Zero-Days to Breach Government Networks *

Critical Security Vulnerabilities Expose Keystrokes of More Than 1 Billion Chinese Keyboard App Users *

Czech News Agency's Website Hacked, Spreads False Assassination Attempt Story *

Iran-Linked Hackers Execute Five-Year Cyber Espionage Campaign *

Multistage Attack Leveraging SSLoad and Cobalt Strike Detailed by Researchers *

Google Releases Update to Fix Critical Chrome Vulnerability *

Vulnerabilities in iSharing App Expose Millions to Location Tracking *

North Korean Hackers Target Dozens of South Korean Defense Companies *

Open-source Cloud Console Cartographer helps security teams transcribe log activity *

Russia-Linked Hacker Group Targets Indiana Water Treatment Plant *

Ransomware Report Highlights Shifts in RaaS Landscape and Increase in Victims *

Security Researchers Expose Windows Defender Vulnerability Enabling Database Deletion *

Phishing Campaign Exploiting Nespresso Website Vulnerability Evades Detection *

Kaspersky Uncovers Sophisticated Scam Targeting Telegram Users for Toncoin (TON) *

North Korean State-Sponsored Hackers Embrace AI in Cyber Operations *

GuptiMiner Malware Campaign Exploiting eScan Antivirus Update Mechanism *

JavaScript Malware Shifts to Server-Side Redirects & DNS TXT Records as Traffic Direction System (TDS) *

Critical Vulnerabilities Found in WordPress Plugin Forminator *

New PedoRansom Malware Targets Child Exploiters with Extortion Tactics *

Cyber Agency Warns of Increasing Targeting of Ukrainian Soldiers' Apps for Spying *

Androxgh0st Malware Exploits Servers Worldwide for Botnet Attacks *

Unveiling the Threat: Malicious PyPI Package "discordpy bypass 1.7" and Its Stealthy Tactics *

Uncovering a Dependency Confusion Vulnerability in an Archived Apache Project *

Surge in Quishing Attacks and Evolving Phishing Trends Highlight Latest Cybersecurity Threats *

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Vulnerabilities *

CrushFTP Urges Immediate Patching for Actively Exploited Zero-Day Vulnerability *

Beware of Sophisticated Google Ad Phishing Scam Targeting Whales Market Users *

Cannes Hospital Forced to Cancel Medical Procedures Due to Cyberattack *

Rise of Cheap, Disposable Ransomware on Dark Web Forums *

U.S. Dam Cybersecurity Raises Alarming Concerns Amid Growing Threats *

Frontier Communications Addresses Cyberattack, Works on System Restoration *

160 Ransomware Attacks Strike Food and Agriculture Sector in 2023 *

Data Breach at Michigan Healthcare Organization Affects 180,000 Individuals *

Malicious Hackers Target SAP Applications, Exploiting Cloud Migration and Security Vulnerabilities *

US Justice Department Charges Moldovan National for Operating Large-Scale Botnet *

International Law Enforcement Disrupts 'LabHost' Phishing Service, Arrests 30+ Worldwide *

Unveiling MadMxShell: A Sophisticated Malware Campaign Targeting IT Professionals *

Persistent OfflRouter Malware Infects Ukrainian Government Networks *

American Automaker's IT Staff Targeted by FIN7 in Phishing Campaign *

Mass Brute-Force Attacks Targeting VPN and SSH Services *

Czech Minister Warns of Russian Attempts to Sabotage European Railways *

Atlassian Vulnerability Exploited: Linux Variant of Cerber Ransomware Deployed *

Debian Security Update: Patching Critical Vulnerabilities in GTKWave *

Surge in Cyber Attacks Targeting Philippines Amidst South China Sea Tensions *

BreachForums Faces Cyber Attack, Admins Stand Resolute *

Kaspersky Discovers SoumniBot, a Innovative Android Banking Malware Evades Detection *

Iranian-Backed Hacking Group Allegedly Threatens Israeli Citizens with Radar System Hijack *

Threat Actors Target T-Mobile and Verizon Employees in SIM Swap Scheme *

Critical Security Flaw in Chirp Systems' Software Enables Remote Unlocking of Smart Locks *

Ukrainian Hacker Group Deploys Destructive Malware Fuxnet in Attacks Against Russian Infrastructure *

Imperva's 2024 Bad Bot Report Highlights Rising Threat of Malicious Bots *

Critical PuTTY Vulnerability Exposes NIST P-521 Private Keys *

Ivanti Alerts Users to Critical Vulnerabilities in Avalanche MDM Solution *

Orca Research Reveals LeakyCLI Vulnerability in AWS and Google Cloud CLI Tools *

LockBit Ransomware Resurfaces with Enhanced Self-Propagation Capabilities *

Global Organizations Targeted by SteganoAmor Attacks Leveraging Steganography *

Pune Cyber Crime Police Investigate 3.4 Crore Share Trading Scam *

Critical Vulnerability in Delinea Secret Server Requires Immediate Action *

Data Breach at Cisco Duo's Telephony Supplier Exposes MFA Messages Sent Over SMS and VOIP *

AI Voice Cloning: The Growing Threat to Financial Security *

Muddled Libra's Strategic Shift: Exploiting SaaS and Cloud for Extortion and Data Theft *

Omni Hotels Targeted by Daixin Ransomware Gang in Cyberattack *

Chipmaker Nexperia Confirms Data Breach by Dark Angels Ransomware Group *

Royal Mail's Barcoded Stamps Fail to Prevent Flood of Forgeries in the UK *

DPRK Utilizes Phantom DLL Hijacking and TCC Abuse by Leveraging Two MITRE Sub-Techniques *

Evolution of Earth Hundun's Cyberespionage Activities Using Waterbear and Deuterbear Malware *

Intel and Lenovo Servers Exposed to 6-Year-Old BMC Vulnerability *

Iranian Threat Actor MuddyWater Expands Arsenal with DarkBeatC2 Infrastructure *

XZ Utils Backdoor Files Found in Popular Rust Crate liblzma-sys *

Hoya Corporation Hit by Ransomware, Attackers Demand $10 Million *

Apple's Updated Warning System by Addressing Mercenary Spyware Threats and Zero-Day Exploits *

Massive SMS Phishing Scam Targets Americans with Fake Road Toll Notices *

Telegram Windows Desktop App Patched to Address Zero-Day Exploiting Python Script Launch *

Palo Alto Networks Issues Advisory for CVE-2024-3400 Exploiting Firewall Vulnerability *

Unveiling AWS's Battle Against IP Spoofing and DDoS Assaults *

FAQs from the 2024 State of the Phish Report: Understanding the Threat Landscape *

Revisiting MACT: Exploring Malicious Applications within Trusted Cloud Environments *

Security Alert: TA547 Strikes German Entities Using Rhadamanthys Malware *

Space Force Chief: US Faces Loss Without Assistance from Musk and Bezos *

X Resolves URL Error Potentially Facilitating Convincing Social Media Phishing Scams *

CISA Issues Warning: Federal Email Systems Targeted by Russian Hackers Exploiting Microsoft Accounts *

Microsoft Two-Step Phishing Campaign Targets LinkedIn Users: A Professional Hook *

Exploitation of Oversized LNK Files by Vedalia APT Group in Malware Campaign *

Circumventing SharePoint Security: Two Novel Methods for Evading Exfiltration Detection *

Data of 7.5 Million Customers Leaked in Attack on Consumer Electronics Giant boAt *

Spectre V2 Exploit Targets Intel CPU-Based Linux Systems *

Over 91,000 Smart LG TVs Exposed to Remote Takeover Due to Vulnerabilities *

New Ahoi Attacks Pose Threat to Confidential Virtual Machines *

Researchers Uncover 'Muliaka' Ransomware Group Targeting Russian Enterprises *

KernelCare Live: CVE-2024-1086 Patches Released for CloudLinux 6h and 7 Users *

Microsoft Addresses Critical Vulnerability in Azure Kubernetes Service Confidential Containers *

Browser Fingerprinting: Cybercriminal Utilization *

Phishing Deception Unveiled: Suspended Domains Unleash Malicious Payload in Latin America *

Microsoft Patch Tuesday Security Advisory - April 2024 *

Rising Trend: Malware-Initiated Vulnerability Scanning *

Hackers Focus on Human Rights Activists in Morocco and Western Sahara *

10-Year-Old Romanian Hacker Collective 'RUBYCARP' Emerges with Botnet Operations *

Security Alert: Multiple Adobe Software Products Affected by Code Execution Vulnerabilities on Patch Tuesday *

Fake E-Shop Campaign Targets Banking Security Across Regions *

New Latrodectus Malware Emerges in Phishing Campaigns *

Targus Discloses Cyberattack, Temporarily Disrupting Operations *

Google Sues Chinese Developers Over Fake Cryptocurrency Apps Scam *

UK Authorities Investigate 'Honey Trap' Scheme Targeting Westminster Figures *

D-Link NAS Devices Vulnerable to Critical Command Injection and Backdoor Flaw *

Massive Data Breaches Hit Hawai Based Insurance Giant and Healthcare Providers *

Home Depot Data Breach Exposes Employees to Phishing Risks *

Red CryptoApp Ransomware Group Unveils 'Wall of Shame' for Exposed Victims *

Cisco Alerts Users to Vulnerability in End-of-Life Small Business Routers *

Facebook Malvertising Campaigns Exploit Interest in AI to Spread Password-Stealing Malware *

Byakugan Malware Exploits Adobe Acrobat Reader Installers *

Emerging Threats to AI-as-a-Service Security *

Vulnerability in HTTP2 Protocol's CONTINUATION Frame Enables DoS Attacks *

Cyberattack Causes Disruption to Hoya's Optics Production and Orders *

City of Hope Notifies Over 800,000 Individuals of Data Breach Impacting Personal and Health Information *

Progress Software Releases Critical Patches for Flowmon Vulnerability *

Magento Shoplift Malware Targets WordPress Sites *

Visa Alerts Financial Institutions of JsOutProx Malware Surge Targeting Customers *

Rising Threat of SMS Phishing (Smishing) Targeting Enterprises *

SurveyLama Data Breach Exposes 4.4 Million Users' Personal Information *

Google Issues Patches for Actively Exploited Pixel Vulnerabilities *

Prudential Financial's Data Breach Affects 36,000 Individuals *

Ransomware Group INC Ransom Claims Responsibility for UK City Council Cyber Attack *

Security Alert: Highly Sensitive Files Disappear from Europol Headquarters *

Critical Linux Vulnerability 'WallEscape' Exposes User Passwords *

Agent Tesla Malware Targets American and Australian Organizations in Recent Campaign *

Ivanti Issues Emergency Patches for 4 Vulnerabilities in Connect Secure and Policy Secure *

Threat Actors Use YouTube Video Game Cracks to Deliver Malware *

Critical Vulnerability Detected in LayerSlider Plugin Installed on a Million WordPress Sites *

Google Settles 'Incognito Mode' Privacy Lawsuit, Agrees to Delete Billions of Browsing Records *

Surge in Cyberattacks Inflicting Physical Disruption *

Binarly Introduces Free Scanner to Detect Linux Executables Affected by XZ Utils Supply Chain Attack *

WordPress WP-Members Plugin Vulnerability Enables Script Injection *

NIST Faces Challenges with National Vulnerability Database, Urgent Calls for Action *

Google Introduces Device Bound Session Credentials (DBSC) for Enhanced Browser Security in Chrome *

Ransomware Suspected in Missouri County's Tax Payment Disruption *

Vulnerability in Hotel Self Check-In Kiosks Exposes Room Access Codes *

China-Linked Hackers Unleash Stealthy 'UNAPIMON' Malware for Covert Operations *

Malicious Android Apps Transforming Phones into Proxies for Cybercriminals Discovered *

PandaBuy Data Breach Exposes Information of 1.3 Million Users *

The Absence of Human Imperfections: AI's Identifying Flaw *

OWASP Foundation Discloses Data Breach Affecting Specific Members due to Misconfigured Legacy Wiki Server *

Indian Government Rescues 250 Citizens Compelled into Cybercrime Activities in Cambodia *

Pentagon Outlines Strategy for Enhancing Cybersecurity of Defense Industrial Base *

Sellafield Nuclear Waste Facility Faces Prosecution Over Cybersecurity Lapses *

MarineMax, a Yacht Retailer, Reveals Data Breach Following Cyberattack *

Vultur Banking Malware Masquerades as McAfee Security App on Android *

Prisma Finance Crypto Theft Concludes Unusual Week of Platform Breaches *

Activision Urges 2FA Activation for Accounts Compromised by Recent Malware Theft *

Google Podcasts Service to Close in the US Next Week *

More Than 100 Malicious Packages Aiming at Popular ML PyPi Libraries *

AT&T Reports Exposure of 73 Million Customers' Data on Dark Web *

Malicious Backdoor Discovered in xz: A Critical Data Compression Library for Linux *

Malicious Ads Distribute Stealer Malware, Targeting macOS Users *

Data Breach at Massachusetts Health Insurer Affects 2.8 Million Individuals *

Cisco Alerts Regarding Password-Spraying Attacks on Secure Firewall Devices in the US *

Darcula, The Global Threat of Phishing-as-a-Service Exploiting Victims Worldwide *

Emergence of Linux Variant of DinodasRAT in Global Cyber Campaigns *

Google Releases Chrome Browser Security Update to Patch Vulnerabilities *

NHS Scotland Contained Ransomware Attack, Ensuring Regional Isolation *

Vietnam's Leading Securities Brokerage Hit by Cyberattack, Halting Trading Operations *

Ransomware Strikes Municipalities in Texas and Georgia, Disrupting Essential Services *

Cyberattack Strikes Hot Topic with Credential Stuffing, Data Compromised *

Cryptocurrency Scammers Hijack Trezor's Twitter Account Using Fake Calendly Invite *

TheMoon Malware Rapidly Infects 6,000 ASUS Routers in 72 Hours for Proxy Service *

Code Execution Vulnerabilities Discovered in NVIDIA ChatRTX for Windows *

Chinese APT Groups Targeting ASEAN Entities Uncovered *

Guardio Labs Discovers Vulnerability in Microsoft Edge *

Hackers Target India's Defense and Energy Sectors with Malware Disguised as Air Force Invitations *

Dubious NuGet Package Raises Concerns of Chinese Industrial Espionage *

Chinese Cybersecurity Firm Linked to Communist Party Government Targets Australia *

Portugal Mandates Halt to Biometric Data Collection by Sam Altman's Worldcoin *

State Department Issues Alert on Fraudulent Scheme Targeting Payroll Systems *

UK Street Newspaper, Big Issue, Targeted by Ransomware Gang *

Japan Conducts First Cyber Defense Exercises with Pacific Island Nations *

Finland Confirms APT31 Hackers Responsible for 2021 Parliament Breach *

AMD Zen CPUs Vulnerable to New ZenHammer Memory Attack *

Giant Tiger Reports Customer Data Breach Linked to Third-Party Vendor *

Free VPN Apps on Google Play Convert Android Devices into Proxies *

Sophisticated Attack Campaign Targets GitHub with Malicious Packages Impacting Top.gg and Others *

New Zealand Reveals State-Sponsored Cyberattacks from China *

Critical 17,000 Vulnerabilities Found in German Microsoft Exchange Servers *

Raspberry Pi Transformed into Cybercriminals' Plug-and-Play Fraud Tools *

Lumen Technologies Uncovers 40,000-Strong Botnet Utilizing End-of-Life Devices *

Panera Bread Hit by Nationwide IT Outage Since Saturday *

Mitigating Shadow AI Risks in Organizational Settings *

Petersen Health Care Declares Bankruptcy Following Cyberattack and Loan Defaults *

Hacking Group R00Tk1t Targets Indian Political Party, Raises Concerns Ahead of Elections *

UK's Communications Workers Union Faces Cyberattack *

Google's AI-Driven Search Feature Accused of Promoting Scam Sites *

StrelaStealer Malware Targets Organizations in US and EU Through Large-Scale Phishing Campaigns *

Russian State-Backed Hackers Target Ukrainian Internet Providers in Sophisticated Cyberattacks *

SCAA Faces Cyberattack: Data of 70,000 Members Possibly Compromised *

Mozilla patches Firefox zero-days worth $100,000 after a two-day hackathon *

German Authorities Dismantle Major Online Marketplace for Drugs and Cybercrime *

Illinois County Government and Local College Hit by Ransomware Attacks *

FlowFixation Vulnerability in AWS Managed Workflows for Apache Airflow *

GoFetch Side-Channel Attack Targets Apple M1, M2, and M3 Processors *

Ivanti Fixes Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM *

Tax Phishing Attack Targets Small Business Owners for Social Security Numbers *

Security Researchers Uncover Critical Flaw in Hotel Door Systems *

Foxit Reader Vulnerability Exploit Sparks Urgent Patch Release *

GitHub Unveils AI-Powered Tool for Automatic Code Vulnerability Fixes *

Pwn2Own Vancouver: Successful Hacks on Windows 11, Tesla, and Ubuntu Linux *

Microsoft Releases Patch for Xbox Vulnerability After Initial Dismissal *

Chinese Hacker Exploiting Vulnerabilities Targets Global Institutions *

Malware-as-a-Service Campaign Targets Android Users in India *

Hackers Target Belgian Grand Prix Fans with Phishing Scam *

Critical Vulnerabilities Found in Argo GitOps Tool for Kubernetes *

Atlassian Fixes Critical Vulnerability in Bamboo Data Center and Server *

Windows Server Updates Trigger LSASS Memory Leak, Prompting Crashes *

Critical Vulnerabilities Addressed in Chrome 123 and Firefox 124 Updates *

US Department of Defense Celebrates Milestone in Ethical Hacking Program *

Exploitation of TeamCity Vulnerability Linked to Jasmin Ransomware and Other Malware *

New Loop DoS Attack Threatens Hundreds of Thousands of UDP-Based Hosts *

TMChecker: New Dark Web Toolset Targets Remote Access Services and E-Commerce Platforms *

Impact of Cyberattack on UnitedHealth Group's Change Healthcare Unit Sparks Legal Action *

Phishing Campaign Unveils Ingenious Microsoft Office Tactic to Distribute NetSupport RAT *

APIs Drive the Majority of Internet Traffic and Cybercriminals Exploit Them *

Pensacola City Government Phone Lines Disabled by Cyberattack *

Security Researchers Uncover Massive Data Leak from Misconfigured Google Firebase Instances *

AcidPour, A New Data-Wiping Malware Targeting Linux IoT Devices *

Expansion of International Spyware Agreement Includes Six New Countries *

Nations Direct Mortgage Data Breach Exposes 83,000 Individuals' Information *

Phishing Evolution: Hackers Target Popular Document Publishing Sites *

Relentless Cyber Activity Targeting Global Critical Infrastructure *

MediaWorks Investigates Alleged Data Breach Impacting 2.4 Million Individuals *

Machine Learning Model Repositories Vulnerable to Supply Chain Attacks *

Apex Legends Esports Tournament Temporarily Halted Due to Cheating Incident *

Key MITRE ATT&CK Techniques Exploited by Cyber Attackers *

Fujitsu Discovers Malware Breach, Customer Data Compromised *

Unveiling an Evasive Azorult Campaign Leveraging HTML Smuggling via Google Sites *

Fortra Fixes Critical Remote Code Execution (RCE) Vulnerability in FileCatalyst Transfer Tool *

Unveiling the Earth Krahang APT Campaign: Targeting Government Entities Worldwide *

Gitgub Malware Campaign Targets GitHub Users with RisePro Info-Stealer *

Ransomware Threat Targets South African Pension Data *

Unveiling a Novel Acoustic Side-Channel Attack on Keyboards *

GhostRace: New Data Leakage Attack Exploits Speculative Execution *

AT&T Denies Origin of Leaked Data Impacting 70 Million Individuals *

ShadowSyndicate Hackers Exploits CVE-2024-23334 in Aiohttp Python Library *

Scranton School District Faces Ransomware Attack, Disrupting Operations *

Encina Wastewater Authority Targeted by BlackByte Ransomware Group *

WordPress Sites Vulnerable to Takeover Due to Discontinued Security Plugins *

McDonald’s Experiences Global IT Failure Impacting Stores *

Cisco Fixes High-Severity IOS XR Vulnerabilities *

Oversubscribed and Outdated Supercomputers Cause Delays in NASA Missions *

Threat Actors Exploit Document Publishing Sites for Persistent Credential and Session Token Theft *

Irish Government Website Bug Exposing COVID-19 Vaccination Records Takes 2 Years to Publicly Disclose *

StopCrypt Ransomware: Evading Detection as the Most Widely Distributed Threat *

Real-Time URL Protection Integrated into Chrome's Standard Safe Browsing *

Researchers Outline Vulnerability in Kubernetes Allowing Takeover of Windows Nodes *

Alabama is Experiencing a DDoS Cyberattack with Alleged Support from Russian Hacktivists *

Phone Number Hijacking: SIM Swappers Targeting eSIMs *

Google's Gemini AI Vulnerable to LLM Threats, Researchers Warn *

Billion-Dollar Boat Seller MarineMax Discloses Cyberattack to SEC *

Vcurms Malware Sets Sights on Popular Web Browsers for Data Theft *

Cloud-Based Assault Targets Meson Crypto CDN Prior to Launch *

Chipmaker Patch Tuesday: Intel and AMD Tackle Fresh Microarchitectural Vulnerabilities *

Data Breach Exposes Over 2.3 Million Records from Family Entertainment Business *

Securing Third-Party App Usage in Mid-Market Companies Scaling from 500 to 5000 Employees *

Server Leak Exposes Wealth of Customer Data from Leading EV Charging Firm *

Exposed: Vulnerabilities in ChatGPT Plugins Compromise Data and Accounts *

Roku Refunds 15,000 Breached Accounts for Unauthorized Subscriptions *

Okta Denies Involvement in Data Leak on Hacking Forum *

Data of 27,000 Individuals Compromised in September Ransomware Attack on Stanford *

Microsoft Patch Tuesday Security Advisory - March 2024 *

Adobe Patches Critical Vulnerabilities in its Enterprise Products *

Siemens Ruggedcom Devices Vulnerable to Nozomi Component Flaws in ICS Patch Tuesday *

SAP Addresses Critical Command Injection Vulnerabilities with Patches *

Acer Confirms Leak of Philippine Employee Data on Hacking Forum *

EquiLend Alerts Employees of Data Theft by Ransomware Group *

Belgian Village Hit by Cyberattack on Brewery Now Faces Second Incident Targeting Coffee Roastery *

Personal Information Leaked in Jersey Data Breach *

The Global Rise of Sophisticated Vishing Campaigns *

Microsoft SCCM Misconfigurations Unveiled by Researchers as Cyberattack Vectors *

QNAP NAS Devices Vulnerable Due to Critical Security Flaw *

French Government Facing Unusually Intense Cyberattacks *

Leicester City Council Grapples with Extended IT Outage After Cyber Attack *

Russian Gov Hackers Steal Microsoft Source Code via Email Surveillance *

Paysign Investigates Potential Data Breach Amid Reports of Stolen Consumer Information *

Australian graphics company Canva says font security remains a significant issue *

Exploitation of WordPress Plugin Vulnerability Leads to Malware Infection on 3,300 Sites *

QEMU Exploitation: A Novel Tunneling Technique Threatens Company Networks *

In-Memory Web Shell Exploits Target Atlassian Confluence Vulnerability *

CISA Alerts of Exploited Pixel Phone Vulnerability *

Unpatched Sceiner Smart Lock Flaws Enable Unauthorized Door Access *

Evolution of Threats: Transition from Web3 Drainer to Distributed WordPress Brute Force Attack *

NTLM Authentication Vulnerability Exploited by TA577 Cyber Threat Actor *

Chinese Government Hacking Group Targets Tibetans in Cyber Espionage Campaign *

Swiss Government Documents and Credentials Leaked in Ransomware Attack *

Technology Disruption Under Investigation at South St. Paul Public Schools *

Snake Python-Based Information Stealer Targets Facebook Users in Cyberattacks *

Cisco Addresses High-Severity Vulnerabilities in Secure Client VPN Application *

Georgia Tech Redefines Industrial Cybersecurity Threats with Web-Based PLC Malware *

PetSmart Issues Password Resets Amid Credential Stuffing Attack *

Japanese Ministry Attributes Line Data Breach to Shared Technology with Naver *

Google's March 2024 Android Security Update Addresses Critical Vulnerabilities *

Beware of Fake Online Meeting Platforms Spreading Malicious RATs *

HHS Support Measures for Healthcare Providers Amid Change Healthcare Ransomware Attack *

Malicious Campaign Exploits Misconfigured Cloud Servers in Linux *

Organizations are deliberately launching applications with known vulnerabilities *

Canadian Financial Intelligence Agency Shuts Down Systems Amid Cyberattack *

North Korean Threat Actors Exploit ConnectWise Vulnerabilities to Deploy TODDLERSHARK Malware *

Cybercriminals Unleash Upgraded GhostLocker 2.0 Ransomware in Global Attack Campaign *

North Korean Hackers Breach South Korean Semiconductor Companies *

Apple Issues Urgent Software Update to Address Critical Security Flaws in iOS Platform *

Meta-Owned Facebook and Instagram Experience Global Outage, Prompting Swift Response *

Cybercriminals Utilize New DNS Hijacking for Investment Scams *

WogRAT Malware Exploits Online Notepad Platform in Stealthy Attacks *

FortiGuard Labs Discovers CHAVECLOAK Trojan Targeting Brazilian Banking Users *

Data Breach at Mr. Green Gaming Exposes Personal Information of 27,000 Users *

VMware Issues Urgent Patches for Critical ESXi Sandbox Escape Vulnerabilities *

Cybercriminals Embrace AI: Shaping a New Era of Malware Development *

Emerging Threat: Morris II Worm Exploits Generative AI for Malicious Propagation *

Expansion of Predator Spyware: New Network Infrastructure in Botswana and the Philippines *

RA World Ransomware: A Multistage Threat Employing Anti-AV Tactics and GPO Exploitation *

Critical Vulnerabilities in JetBrains TeamCity On-Premises Potentially Allowing Server Takeovers *

Sophisticated Phishing Attacks Target FCC Employees and Cryptocurrency Platforms *

American Express Notifies Customers of Third-Party Service Provider Data Breach *

Critical Vulnerabilities Patched in Hikvision's HikCentral Professional Security Management System *

Exploitation of Major Brand Subdomains in Large-Scale Spam Campaign *

Major Security Flaws Found in Doorbell Cameras Sold Online, Including Amazon *

FBI and CISA Release Indicators of Compromise for Phobos Ransomware *

Unit 42 Discovers New Linux Variant of Bifrost RAT with Innovative Evasion Tactics *

U.S. Court Mandates NSO Group's Disclosure of Pegasus Spyware Code to WhatsApp *

Golden Corral Data Breach Exposes Personal Information of 183,000 Individuals *

CISA Alerts to Exploitation of Windows Streaming Service Vulnerability *

Taiwan's Chunghwa Telecom Hit by Data Breach: 'Sensitive' Information Stolen by Hackers *

Meta Fixes Facebook Account Takeover Vulnerability *

North Korean Hackers Exploit Windows Zero-Day in Rootkit Attack *

SPIKEDWINE Exploits European Diplomats Through WINELOADER Attack *

BEAST AI: Disrupting Large Language Models in Just One Minute of GPU Time *

Enterprises Struggle with Mobile Fraud Amid Surge in AI-Powered Attacks *

Internet and Telecom Services Disrupted in Chad Amid Deadly Political Clashes *

New Linux Malware GTPDOOR Exploits GPRS Tunnelling Protocol for Telecom Network Attacks *

Cisco Fixes High-Severity Vulnerabilities in Data Center OS *

Irish Foreign Affairs Ministry Finds 'No Evidence' of Cyber Breach After Extortion Claim *

Pharmaceutical Distributor Cencora Discloses Data Exfiltration in Cybersecurity Incident *

Savvy Seahorse Unveils Innovative DNS CNAME Technique *

Travel Industry Faces Threat of Agent Tesla Malware Attacks Targeting Online Travelers *

New Malware Campaign "TimbreStealer" Targeting Mexican Users Discovered by Cisco Talos *

Bazaarvoice Targeted in Cyberattack by Mogilevich Ransomware Group *

Malicious JavaScript in Tornado Cash DAO Compromises Transaction Privacy *

medQ Acknowledges Data Breach Due to Software Encryption Incident *

Anycubic 3D Printers Hacked, Users Warned of Vulnerability *

Pepco Group's Hungarian Business Targeted in Phishing Attack, Suffers €15 Million Losses *

Newly Discovered Xeno RAT Trojan Poses Significant Threat on GitHub *

Web Check: Free Open-Source Intelligence Tool for Website Analysis *

LoanDepot Confirms Data Breach: Almost 17 Million Customers Affected by Ransomware Attack *

Hackers Exploit 14-Year-Old CMS Editor on Government and Education Sites for SEO Poisoning *

Critical SQL Injection Vulnerability in WordPress Plugin Puts Over 200K Websites at Risk *

Hugging Face Vulnerability Opens Door to Supply Chain Attacks on AI Models *

New IDAT Loader Version Utilizes Steganography to Distribute Remcos RAT *

Russian Cyberspies Exploit Dormant Accounts to Target Cloud Infrastructure *

North Korean Hackers Distribute Malicious npm Packages Targeting Developers *

Hackers Swipe Nearly $10 Million from Axie Infinity Co-Founder's Personal Accounts *

Critical Security Vulnerability Discovered in Popular 'Ultimate Member' WordPress Plugin *

Malawi Immigration Department Suspends Passport Services Due to Cyberattack *

ThyssenKrupp Automotive Body Solutions Business Unit Falls Victim to Cyber Attack *

Zyxel Addresses Remote Code Execution Vulnerability in Firewall Products with Patches *

Hackers Expose 2.5M Private Plane Owners' Data in LA International Airport Breach *

Major Brands' Subdomains Hijacked in Massive Spam Campaign *

Biden's Executive Order Aims to Strengthen Cybersecurity Measures at Ports *

Finance Department Expresses Regret Over Second Unintentional Data Leak in Four Months *

High-severity Vulnerability in Apple Shortcuts App Exposes Sensitive Data *

RCMP Probes Cybersecurity Incident During Ongoing Website Disruption *

Quik Pawn Shop Targeted in Alleged Cyberattack by Akira Ransomware Group *

UnitedHealth Confirms Optum Cyberattack, Leading to US Healthcare Billing Outage *

Rising Threat: Web3 Malware Exploits Cryptocurrency Assets *

SSH-Snake: Emerging Self-Modifying Worm Poses Threat to Networks *

FTC Alleges Avast Sold Customer Browsing Data to Advertisers Without Consent *

Singapore Sees Surge in Scams and Cybercrime Despite Anti-Scam Measures *

Authentication Bypass Vulnerabilities Discovered in Wi-Fi Software for Android, Linux, and ChromeOS *

Arizona Firm's Data Breach Affects 2.4 Million Patients *

Ubuntu Addresses Multiple FreeImage Vulnerabilities *

Tangerine Telecom Breach Impacts 232,000 Customers *

Signal Beta Introduces Custom Usernames for Enhanced Privacy *

Researchers Warn of Surging Banking Malware Campaign Exploiting Google Cloud Run *

Researchers Unveil 'VoltSchemer' Attacks Exploiting Wireless Charger Vulnerabilities *

Ransomware Attack Hits DC-Area School System, Affecting Data of 100,000 Individuals *

Malicious PyPI Packages Exploit DLL Side-Loading for Supply Chain Attacks *

Internal Documents from Chinese Hacking Contractor iSoon Exposed in Leak *

DDoS Attack Disrupts Top UK Universities' Services *

PSI Software, a Critical Infrastructure Vendor, Targeted by Ransomware Attack *

VietCredCare, A New Malware Threat Targeting Facebook Advertisers in Vietnam *

Chrome 122 and Firefox 123 Address High-Severity Vulnerabilities with Security Patches *

Global Law Enforcement Targets LockBit Ransomware Syndicate *

Linux Malware Campaign 'Migo' Targets Redis for Cryptomining *

Hacker group Cactus Ransomware Confirms Schneider Electric Hack *

North Korea Expands Revenue with Malware-Infused Gambling Websites as-a-Service *

Malware Attacks Increases as MacOS Adoption Rises: New Threats Target Apple Users *

M.O.R.E' Ransomware Surfaces on Dark Web, Posing Threat to Users Across Windows, Mac, and Linux Platforms *

Wyze Camera Breach Exposed 13,000 Strangers to View Inside Homes *

Critical Vulnerabilities Identified in ConnectWise ScreenConnect *

KeyTrap Vulnerability: Disrupting Internet Access with a Single DNS Packet *

Researchers Warn Smart Lawn Mowers could be a Target for Cyberattacks *

Revealing the Enigmatic 'MMS Fingerprint' Hack by NSO Group in Mobile and Wireless Networks *

Security Breach at Jaypee University in India: Allegations of Compromised Institute and Disclosure of Sensitive Data *

Anatsa Android Malware Infects Over 150,000 Devices Through Google Play Downloads *

Escalating DDoS Attacks Pose Threat to Media Freedom in Europe *

New Espionage Campaign Targets European and Iranian Embassies by Russia-Aligned Hackers *

New MonikerLink Flaw Puts Outlook Users at Risk of Data Theft and Malware Exposure *

Hackers Allegedly Breach Staffing Giant Robert Half, Offer Sensitive Data for Sale *

Critical Security Flaw in GL-AX1800 Router Allows Remote Code Execution by Attackers *

Hacker Caught Selling Bank Accounts of US and Canadian Users *

Cybersecurity Crisis Unfolds in India's Financial Sector as Motilal Oswal Breached *

Mastermind Behind FBI's Most-Wanted Zeus and IcedID Malware Cases Admits Guilt *

Eight Critical Vulnerabilities Revealed in the AI Development Supply Chain *

Cryptocurrency Firms Targeted by RustDoor macOS Backdoor Disguised as Job Offers *

Exploiting AWS for Mass Smishing: Unveiling the Malicious 'SNS Sender' Script *

U.S. Authorities Disrupt Russia-Linked Botnet Involved in Cyber Espionage Activities *

Unauthorized Access to U.S. State Government Network Exploiting Former Employee's Account *

ALPHV Ransomware Announces Successful Attacks on loanDepot and Prudential Financial *

CISA Urges Immediate Patching of Cisco ASA Flaw Exploited in Ransomware Attacks *

Critical RCE Vulnerabilities Patched by SolarWinds in Access Rights Manager *

CUSG CMS Vulnerabilities Exposed Credit Unions to Attacks *

TicTacToe Dropper Unleashes Data Theft and Multi-Threat Spread on Windows Systems *

New 'Gold Pickaxe' Malware on Android and iOS: Targeting Users through Facial Data Theft for Fraudulent Activities *

U.S. Internet Exposes Extended History of Internal and Customer Emails *

Chinese Hackers Utilize Deepfakes in Mobile Banking Malware *

RansomHouse Gang Launches MrAgent Tool for Automated VMware ESXi Attacks *

Uncovering Three Key Application Security Flaws Beyond Automated Scanner Detection *

South Korea Accuses North Korean Hackers of Breaching Presidential Office Email Account *

JabberZeus Leader Pleads Guilty to Zeus and IcedID Malware Operations *

Russian Threat Actor Turla Targets Polish NGOs with Newly Deployed TinyTurla-NG Backdoor *

ESET Fixes High-Severity Privilege Escalation Vulnerability *

Microsoft Acknowledges Exploitation of Critical Zero Day Vulnerability in Exchange Server *

Qakbot Malware Signals Potential Resurgence Post Law Enforcement Takedown *

Atlassian Vulnerability Identified as Cause of GAO Breach *

Microsoft and OpenAI Issue Alert Regarding Nation-State Hackers Utilizing AI for Cyber Attacks *

DNSSEC Vulnerability Single Malicious Packet Can Disable DNS Servers *

The Ubuntu Command not found Tool may cause Users to Install Rogue Packages *

Trans Northern Pipelines Investigates Cyber Breach by ALPHV or BlackCat Ransomware Gang *

Varta AG Halts Production Following Cyberattack on IT Systems *

Researchers Reveal KeyTrap DNS Vulnerability with Potential to Disable Large Parts of Internet *

Zoom Fixes Critical Vulnerability in Windows Applications *

Resurgence of Bumblebee Malware Attacks Following 4-Month Hiatus *

Data Breach at Integris Health Affects 2.4 Million Patients *

Cybercriminals Enhance Glupteba Botnet's Evasion Methods with Undocumented UEFI Bootkit *

Microsoft Patch Tuesday Security Advisory - February 2024 *

PikaBot Emerges with Enhanced Code Efficiency and Sneaky Strategies *

Jet Engine Dealer Reports Unauthorized Activity Amid Cybersecurity Incident *

Prudential Financial Reports Network Breach, Employee Data Compromised *

CISA Adds Roundcube Email Software Flaw to Known Exploited Vulnerabilities Catalog *

Microsoft Addresses Zero-Day Exploited in DarkMe RAT Distribution Campaign *

Cyber Fraud Epidemic: Telangana Loses 150 Crore in Just Over a Month *

Cybercriminals Exploit Three Familiar Vulnerabilities in Microsoft Word and Excel *

Ransomware Attack Shuts Down 21 Romanian Hospitals *

FCC Implements Stricter Data Breach Reporting Rules for Telecoms *

Bank of America Alerts Customers About Data Breach Following Vendor Cyberattack *

Microsoft Introduces Sudo for Windows 11 to Streamline Command Execution *

Senior Executives Targeted in Ongoing Azure Cloud Account Takeover Campaign *

Free Decryption Tool Released After Rhysida Ransomware Successfully Cracked *

Security Flaw in Smart Helmets Puts Millions in Danger of Hacking and Surveillance *

Largest Casino's Mobile App Exposes Customer Personal Information *

U.S. Justice Department Dismantles Warzone RAT Infrastructure and Apprehends Key Operators *

UK Shifts from Physical Biometric Immigration Cards to E-Visas *

Microsoft Outlook Clients Encounter Exchange ActiveSync Syncing Issues *

Canada Moves to Ban Flipper Zero and Similar Devices Amid Car Theft Concerns *

ExpressVPN Bug Exposes DNS Requests Over Years, Compromising User Privacy *

New Variant of MoqHao Android Malware Operates Without User Interaction *

Zardoor Backdoor Stealthily Targets Saudi Islamic Charity Organization *

New Ivanti Authentication Bypass Flaw Impacts Connect Secure and ZTA *

Raspberry Robin Exploits New One-Day Vulnerabilities, Enhancing Stealth and Persistence *

Advanced macOS Malware Disguised as Visual Studio Update *

Hyundai Motor Europe Hit by Black Basta Ransomware Attack *

Ransomware Attack Paralyzes Municipality of Korneuburg, Austria *

Microsoft Reveals New Windows 11 Feature: 'Sudo for Windows' *

LastPass Users at Risk from Counterfeit App on Apple App Store *

Escalating Iranian Offensive Cyber Operations Amid Israel-Hamas Conflict *

Analysis of HijackLoader Malware's Enhanced Defense Evasion Techniques *

APTs Exploit FortiOS Vulnerabilities in Critical Infrastructure Attacks *

Vulnerabilities in Cisco's Enterprise Communication Devices are Patched *

Google's Pilot Program Targets Financial Fraud by Blocking Risky Android APKs *

No Evidence of 3 Million Electric Toothbrushes Used in DDoS Attack *

Shim Vulnerability Poses Critical Risk to Majority of Linux Systems, Allowing Complete Compromise *

Security Flaw Exposes User Data in Spoutible, Prompting Concerns and Remedial Actions *

Danish Data Protection Authority Issues Injunction on Student Data Transfer to Google *

66,000 Individuals Impacted by SIM-Swapping Attacks Targeting US Insurance Giants *

Researchers Expose DiceLoader Malware Targeting Corporate Businesses *

U.S. Agencies Issue Warning on Chinese Cyber-Espionage Group's Threat to Critical Infrastructure *

Canon Mitigates 7 Critical Flaws in Small Office Printers with Urgent Patches *

Fortinet Addresses Critical Flaws in FortiSIEM with Immediate Patches *

False Facebook Job Ads Spreading 'Ov3r_Stealer' to Take Crypto and Credentials *

JetBrains Alerts of Fresh Authentication Bypass Vulnerability in TeamCity *

Verizon Insider Data Breach Impacts Over 63,000 Employees *

New Vulnerabilities Uncovered in Azure HDInsight Spark, Kafka, and Hadoop Services *

Android Addresses Critical Remote Code Execution Vulnerability with Patch *

Pennsylvania Courts Website Targeted in Denial-of-Service (DoS) Attack Disruption *

French Healthcare Firm Viamedis Faces Cyberattack, Potentially Impacting Millions *

AI SPERA Introduces Criminal IP ASM on Microsoft Azure Marketplace *

Dutch Ministry of Defence Targeted in Chinese State-Sponsored Cyberattack *

Cybercriminals Exploit Job Boards, Pilfering Millions of Resumes and Personal Data *

ApateWeb: Cybercriminals Exploit Over 130,000 Domains for Large-Scale Cyber Attacks *

Employee Falls Victim to $25.6M Deepfake Scam Involving AI-Generated CFO *

Microsoft Investigating Outlook Security Alerts Issue with .ICS Calendar Files *

Mitsubishi Electric Discloses Critical Vulnerabilities in Factory Automation Products *

Ivanti SSRF Zero-Day Actively Exploited at Scale, Warns Security Researchers *

Institute of Statistics in Albania Targeted by Iranian-Linked Hackers *

US Implements Visa Ban for Individuals Tied to Commercial Spyware Misuse *

NSO Group's Pegasus Spyware Targets Jordanian Activists and Journalists *

VajraSpy Malware Infecting Android Devices by using Patchwork's Romance Scam *

"Commando Cat", a new Cryptojacking Campaign Strikes Exposed Docker APIs *

QNAP Addresses High-Severity Vulnerabilities in QTS and Qsync Central with Patches *

A Cybercrime Operation Carried out by Interpol, Synergy, Takes Down 1,300 Servers *

Lurie Children's Hospital Halts IT Systems in Response to Cybersecurity Event *

APT28: Russian Hackers Utilize NTLM Relay Attacks to Target High-Value Organizations *

Leaky Vessels Flaws Allow Unauthorized Escape from Docker and runc Containers *

DirtyMoe Malware Strikes Over 2,000 Computers in Ukraine, Engaging in DDoS Attacks and Cryptojacking *

Latest Mispadu Banking Trojan Exploits Windows SmartScreen Vulnerability *

South African Railways Suffers Over $1 Million Loss Due to Phishing Scheme *

Critical Mastodon Flaw Enables Hijacking of Any Decentralized Account by Hackers *

Clorox Reveals $49 Million in Costs Resulting from Cyberattack *

AnyDesk Confirms Breach of Production Servers, Urges Users to Update Software and Change Passwords *

CISA Alert: Critical Security Vulnerabilities in Moby and OCI Components *

Unauthorized Access to Cloudflare via Compromised Okta Auth Tokens *

Romanian Parliament Faces Cybersecurity Breach, Exposing Officials' Confidential Information *

PurpleFox Malware Spreads Across Thousands of Computers in Ukraine *

CISA Urges Enhanced Security for SOHO Routers against Volt Typhoon Threats *

FTC Mandates Enhanced Security Measures for Blackbaud Following Major Data Breach *

FritzFrog's Return: Unleashing Log4Shell and PwnKit Exploits to Propagate Malware in Network Infrastructures *

Global Affairs Hit by Cyberattack, Initiates Shutdown of Computer Systems for Remediation *

HeadCrab 2.0 Embraces Fileless Strategy, Focuses on Exploiting Redis Servers for Cryptocurrency Mining *

CISA Issues Alert on Active Exploitation of Critical Flaws in Apple iOS and macOS *

Android Local Elevation Flaw Exploit Unleashed, Affecting 7 OEMs *

Fintech Giant Direct Trading Technologies Faces Data Leak Impacting Over 300K Traders *

Cybercriminals Leveraging Ivanti VPN Vulnerabilities to Distribute KrustyLoader Malware *

UNC4990 Strikes Italian Businesses with Weaponized USBs, Unleashing Cryptojacking Malware *

Telegram's Role in Cybercrime: Easy-to-Use Kits and Malware Fueling a Surge in Phishing Attacks *

Johnson Controls Reports $27 Million Cost and Data Breach from Ransomware Attack *

Ivanti Issues Alert on Actively Exploited Zero-Day in Connect Secure Product *

Mercedes-Benz Source Code Exposed Due to Mishandled GitHub Token *

Critical Workspace Creation Flaw in GitLab Requires Immediate Upgrade to Mitigate File Overwrite Risk *

Web-Based Ransomware Decryption Tool Facilitates Recovery of Partially Encrypted Files *

The Mother of All Breaches: Massive Release of 26 Billion Records Exposes LinkedIn, Twitter, and Major Organizations *

Threat Actors Sell 1.8TB Database of Personal Information for 750 Million Indian Mobile Users *

Ukrainian Prisoners of War Oversight Agency Faces Cybersecurity Breach *

Newly Discovered glibc Vulnerability Enables Attackers to Attain Root Access on Major Linux Distributions *

DarkGate Malware Spread Through Microsoft Teams Phishing in Group Chats *

Italian Data Protection Authority Accuses ChatGPT of Privacy Violations Under GDPR *

ZLoader Malware Resurfaces with 64-bit Windows Compatibility in Latest Variant *

Juniper Networks Issues Critical Junos OS Updates to Address High-Severity Vulnerabilities *

Rising Threat: Albabat, Kasseika, Kuiper - Emergence of New Ransomware Gangs Leveraging Rust and Golang *

Outlook Vulnerability Reveals NTLM Passwords, Researchers Warn *

Schneider Electric Faces Cactus Ransomware Attack with Threats of Data Leak *

FBI Warns of Tech Support Scams Employing Couriers for Money Collection *

Keenan & Associates Alerts 1.5 Million Individuals to Data Breach Following Summer Cyberattack *

Outlook Apps Encounter Connectivity Issues with Outlook.com, Microsoft Investigating *

45,000 Jenkins Servers Vulnerable to RCE Attacks Through Public Exploits *

Microsoft Teams Faces Second Outage in Three Days, Disrupting Services in North and South America *

Critical Jenkins Vulnerability (CVE-2024-23897) Poses RCE Threat *

Malicious PyPI Packages Deliver WhiteSnake InfoStealer Malware to Windows Systems *

Vulnerabilities in Westermo Lynx Switches Pose Risks for Industrial Organizations *

Ukraine's Major Energy, Postal, and Transportation Entities Targeted in Cyberattacks *

Pegasus Spyware Targets Mobile Devices of Journalists in Togo *

AllaKore RAT Malware Targets Mexican Companies Using Financial Fraud Techniques *

Healthcare Provider Alerts 4 Million Patients Regarding Data Breach at Perry Johnson & Associates (PJ&A) *

Ransomware Strikes Kansas City Public Transportation Authority *

Microsoft Issues Alert on Expanding APT29 Espionage Campaign Targeting Global Organizations *

Malicious Google Ads Target Chinese Users in Ongoing Malvertising Campaign *

Critical Cisco Flaw Enables Remote Takeover of Unified Communications Systems *

23andMe Confirms Data Breach: Attackers Exfiltrate Raw Genotype Data and Health Reports *

Blackwood Hackers Exploit WPS Office Update Mechanism for Malware Installation *

LODEINFO Fileless Malware Advances with Enhanced Anti-Analysis and Remote Code Techniques *

Mozilla Addresses 15 Vulnerabilities, Including Five High-Severity, in Firefox and Thunderbird Updates *

EquiLend Faces Disruptions Following Cyberattack, Initiates Investigation and Restoration Efforts *

BuyGoods.com Exposes 198GB of Internal and User Personally Identifiable Information (PII) and Know Your Customer (KYC) Data *

Critical Google Kubernetes Misconfiguration Allows Any Gmail Account to Control Clusters *

AI Expected to Escalate Ransomware Threat in the UK Over Next Two Years, Warns NCSC *

Pwn2Own Automotive 2024: Tesla Breached with Demonstration of 24 Zero-Day Exploits *

Russian Hackers Infiltrate Email Accounts of HPE Security Team *

Credential Stuffing Attack Affects Potential 340,000 Jason’s Deli Customers *

Lamassu Bitcoin ATMs Exposed to Exploits, Allowing Potential Wallet Draining *

Kasseika Ransomware Exploits Antivirus Driver to Disable Competing Security Software *

DDoS attacks are moving from megabits to terabits, according to Gcore Radar *

Malicious NPM Packages Compromise Developer SSH Keys, Exfiltrate Data via GitHub *

Fortra GoAnywhere MFT Authentication Bypass Vulnerability Exploited with Release of Exploit Code *

Ransomware Attack Strikes Veolia North America's Water Services Operations *

Active Exploitation: Critical Confluence Remote Code Execution Vulnerability Targeted in 40,000 Attacks Within 3 Days *

AerCap, Global Aviation Leasing Leader, Falls Victim to Ransomware Attack *

Apple Releases iOS 17.3, Issues Warning on WebKit Zero-Day Exploits *

Stealthy Malicious Web Redirect Scripts Concealed Within Compromised Websites *

Apple Swiftly Addresses 2024's First Zero-Day Exploit with Critical Security Updates *

North Korean Hackers Exploit Fake Research to Deploy RokRAT Backdoor *

Splunk Enterprise Addresses High-Severity Vulnerability in Latest Patches *

Apache ActiveMQ Vulnerability Exploited in Recent Wave of Godzilla Web Shell Attacks *

Java and Android Vulnerability: MavenGate Attack Poses Security Threat, Allowing Hackers to Hijack Systems via Abandoned Libraries *

MacOS Backdoor: The Lucrative Threat of Cracked Software Stealing Cryptowallets Surpasses Gold *

SEC Affirms X Account Compromised in SIM-Swapping Incident *

VMware Addresses Critical Code Execution Vulnerability in vCenter Server with Security Updates *

VF Corporation, Owner of Vans and The North Face, Discloses Ransomware Breach Impacting 35 Million Individuals *

NS-STEALER Exfiltrates Secrets from Popular Web Browsers by Using Discord Bots *

Critical Vulnerabilities Discovered in Leading Open Source AI/ML Platforms *

Brave Browser Discontinues 'Strict' Fingerprinting Protection Due to Website Compatibility Issues *

Ransomware Attack by Tietoevry Results in Disruptions for Swedish Companies and Municipalities *

Ransomware Attacks Utilize TeamViewer for Network Breaches *

Developer Charged with Hacking Following Disclosure of Cybersecurity Concerns *

Cyberattack Disrupts IT Network and Services at Kansas State University *

Docker Hosts Compromised in Ongoing Scheme for Website Traffic Theft *

Unpatched Vulnerabilities in Rapid SCADA Pose Risks to Industrial Systems *

Vulnerability in TensorFlow CI and CD Exposes Supply Chain to Poisoning Attacks *

Google Detects Deployment of Spica Backdoor Malware by Russian FSB Hackers *

Inferno Drainer's Scam-as-a-Service Drains 87 Million Dollars from 137000 Victims *

PixieFail UEFI Vulnerabilities Pose Risks of Remote Code Execution, Denial of Service, and Data Theft for Millions of Computers *

GitHub Rotates Keys to Mitigate Credential-Exposing Vulnerability *

VMware Issues Urgent Patch for Critical Aria Automation Flaw *

LeftoverLocals Attacks Expose AI Data Leak in GPUs from AMD, Apple, and Qualcomm *

A Botnet Bigpanzi has Infected 170,000 Android TV Boxes with Malware *

Microsoft Warns of Iranian Hackers Using Fresh MediaPl Malware to Target Researchers *

Exposes Pegasus Spyware on iPhone with a New iShutdown Method *

PAX PoS Terminal Vulnerability Enables Transaction Tampering by Attackers *

Have I Been Pwned adds 71 Million Emails from NazAPI Stolen Account Dataset *

Oracle Addresses 200 Vulnerabilities in January 2024 Critical Patch Update *

Atlassian Alerts Critical Remote Code Execution Vulnerability in Confluence Versions *

Google Addresses First Actively Exploited Chrome Zero-Day of 2024 *

FBI and CISA Issue Alert as Androxgh0st Malware Botnet Targets AWS and Microsoft Credentials *

New Attack Wave Spreads Remcos RAT Through Adult Games *

Ransomware Attack Hits Majorca's Calvia City, Extortionists Demand $11 Million *

Critical Zero-Day Vulnerabilities in Citrix Netscaler Exploited *

MyFlaw Security Flaw in Opera Browser Exposes Mac and Windows Users to File Execution Attacks *

Balada Injector Exploits Plugin Vulnerability, Compromising 7,100 WordPress Sites *

Windows SmartScreen Vulnerability Exploited to Deliver Phemedrone Malware *

High-Severity Vulnerabilities Detected in Bosch Thermostats and Smart Nutrunners *

Over 178,000 SonicWall Firewalls Exposed to DoS and Potential RCE Vulnerabilities *

Microsoft Working on Fix for Windows 10 0x80070643 Errors in KB5034441 Update Installation *

Lush, UK Cosmetics Retailer, Confirms Cyberattack *

Ivanti Connect Secure Exploited with Zero-Days to Deploy Custom Malware *

GitLab Issues Warning on Critical Zero-Click Account Hijacking Vulnerability *

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit *

Critical Remote Code Execution Vulnerability Discovered in Juniper SRX Firewalls and EX Switches *

CISA Warns of Actively Exploited Critical Microsoft SharePoint Vulnerability *

Atomic Stealer Upgrade Targets Mac Users with Encrypted Payload *

Microsoft Releases Script for Updating Windows 10 WinRE with BitLocker Fixes *

Python-Powered FBot Hacking Toolkit Targets Cloud and SaaS Platforms *

Major T-Mobile Outage Disrupts Account Access and Mobile App Functionality *

Risk Emerges for ERP Systems as New Proof-of-Concept Exploit Targets Apache OFBiz Vulnerability *

Critical Vulnerabilities Expose 150k WordPress Sites to Takeover Risk Through POST SMTP Mailer Plugin *

Framework Computer Reveals Data Breach Following Phishing Attack on Accountant *

Data Breach at Fidelity National Financial Exposes Personal Information of 1.3 Million Individuals *

Pro-Ukraine Hackers Retaliate, Breach Russian ISP in Response to Kyivstar Attack *

Free Decryptors Unveiled for Victims of Black Basta and Babuk's Tortilla Ransomware *

Hathway Faces Data Breach as Hacker Leaks KYC Data of 4 Million Users *

Cisco Addresses Critical Unity Connection Bug Allowing Attackers to Obtain Root Privileges *

The Newest Mirai-Based Botnet Exploiting SSH Servers for Cryptocurrency Mining *

Saudi Ministry Exposes Sensitive Data, Posing Substantial Cybersecurity Threat *

Significant Data Breach Raises Alarm Over Potential Exposure for Entire Brazilian Population *

Water Curupira Hackers Unleash PikaBot Loader Malware in Ongoing Cyber Threat Campaign *

Turkish Hackers Targeting Weakly Secured MSSQL Servers for Global Ransomware Attacks *

CISA Adds Six Actively Exploited Vulnerabilities to KEV Catalog Affecting Apple, Adobe, Apache, D-Link, and Joomla Products *

Security Flaws Discovered in QNAP and Kyocera Device Manager *

Windows 10 KB5034122 Update Addresses Shutdown Bug *

Microsoft Patch Tuesday Security Advisory - January 2024 *

Fake Hack-Back Offers Target Ransomware Victims, Warns Cybersecurity Firm *

CISA Issues Warning on Exploitation of Apache Superset Vulnerability *

Beirut International Airport experienced a cyber attack *

NoName Group's DDoS Assault Targets Ukrainian Government Websites *

Maldives Government Websites Recover After Cyberattack Amid Diplomatic Strains *

North Korea's DPRK Hackers Pilfered $600 Million in 2023 Cryptocurrency Heist *

NIST Highlights Security and Privacy Risks Amid Swift Deployment of AI Systems *

Cross Switch Faces Data Breach and 3.6 Million Records Potentially Compromised *

Hackers Exploit Netgear and Hyundai X Accounts for Crypto Draining Scams *

Toronto Zoo Confirms Ransomware Attack Had Zero Impact on Animal Wellbeing *

Syrian Cyber Group Unleashes Destructive SilverRAT Threat *

Sea Turtle Cyber Espionage Campaign Strikes Dutch IT and Telecom Sectors *

Cyberattack on loanDepot Mortgage Firm Disrupts IT Systems and Payment Portal *

Cyberattack Strikes Municipal Systems in West Virginia City *

Ivanti Warns of Critical EPM Vulnerability Allowing Device Hijacking *

Cyber Partisans Hacktivist Group Targets and Shuts Down Belarusian News Agency BelTA *

Pays Fouesnantais and France's Township Faces Municipal Service Disruption after Cyberattack *

New macOS Backdoor Threat SpectralBlur Linked to North Korean Hackers *

New Variant of Bandook RAT Targets Windows Machines *

Hackers Exploit Vulnerabilities in Apache RocketMQ Servers for RCE Attacks *

Data Breach at Now-Defunct Ambulance Service Affects Nearly 1 Million Individuals *

In an assault on KyivStar, Russian hackers erased thousands of Systems *

UAC-0050 Adopts Novel Phishing Strategies for Dispensing Remcos RAT *

Mandiant’s Twitter Account Recovered Following Six-Hour Crypto Scam Breach *

Malware Exploiting Google MultiLogin Vulnerability to Persist After Password Reset *

Linux Targeted by 3 Malicious PyPI Packages Deploying Crypto Miners *

SMTP Smuggling Flaw Enables Attackers to Bypass Security and Spoof *

CISA Alert: Actively Exploited Vulnerabilities Found in Chrome and Excel Parsing Library *

Australian Court Service Faces Breach, Hearing Recordings Potentially Compromised *

Xerox's U.S. Subsidiary XBS Falls Victim to Breach as Ransomware Gang Leaks Data *

Orbit Chain's $86 Million Loss in Year-End 2023 Fintech Hack *

Android Game Developer's Google Drive Misconfiguration Exposes Cloud Security Risks *

Windows 10 and 11 Face New DLL Search Order Hijacking Variant, Evading Protections *

Kimsuky Hackers Utilize AppleSeed, Meterpreter, and TinyNuke in Recent Attacks *

New Malware 'JinxLoader' Delivering Formbook and XLoader Threats *

EasyPark Reveals Data Breach Affecting Potentially Millions of Users *

Anna Jaques Hospital's Computer System Compromised in Cyberattack *

Albanian Parliament and Telecom Company Targeted in Cyberattacks *

Lockbit Ransomware Causes Emergency Care Disruption in German Hospitals *

Russian Military Hackers Unleash New MASEPIE Malware in Targeted Campaign Against Ukraine *

Ransomware Attack Strikes Trinidad and Tobago's Social Security Agency *

Microsoft Takes Action to Safeguard Against Malicious Exploitation, Disabling MSIX Protocol Handler *

Chinese Hackers Exploit Fresh Zero-Day in Barracuda's ESG Appliances *

Critical Zero-Day Vulnerability in Apache OfBiz ERP System Poses Business Threat *

Corewell Health Faces Another Data Breach, Affects Over 1 Million Patients *

DragonForce Ransomware Claims Cyberattack on Ohio Lottery *

LoanCare Notifies 1.3 Million Individuals Regarding Data Breach *

Microsoft Word docs used to impersonate the Nepali government in a Nim-based campaign *

Cyber-Phishing Attacks with Cryptocurrency Drainers are on the Rise *

A New Ransomware Variant of Carbanak Banking Malware has been Discovered *

Android or Xamalicious Stealth Backdoor Actively Infecting Devices *

Reports of a Data Breach have been Investigated by Video Game Giant UBISOFT *

LONEPAGE Malware Targets Ukrainian Companies with UAC-0099 Exploit Based on WinRAR *

ESET Resolves High-Severity Flaw in Multiple Product's Secure Traffic Scanning *

The Iranian Hackers have Developed a New Backdoor for Hacking Windows *

Cloud Atlas' Targeted Spear-Phishing Strikes: Russian Agro and Research Firms Under Attack *

New Instagram Phishing Campaign Targets 2FA Backup Codes *

Indian government Entities Targeted by Rust-based Malware *

WordPress Plugin Breach: E-Commerce Sites Vulnerable to Credit Card Theft *

Europol Alerts to 443 Online Stores Infected with Credit Card Theft Scripts *

Ubisoft Initiates Investigation into Recent Reports of Security Breach *

Akira Ransomware Group Takes Credit for Cyberattack on Nissan Australia *

Mint Mobile Reveals Fresh Data Breach, Unveiling Customer Information Exposure *

Chrome Extensions Forcing 1.5 million Fake VPNs to be Installed *

Chameleon Android Malware Disables Fingerprint Unlock to Pilfer PINs *

OpenAI Addresses ChatGPT Data Leak with Imperfect Fix Rollout *

Cyberattack Forces First American to Shut Down IT Systems *

A New FalseFont Malware Title Targets Defense Firms, According to Microsoft *

Healthcare Software Provider's Data Breach Affects 2.7 Million Patients *

Google Addresses the Eigth Actively Exploited Zero-Day Vulnerability in Chrome *

Critical Pre-Auth Stack Buffer Overflows Affect Ivanti Avalanche *

F5 BIG-IP Zero-Day Alert Emails Spreading Data-Wiping Malware *

HCL Technologies Faces Ransomware Attack: Ongoing Investigation Underway *

FBI Disrupts BlackCat Ransomware Operation and Develops Decryption Tool *

FBI Reveals ALPHV Ransomware Profited $300 Million from 1,000 Victims *

The Terrapin attack can compromise the security of OpenSSH connections *

GitHub Exploited by Hackers to Skirt Detection and Compromise Hosts *

Web Injections Campaign Targets 50000 Users, Stealing Banking Data in Ongoing Threat *

Mr. Cooper Data Breach Exposes 14.7 Million Individuals to Security Risks *

Iran's Gas Stations Hit by Suspected Cyberattack, Causing Widespread Disruption *

Microsoft Reveals High-Severity Remote Code Execution Flaw in Perforce Helix *

Xfinity Reveals Data Breach Following Citrix Server Hack *

Customer Data Exposed in Cyberattack on MongoDB, Company Confirms *

Qbot Malware Resurfaces in Phishing Campaign Aimed at Hospitality Sector *

Google Phishing Ads Target WordPress Hosting Provider Kinsta *

Rhadamanthys Stealer Malware Advances with Enhanced Capabilities *

Ransomware Threats Target Patients of Fred Hutch Cancer Center *

3CX Issues Warning to Disable SQL Database Integrations *

Data Breach at Delta Dental of California Exposes Personal Information of 7 Million Individuals *

U.S. Nuclear Research Lab's Data Breach Affects 45,000 Individuals *

A Cryptocurrency Wallet Supply Chain Attack Stole $600K from Ledger dApps *

NKAbuse Malware Leveraging NKN Blockchain for Covert Comms *

Kraft Heinz Probes Alleged Hack, Assures Normal System Operations *

Hackers Hijack SOHO Routers and VPN Devices with Stealthy KV-Botnet *

Phishing Evolution: BazarCall Adopts Google Forms for Credible Deception *

CISA Warns of Russian Hackers Targeting TeamCity Servers Since September *

Microsoft Takes Control of Domains Selling Fake Outlook Accounts *

Hackers Leverage Public PoC to Exploit Critical Flaw in Apache Struts *

1,450 Exposed pfSense Servers Vulnerable to RCE Attacks via Bug Chain *

Booking-Themed Scam Unleashes New MrAnon Stealer Malware, Targets German Users *

Threat Actor Exploits Recruiters with Malicious More Eggs Backdoor Malware *

Microsoft Warns of OAuth App Exploitation for BEC and Cryptomining Attacks *

Sophos Proactively Backports Remote Code Execution (RCE) Fix for Unsupported Firewalls Post-Attacks *

Russian APT28 Launches Cyber Espionage Campaign Across 13 Nations *

Microsoft Patch Tuesday Security Advisory - December 2023 *

HTML Injection Bug in Counter-Strike 2 Exposes Players' IP Addresses *

University of Wollongong Confirms Data Breach and Alerts Authorities *

Americold, Cold Storage Giant, Confirms Data Breach After Malware Attack in April *

Critical Bug in Backup Migration Plugin Exposes 50K WordPress Sites to RCE Attacks *

Emergency Apple Updates Address Zero-Day Vulnerabilities in Older iPhone Models *

Researchers have Unmasked Sandman APT's Hidden Connection to China's KEYPLUG Backdoor *

The Lazarus Hackers have Released a New RAT Malware Using a Two-Year-Old Bug in Log4j *

A Record 2.6 Billion Users Records have been Exposed by Apple, but End-to-End Encryption Wins Out *

The AutoSpill Attack Steals Passwords from Android Password Managers *

Ransomware Gang Confirms Cyber Hit on California Hospital *

Norton Healthcare Reveals Data Breach Following May Ransomware Attack *

New HeadCrab Variant Exploits Redis Servers for Root Access *

Google Drive Users Continue to Face Challenges Despite Proposed Fix for File Recovery *

Email Sending Challenges in Microsoft Outlook for Users with Extensive Folders *

5Ghoul Vulnerability Strikes Qualcomm and MediaTek Chip-Powered 5G Phones *

Iranian Threat Poses Risk to Israel's Critical Infrastructure Through 'Polonium' Proxy *

New Bluetooth Vulnerability Enables Hackers to Seize Control of Android, Linux, macOS, and iOS Devices *

WordPress Resolves POP Chain Vulnerability, Safeguarding Websites Against RCE Exploits *

Data Breaches at Two Cambridge Hospitals are Caused by Excel Spreadsheets *

Microsoft Alerts on COLDRIVER's Adaptive Evasion Techniques and Credential Theft Strategies *

Russian State-Sponsored Hackers Target NATO Rapid Response Corps in Cybersecurity Breach *

Linux Servers are Infected with the Krasue RAT Malware using Embedded Rootkits *

North Korean Hacker Group Andariel Targets South Korean Companies, Stealing Defense Secrets *

Austal USA, Navy Contractor, Confirms Cyberattack and Data Leak *

US Senator Exposes Government Surveillance via Mobile Notifications on Apple and Google Users *

Qualcomm Discloses Exploited Chip Flaws in Targeted Attacks *

Intel and AMD CPUs are Vulnerable to SLAM Attacks that Steal Sensitive Data *

Critical Infrastructure Routers Face 21 Sierra Vulnerabilities *

Nissan Proactively Investigating Cybersecurity Incident and Assessing Potential Data Breach *

Critical Remote Code Execution Vulnerabilities Patched in Various Atlassian Products *

Go Module Repositories on GitHub: The Growing Threat of Repojacking *

Kali Linux 2023.4 Features GNOME 45 and 15 New Tools in Latest Release *

Cyberattack Confirmed by HTC Global Services after Data was Leaked *

23andMe Confirms Hackers Accessed Data from Millions of Users *

Thousands of Israeli Hospital Documents have been Leaked by Iran-Linked Hackers *

U.S. Government Agencies Compromised Through Exploitation of Adobe ColdFusion Vulnerability by Hackers *

WALA, International Dog Breeding Organization, Reveals 25GB of Pet Owners' Data *

Beware: iPhone Users Alerted to Deceptive Fake Lockdown Mode Attack *

The SpyLoan Android Malware has been Downloaded 12 Million Times from Google Play *

Android Security Updates for December 2023 Address 85 Vulnerabilities, Including a Zero-Day RCE Vulnerability *

More than 20,000 Microsoft Exchange Servers at Risk of Exploitation in Cyber Attacks *

WeMystic Fortune-Telling Platform Exposes Over 13 Million User Records *

Tipalti Probes Allegations of Data Breach Amid Ransomware Attack *

Microsoft Issues Alert on Malvertising Campaign Propagating CACTUS Ransomware *

The Fake Security Advisory Pushes Backdoor Plugins for WordPress *

Russian Cyber Threat Actors Exploit Outlook Vulnerability to Hijack Exchange Accounts *

AeroBlade Hackers Target U.S. Aerospace Sector in Fresh Campaign *

MIPS Devices are Targeted by a Stealthier Version of P2Pinfect Malware *

Revolutionizing Browsing: Google Chrome's Cache Update *

Hospitals are urged to patch Citrix Bleed bug *

Since 2017, North Korea's State Hackers Have Stolen $3 Billion in Crypto *

Pirated Software Distributes Proxy Malware Targeting Mac Users *

Qilin Ransomware Linux Variant Concentrates on Targeting VMware ESXi *

Berglund Management Group Discloses Data Breach Affecting Over 50,000 Individuals in the US *

VMware Resolves Critical Authentication Bypass in Cloud Director After 2 Weeks of Unpatched Vulnerability *

Microsoft Windows KB5032278 Update Introduces Copilot AI Assistant, Addresses 13 Bugs *

Newly Discovered Agent Raccoon Malware Exploited by Hackers to Create Backdoors in US Systems *

Chinese Hackers Employ SugarGh0st RAT in Targeting South Korea and Uzbekistan *

FjordPhantom Android Malware Employing Virtualization for Evasion Tactics *

North Carolina's Hendersonville Exposes Employee Data in Thanksgiving Cybersecurity Breach *

Zyxel Issues Warning on Critical Vulnerabilities Found in NAS Devices *

Staples Confirms Cyberattack as Cause for Service Disruptions and Delivery Challenges *

JAXA, Japan's Space Agency, Falls Victim to Cyberattack *

Apple Addresses Two New iOS Zero-Day Vulnerabilities with Emergency Updates *

UEFI Code Vulnerabilities Exploitable for Bootkit Implantation Through Image Files *

Cybersecurity Incident Impacts Capital Health Hospitals, Resulting in IT Disruptions *

Numerous Undisclosed secrets discovered within application images on Docker Hub *

A Ransomware Attack Exploits Qlik Sense Flaws to Infect Networks with Cactus Ransomware *

Hackers Compromise US Water Facility Through Exposed Unitronics PLCs *

Third-Party Data Breach Affects 2 Million Individuals at Dollar Tree *

Automotive Giant Yanfeng Hit by Qilin Ransomware Attack *

Egyptian E-Payment Provider Recovers After LockBit Ransomware Attack *

US Authorities Seize Sinbad Cryptocurrency Mixer Utilized by North Korean Lazarus Hackers *

Okta Data Breach in October Impacts All Users in Customer Support System *

Play Ransomware Group Targets 17 Victims, Including 14 US-Based Companies *

New 'Xaro' Variant of DJVU Ransomware Poses as Cracked Software to Deceive Users *

Experts Warn of More than 200 Malicious Android Apps Targeting Iranian Banks *

Rapid Exploitation of Critical ownCloud Vulnerability in the Wild *

Google Addresses the Sixth Actively Exploited Zero-Day Vulnerability in Chrome for 2023 *

Critical Vulnerability Uncovered in Ray AI Framework *

Bluetooth Vulnerability BLUFFS Allows Attackers to Take Command of Connections *

Hackers Can Exploit the 'Forced Authentication' Feature to Steal Windows NTLM Tokens *

Government of Serbia accused of using Military-grade Spyware against Critics *

DP World Admits Cybersecurity Breach in Australia, Reveals Data Theft Without Ransomware Deployment *

North Korean Cyber Actors Utilize Hybrid macOS Malware Tactics for Enhanced Stealth and Evasion *

Ransomware Breach Strikes Slovenia's Primary Power Giant, HSE *

Ransomware Attack Disrupts Ardent Hospital Emergency Rooms Across Six States *

Gulf Air Experiences Data Breach, Assures No Impact on Critical Operations *

Ukraine Claims Successful Hack into Russian Aviation Agency, Leaks Data *

QRadar SIEM Vulnerability Enables Remote Attackers to Initiate Denial of Service Attacks *

Ransomware Strike Erases All Player Accounts for Indie Game Developer *

Rivers Casino Customers and Employees' Sensitive Data has been Compromised by Hackers *

Rhysida Ransomware Gang Claims Breach of China Energy *

Google Drive Users Frustrated After Losing Months of Stored Data *

Appscook, School App Developer, Exposes Sensitive Data of Hundreds of Children *

The General Electric Company investigates claims of cyber attack and data theft *

KyberSwap Reports $54.7 Million in Cryptocurrency Stolen in Cyberattack *

APT Attacks Targeting the Afghan Government Use a New Web Shell Called HRServ.dll *

Supply-Chain Attack Unleashes Zero-Day Exploit in UK and South Korea Cybersecurity Incident *

Israel Targeted by Rust-Powered SysJoker Backdoor in Cyberattacks Linked to Hamas *

Confidential Kubernetes Secrets from Fortune 500 Enterprises Unveiled in Public Repositories *

OwnCloud File Sharing App Vulnerability Exposes Admin Passwords *

Neanderthals Exploit Telegram Bot "Telekopye" for Large-Scale Phishing Scams *

Data Breach Exposes Personal Information of 27,000 Members of NYC Bar Association *

CTS Cyberattack Rattles Dozens of UK Law Firms *

Germany's Federal Bar Association Probes Ransomware Attack *

Kansas Courts Affirm Data Breach and Ransom Request Following Cyberattack *

Latest Attacks by Konni Group Utilize Malicious Word Documents in Russian Language *

The Black Basta Ransomware Group has Compromised New Targets *

Widespread Distribution of New WailingCrab Malware Loader Through Shipping-Related Emails *

Indian Railway Catering and Tourism Corporation (IRCTC) Suffers Server Down Affecting E-Ticket Booking *

Expansion of ClearFake Campaign Takes Aim at Mac Systems with Atomic Stealer *

Windows Hello Authentication Bypass Identified on Microsoft, Dell, and Lenovo Laptops *

North Korean Threat Actors Employ Malware Campaigns Disguised as Job Recruiters and Seekers *

Data Breach at Welltok Exposes Information of 8.5 Million US Patients *

Tmax Enterprise software provider Experiences Data Breach, Exposing 2 Terabytes of Information *

Microsoft Reports CyberLink Breach by Lazarus Hackers in Supply Chain Attack *

Dragon Touch Children's Tablet Compromised by Corejava Malware *

Fresh Botnet Malware Leverages Pair of Zero-Day Vulnerabilities to Target NVRs and Routers *

CISA Issues Urgent Directive for Immediate Response to Looney Tunables Linux Vulnerability *

Wolf Haldenstein Adler Freeman & Herz LLP Issued a Data Breach Alert on Midwest Gaming & Entertainment, LLC. *

AutoZone Alerts of Data Breach Due to MOVEit Vulnerability *

Hacktivists Breach U.S. Nuclear Research Lab, Compromising Employee Data *

CISA's Cybersecurity Guide: Safeguarding Healthcare and Public Health Organizations *

Play Ransomware Shifts to Commercial Model, Offered as Service to Cybercriminals *

Deceptive Campaign Aims at Indian Android Users, Impersonating Banks and Government Bodies *

Latest Agent Tesla Malware Iteration Employing ZPAQ Compression in Email-Based Assaults *

South China Sea Tensions Prompt Mustang Panda Hackers Target Philippines Government *

Critical Vulnerability in Industrial Refrigeration Products Patched by Johnson Controls *

LittleDrifter USB Malware Linked to Gamaredon Spreads Outside Ukraine *

Contractor Hacks Lead to Canadian Government's Data Breach Disclosure *

Apache ActiveMQ RCE Exploited by Kinsing Malware to Install Rootkits *

New Version of LummaC2 Malware Unveils Innovative Trigonometry-Based Anti-Sandbox Technique *

Increase in NetSupport RAT Infections: Targeting Government and Business Sectors *

Phobos Ransomware Accuses VX-Underground Malware Collective of Framing *

Indian Hackers Targeting U.S., China, and Other Nations for More Than Ten Years *

FCC Implements New Regulations Safeguarding Consumers Against SIM-Swapping Threats *

RSA Keys Extracted from SSH Server Signing Errors by Researchers *

Russian Hackers Exploit WinRAR and Ngrok Features in Embassy Attacks *

Yamaha Motor's Philippine Subsidiary Hit by Ransomware Assault *

Discord Phishing Scam Emerges Following Bloomberg Crypto X Account Mishap *

CISA Adds Three Actively Exploited Vulnerabilities in Windows, Sophos, and Oracle into KEV Catalog *

Vietnam Post Corporation Leaks 1.2TB of Data, Revealing Email Addresses of Employees *

Deceptive Google Ads Lure WinSCP Users into Installing Malicious Software *

Security Researchers Uncover Malicious Packages on PyPI and NPM Repositories Targeting Developers *

Fortinet Alerts Users to Critical Command Injection Vulnerability in FortiSIEM *

Experts Reveal DarkCasino as New APT Threat Leveraging WinRAR Security Flaw *

Ransomware Group Lodges SEC Complaint Regarding Victim's Unreported Breach *

Exploitation of Zimbra Email Software's Zero-Day Flaw by Four Hacker Groups *

Toyota Acknowledges Security Breach as Medusa Ransomware Threatens Data Leak *

Significant Data Breach Reported at Smart WiFi Provider Plume by Alleged Hackers *

Long Beach, California Shuts Down IT Systems Following Cyberattack *

FBI Exposes Tactics Used by the Notorious Scattered Spider Hacker Group *

Google Workspace and Cloud Platform Vulnerable to Potential Ransomware Exploits *

FBI and CISA Alert on Opportunistic Rhysida Ransomware Attacks *

Toronto Public Library Acknowledges Data Breach in Ransomware Attack *

North Carolina County Faces Unauthorized Data Access in Cyberattack by Hackers *

Australian Agency Raises Alarm Over Threat from State-Supported Hackers *

Dolly.com's Ransom Payment Doesn't Stop Attackers from Releasing Data *

Latest PoC Exploit for Apache ActiveMQ Vulnerability Enables Low-Profile Attacks *

Denmark's Critical Infrastructure Faces Largest Coordinated Cyberattack, Targeting 22 Energy Firms *

PJ&A Cyberattack Exposed Nearly 9 Million Patient Records *

Recent Data Breach Impacts Customers of Samsung's UK Store *

FBI Announces Success in Disrupting IPStorm Botnet and Its 23,000 Malicious Proxies *

Targeted Attacks on MySQL Servers and Docker Hosts Using DDoS-Enabled Malware Detected by Researchers *

LockBit Ransomware Exploits Citrix Bleed Vulnerability, Exposing 10,000 Servers in Attacks *

Truepill Pharmacy Platform Reports Data Breach Affecting 2.3 Million Customers *

VMware Reveals Critical Authentication Bypass in VCD Appliance Without Available Patch *

New Reptar CPU Bug Impacts Intel's Desktop and Server Systems *

Vulnerability in WP Fastest Cache Plugin Puts 600k WordPress Sites at Risk of Attacks *

Vietnamese Cybercriminals Employ Delphi-Based Malware to Attack Indian Marketing Professionals *

Critical Azure CLI Vulnerability Addressed by Microsoft, Preventing Credential Leakage in Logs *

AMD CPU Vulnerability "CacheWarp" Allows Root Access in Linux VMs *

Microsoft Patch Tuesday Security Advisory - November 2023 *

Chinese Hackers Conduct Stealthy Espionage Assaults on 24 Cambodian Entities *

Lorenz Extortion Group Leaks Stolen Data from Cogdell Memorial Hospital in Texas *

IP Criminality & Advanced Cyber Threat Analysis with Cisco SecureX-XDR *

Emergence of a New Ransomware Faction Armed with Hive's Source Code and Infrastructure *

Ethereum's 'Create2' Function Abused in $60M Cryptocurrency Theft *

DP World Hit by Cyberattack, Paralyzing Thousands of Containers in Ports *

"Chess.com" Grapples with Dual Data Breaches as Threat Actors Leak 1,276,000 Scraped User Records *

Israel Alerts Organizations to BiBi Malware Wiper Attacks Targeting Linux and Windows *

Microsoft Issues Alert Regarding Fraudulent Skills Assessment Portals Targeting IT Job Seekers *

Microsoft Resolves Slow Saving Issues in Outlook Desktop with Bug Fix *

Tri-City Medical Center in Oceanside is Impacted by Ongoing Cyberattacks *

Law Enforcement Dismantles BulletProftLink, a Major Phishing Service Provider *

Data Breach at McLaren Health Care Impacts 2.2 Million People *

Healthcare Organizations Compromised as Hackers Exploit ScreenConnect Remote Access *

Iran-Linked Imperial Kitten Cyber Group Focuses its Attack on Middle East Entities *

Mr. Cooper, Major Mortgage Servicer Reports Customer Data Exposure in Security Breach *

Microsoft Warns of BlueNoroff Hackers Plans for Fresh Crypto Theft Attacks *

Maine Government Alerts 1.3 Million Individuals About MOVEit Data Breach *

Clop Ransomware Attacks Exploit Zero-Day Flaw in SysAid, Microsoft Reports *

Anonymous Sudan Claims Responsibility for DDoS Attack Leading to Cloudflare Website Outage *

Google Ads Distribute Malicious CPU-Z App via Counterfeit Windows News Site *

Ransomware Attack Affects 39,000 Individuals at Kyocera AVX *

Ransomware Attack Strikes Industrial and Commercial Bank of China *

Microsoft Provides Temporary Solution for Windows Server 2022 VMs Facing Issues *

Russian Hackers Employ LOTL Technique to Potentially Trigger Power Outages *

Data Breach at Perry Johnson & Associates, Inc. Impacts Cook County Health due to Security Incident *

CISA Issues Alert as High-Severity SLP Vulnerability Faces Active Exploitation *

Microsoft Enhances Windows 11 Security by Eliminating SMB1 Firewall Rules *

Iranian Hackers Employing New C2 Framework MuddyC2Go to Target Israel *

Datacenter Overheating Disrupts 2.5 Million Bank Transactions *

Sberbank Confronts Massive DDoS Attack with 1 Million Requests Per Second *

Undetectable Crypto Mining Technique Revealed in Azure Automation by Researchers *

Security Alert: Python Packages on PyPI Infected with Blaze Stealer Malware *

WhatsApp Unveils Enhanced Privacy Feature: Safeguarding IP Addresses During Calls *

Major Outage Knocks ChatGPT Offline, Affecting OpenAI Systems *

Hacker Exposes 35 million LinkedIn User Database on Breach Forums *

Russian-speaking Threat Actor "Farnetwork" Connected to Five Ransomware Groups *

FBI Warns of Ransomware Gangs Targeting Casinos via Third-Party Gaming Vendors *

Security Breach Unveiled by Sumo Logic, Recommends API Key Resets *

Japan Aviation Electronics Reports Unauthorized Server Access in Recent Cyberattack *

Android Security Updates for November 2023 Address 37 Vulnerabilities *

BlueNoroff Hackers Utilize ObjCShellz Malware to Create Backdoors on Macs *

GootLoader's Advanced Malware Variant Operates Covertly and Expands Swiftly *

Cisco Addresses 27 Vulnerabilities with Security Updates for Network Security Products *

Fraudulent Ledger Live App on Microsoft Store Scams Users out of $768,000 in Cryptocurrency *

Emergence of New Jupyter Infostealer Version with Advanced Stealth Tactics *

Marina Bay Sands Discloses Data Breach Impacting Information of 665,000 Customers *

China-Based E-commerce Store "Zhefengle" Exposes Millions of Chinese Citizen IDs *

Hilb Group Reveals Email Security Breach Impacting Personal Data of 81,000 Individuals *

QNAP's Alert on Critical Command Injection Vulnerabilities in QTS OS and Apps *

Multi-Platform Attack by SideCopy Threat Actor Utilizes WinRAR Zero-Day and Ares RAT to Target Indian Organizations *

Ransomware TellYouThePass Executes Remote Code Execution (RCE) Attack on Apache ActiveMQ *

Android Security Bypassed by Cybercrime Service for Malware Installation *

Veeam Issues Critical Bug Warnings for Veeam ONE Monitoring Platform *

Google Alerts Users to Possible Misuse: Cybercriminals Using Calendar Service as a Covert C2 Channel *

Socks5Systemz Proxy Service Compromises 10,000 Systems Globally *

DarkGate Malware Exploiting Microsoft Installer Files After Targeting Microsoft Teams *

DDoS Attacks Cause Disruptions in Singapore's Public Health Services *

Kinsing Actors Leveraging Latest Linux Vulnerability to Compromise Cloud Environments *

NodeStealer Malware Exploiting Facebook Business Accounts to Run Malicious Advertisements *

Allied Pilots Association of American Airlines Pilots Reveals Ransomware Attack *

CanesSpy Spyware Distributed Using Altered WhatsApp Versions *

Microsoft Exchange New Zero-Day Vulnerabilities Enable Remote Code Execution and Data Theft Attacks. *

Boeing Company Affirms Cyberattack Involving LockBit Ransomware *

Cloudflare's Data Center Power Outage Disrupts Dashboard and API Services *

Researchers Identify 34 Windows Device Drivers Vulnerable to Complete Device Compromise *

Employee Records at OKTA Exposed in Third-Party Vendor Breach of Rightway Healthcare *

Atlassian Issues Urgent Warning for Patching After Confluence Data Wiping Vulnerability Exploit *

Iran's MuddyWater Launches Spear-Phishing Campaign Targeting Israel *

Cyberattack Targets Mortgage Giant Mr. Cooper, Disrupting IT Operations *

Ace Hardware Reports Cyberattack Affecting 1,202 Devices *

Hackers from North Korea are Targeting Crypto Experts with KANDYKORN MacOS Malware *

Critical Vulnerabilities in F5 BIG-IP Products Actively Exploited in the Wild *

Mysterious Kill-Switch Deactivates Mozi Malware Botnet Operations *

CVSS 4.0: New Vulnerability Severity Rating Standard Unveiled *

Middle East Financial and Government Sectors Targeted by Iranian Cyber Espionage Group *

Citrix Bleed Vulnerability Exploited by Hackers in Global Government Network Attacks *

Over 3,000 Internet-Facing Apache ActiveMQ Servers at Risk of Remote Code Execution Attacks *

Avast Antivirus SDK Misidentifies Google App as Malware on Huawei, Vivo, and Honor Smartphones *

British Library Faces Weekend Cyberattack, Leading to Internet Access Disruptions *

Discovery of Malicious NuGet Packages Distributing SeroXen RAT Malware *

Bluetooth Spam Attacks Inspired by Flipper Zero Now Available as Android App *

The Elektra Leak Campaign Leveraging Exposed AWS IAM Credentials on GitHub for Cryptocurrency Mining Attacks *

Hackers Exploiting MSIX App Packages to Spread GHOSTPULSE Malware on Windows PCs *

SEC Files Lawsuit Against SolarWinds for Investor Misrepresentation Preceding 2020 Cybersecurity Breach *

New Phishing Campaign Utilizes Disguised Remcos RAT as Fake Payslip *

Bibi-Linux Wiper Malware Launches Destructive Attacks on Israeli Organizations *

Cyberattack Disrupts Toronto Public Library Services Over the Weekend *

India's Biggest Data Breach: 815 million COVID Test Records for Sale, Sample Authenticity Confirmed *

Hunters International Ransomware: A Potential Rebranding of Hive *

Check Point Records a High Surge in QR Code Quishing Compared to the Previous Year *

Researchers Discovered XMPP-Based Instant Messaging was Being Wiretapped *

Nevada School District Parents Receive Emailed Student Data Stolen by Hackers *

Android Adware Apps on Google Play Accumulate Over Two Million Installs *

Latest iLeakage Exploit Extracts Email Addresses and Passwords from Apple Safari *

Microsoft Reveals Octo Tempest as a Significant Threat to Financial Security *

Critical Vulnerability in NextGen's Mirth Connect Puts Healthcare Data at Risk *

StripedFly Malware Framework Infects Over One Million Windows and Linux Systems *

Iranian APT Group Tortoiseshell Unleashes Fresh IMAPLoader Malware Assaults *

Seiko Discloses Ransomware Breach Compromising Customer Data *

Alleged Cybersecurity Incident: Researcher Reports Exposure of 12 Million Patient Records at Redcliffe Labs; Company Denies Data Breach *

Potential Data Breach: 1.2 Million Airbnb User Records Reportedly Exposed *

Ransomware Attack by Rorschach Gang Disrupts Chile's Telecom Giant GTD *

GoPIX Malware Malvertising Campaign Takes Aim at Brazil's PIX Payment System *

European Government Email Servers Hacked Using Roundcube Zero-Day Exploit *

ASVEL Basketball Team Acknowledges Data Breach After NoEscape Group's Ransomware Attack Assertion *

Security Breach Impacts Five Canadian Hospitals Linked to TransForm Health Services Provider *

Modified Backdoor on Compromised Cisco Devices Evades Detection *

VMware Issues Alert About POC Availability for vRealize RCE Vulnerability *

1Password Identifies Suspicious Activity in Wake of Okta Support Breach *

BHI Energy Discloses Details of Akira Ransomware Attack on Its Systems *

City of Philadelphia Reveals Data Breach After Five Month Delay *

Firebird Backdoor by DoNot Team Targets Pakistan and Afghanistan *

Quasar RAT Exploits Dual DLL Side-Loading Technique for Covert Operations *

Associated Wholesale Grocers Claimed as a Victim by Play Ransomware Group *

Researchers Discover ExelaStealer, a Low-Cost Information Stealer Targeting Windows Systems *

American Family Insurance Confirms IT Outages Caused Due to Cyberattack *

TetrisPhantom Hackers Target Government Systems in Asia-Pacific, Stealing Data from Secure USB Drives *

Thousands of Devices Infected with Malicious Lua Backdoor Exploiting Cisco Zero-Day Vulnerability *

Significant Remote Code Execution Vulnerabilities Discovered in SolarWinds Access Audit Solution *

Okta Support System Breached Through Compromised Credentials *

DarkGate Malware Strikes U.K., U.S., and India in Vietnamese Hacking Campaign *

A Cyberattack Disrupts the Operations of Healthcare Solutions Giant Henry Schein *

Fraudulent KeePass Website Leverages Google Ads and Punycode to Distribute Malware *

Iran-Linked OilRig Launches 8-Month Cyber Campaign Targeting Middle East Governments *

BlackCat Ransomware Employing Innovative 'Munchkin' Linux VM for Covert Attacks *

A Malware Framework Named MATA Exploits EDR to Attack Defense Firms *

Casio's Data Breach Affects Customers in 149 Countries *

Synology's DiskStation Manager Admin Takeover Vulnerability Exposes NAS Devices *

Data Breach at TrueCoin's Third-Party Vendor Exposes TUSD User Information *

Lazarus Group Uses Trojanized VNC Apps to Deceptively Target Defense Experts with Fake Interviews *

Qubitstrike's Campaign Targets Cloud Environments via Jupyter Notebooks for Crypto Mining *

Security Research Reveals IT Administrators' Use of Weak Passwords on Critical Portals *

ClearFake Introduces Deceptive Browser Updates for Malware Distribution *

North Korean Hackers Exploit Critical TeamCity Vulnerability to Breach Networks *

Ampersand, a TV Advertising Sales Giant Hit by Ransomware Attack *

Knight Ransomware Group Claims BMW Munique Motors Cyberattack *

D-Link Confirms Data Breach as Data Appears on Sale at BreachForums *

The SpyNote Android Malware Spreads Through Fake Alerts about Volcanic Eruptions *

Nation-State Hackers Leveraging Discord Platform to Target Critical Infrastructure *

Open Source CasaOS Cloud Software Reveals Significant Security Vulnerabilities *

Vulnerabilities in Weintek HMIs Pose Significant Security Risks *

The 'RedAlert' Rocket Alert App for Israel was Found to Install Spyware on Android Devices *

Cisco Issues Alert Regarding Actively Exploited Zero-Day Vulnerability in IOS XE *

Threat Actors are Exploiting Potential Milesight Industrial Router Vulnerability *

Kansas Courts Shutdown IT Systems Following Security Incident *

Critical Vulnerability in WordPress Royal Elementor Plugin Exploited by Hackers *

Russian Hackers Exploit Latest WinRAR Vulnerability in Fresh Campaign *

Researchers Warn Against SpyNote, an Android Trojan that Records Calls and Audio *

Vietnam Faces Accusations of Utilizing Predator Spyware for Surveillance of EU and US Legislators *

AI Algorithm Developed to Counter Man-in-the-Middle Attacks on Unmanned Military Robots *

Steam Platform Enforces SMS Verification to Prevent Malware-Laden Updates *

Indian State Government Addresses Bug Exposing Aadhaar Numbers and Fingerprints *

Juniper Networks Addresses Over 30 Vulnerabilities in Junos OS with Security Patches *

Mysterious Network Incident Triggers Kwik Trip IT Systems Outage *

DarkGate Malware Disguised as PDF Files Spreads Through Messaging Services *

Latest PEAPOD Cyberattack Initiative Focuses on Female Political Leaders *

Shadow PC Issues Data Breach Warning as Hacker Attempts to Sell Gamer Data *

FBI Releases AvosLocker Ransomware Technical Analysis and Defense Strategies *

ToddyCat Hackers Employ 'Disposable' Malware for Asian Telecoms' Targeted Attacks *

ShellBot Employing Hex IPs for Evasion in Linux SSH Server Attacks *

NuGet Developers Infected by SeroXen RAT Through Malicious Solana and KuCoin Packages *

Philippine Statistics Agency Investigates Suspected Data Breach *

Simpson Manufacturing's Cyberattack Results in IT System Suspension *

Enterprise Systems Vulnerable to Critical SOCKS5 Vulnerability in cURL *

LinkedIn Smart Links Resurge in Phishing Campaigns Against Microsoft Accounts *

CISA Alerts to Ongoing Exploitation of Adobe Acrobat Reader Vulnerability *

Deceptive Backdoor Targets WordPress Sites by Posing as Genuine Plugin *

Chrome 118 Addresses 20 Security Vulnerabilities with Patches *

Unprecedented DDoS Assaults Leveraging Zero-Day Flaw in HTTP2 Rapid Reset Technique *

Air Europa Data Breach Sparks Urgent Warning to Customers Cancel their Credit Cards *

Safexpay Technology's Payment Gateway Breach Unveils Rs 16,180 Crore Scam *

Critical Citrix NetScaler Vulnerabilities Exposes Sensitive Data *

Massive Ad Fraud Botnet PEACHPIT Harnesses Millions of Compromised Android and iOS Devices *

Researchers Detect Grayling APT's Continuous Attacks on Various Sectors *

Mirai Variant Targets Linux Routers with 13 New Payloads *

Microsoft Patch Tuesday Security Advisory - October 2023 *

Critical Memory Corruption Vulnerability in libcue Library Threatens Linux GNOME Environments *

IoT Security Concerns Raised Due to Flaws in ConnectedIO's 3G 4G Routers *

D-Link WiFi Range Extender Susceptible to Command Injection DoS Attacks *

Over 17,000 WordPress Sites Targeted by Balada Injector by Exploiting Unpatched tagDiv Plugin *

Magecart Card Skimming Campaign Manipulate Online Store 404 Pages for Credit Card Theft *

Israeli Energy and Defense Sectors Targeted by Cyber Threat Actor with Gaza Ties *

Flagstar Bank Suffers Third Data Breach Since 2021, Impacting 800,000 Customers *

Microsoft 365 Administrators Receive Cautionary Notice About Recent Google Anti-Spam Regulations *

D.C. Board of Elections Confirms Voter Data Breach in Website Hack *

23andMe Genetics Company Reports User Data Breach in Credential Stuffing Attack *

Blackbaud Reaches $49.5 Million Settlement Over Ransomware Data Breach *

Backdoored Firmware Discovered in Android Devices Used in US Schools *

Multiple Critical Vulnerabilities Uncovered in Supermicro BMC IPMI Firmware *

3 Million Customer Records Exposed in Major CRM Provider Really Simple Systems Data Breach *

Lyca Mobile Probes Customer Data Breach Following Cyberattack *

Cyber Espionage Campaign Linked to China Deploys Cobalt Strike Backdoor in Semiconductor Firms *

New Android Trojan GoldDigger Targets Financial Apps in Asia Pacific *

Cyber Espionage Attack Targets Guyana Governmental Entity with DinodasRAT *

BitSight Uncovers 100,000 Vulnerable Industrial Control Systems (ICS) Exposed to Cybersecurity Risks *

Data Breach at European Telecommunications Standards Institute (ETSI) Following Cyberattack *

Atlassian Releases Critical Patch for Exploited Zero-Day Vulnerability in Confluence *

Hackers Exploit Breached SQL Servers to Target Azure Cloud VMs *

Cisco Resolves Hard-Coded Root Credentials Vulnerability in Emergency Responder *

Sony Confirms Data Breach Affecting Thousands of Employees in the United States *

Researchers Uncover Connection Between DragonEgg Android Spyware and LightSpy iOS Surveillanceware Tool *

New Supply Chain Attack Unleashes Open-Source Rootkit via Rogue npm Package *

Critical Apple Update Addresses Zero-Day Vulnerability Exploited in iPhone Hacks *

Cyber Security Vulnerability at National Logistics Portal (Marine) Exposes Sensitive Data *

Security Flaws in TorchServe Enable Remote Code Execution in PyTorch Models *

Mirai Botnet's Latest Variants hailBot, kiraiBot, catDDoS Found Active in Recent Attacks *

MEDUSA Ransomware Group Claims Attack on Two New Victims *

Qualcomm Releases Patch for 3 New Zero-Days Under Active Exploitation as Hackers Target GPU and DSP Drivers *

'Looney Tunables' Linux Bug Grants Root Privileges on Major Distributions *

EvilProxy Exploits indeed.com's Open Redirect for Microsoft 365 Phishing *

Lorenz Ransomware Group Launches a Major Cyberattack on Allcare Pharmacy *

Ransomware Threat Groups Targeting JetBrains' TeamCity Servers *

Arm Alerts about Exploited Mali GPU Flaws, Suspects Targeted Attacks *

Motel One Group Reveals Data Breach After Ransomware Attack *

Zanubis Android Banking Trojan Impersonates Peruvian Government App to Target Users *

Exim Releases Patches for Three of Six Zero-Day Vulnerabilities Disclosed Recently *

Zip Slip Vulnerability in OpenRefine Leads to Malicious Code Execution *

BunnyLoader, New Malware-as-a-Service (MaaS) Threat Emerges with New Capabilities *

Iran's APT Group OilRig Unleashes Menorah Malware for Stealthy Operations *

DDoS protections provided by Cloudflare ironically bypassed. *

RSA Decryption Vulnerability from 1998 Returns in Marvin Attack *

Amazon Accidentally Sends Out Mastercard and Google Play Gift Card Order Emails *

WS_FTP Server Hotfixes Released by Progress Software for Multiple Security Flaws *

The New ASMCrypt Malware Loader Allows Cybercriminals to Fly Under the Radar *

An Exploit has been Released for the Microsoft SharePoint Server Authentication Bypass Flaw *

Zero-day RCE Attacks on Millions of Exim Mail Servers *

Cisco Alerts About Exploitation Attempts Post Vulnerability Discovery in IOS and IOS XE Software *

Critical Flaw in Cisco Catalyst SD-WAN Manager Enables Remote Server Access *

Microsoft Breach by Chinese Hackers Results in Theft of 60,000 U.S. State Department Emails *

Malware-Infested Ads Infiltrating Bing's AI Chatbot *

Progress Software Issues Warning About Critical Vulnerability in WS FTP Server Software *

Password-Stealing Commits Disguised as Dependabot Contributions Target GitHub Repositories *

Budworm Hackers Launch Custom Malware Attacks on Telcos and Government Organizations *

Firefox 118 Addresses High-Severity Vulnerabilities with Security Patches *

DarkBeam Exposes Massive Cache of Email and Password Combinations in DataBreach *

Researchers Discover Modern GPUs Vulnerable to New GPU.zip Side-Channel Attack *

Malicious PyPI and npm Packages Utilised in SSH Key Compromises *

US and Japan Warn of BlackTech Hackers Backdooring Cisco Routers *

Johnson Controls, a Leading Building Automation Company, Falls Victim to Ransomware Attack *

Google Resolves the Fifth Actively Exploited Zero-Day Vulnerability in Chrome for 2023 *

ZenRAT Malware Targeting Windows Users by using the Fake Password Manager Software *

PhilHealth Faces $300K Ransom Demand Following Data Breach *

Google Reassigns Top CVE Rating to libwebp Vulnerability Impacting Browsers and Applications *

ShadowSyndicate Cybercriminals Linked to Multiple Ransomware Operations Across 85 Servers *

Chinese Hackers in Multi-Year Campaign Target South Korean Organizations *

American Red Cross Exploited as Phishing Lure by New AtlasCross Hackers *

Openfire Flaw Exploited by Hackers to Encrypt Servers *

ZeroFont Phishing Manipulates Microsoft Outlook to Display Fake AV Scans *

Critical JetBrains TeamCity Flaw Exposes Source Code and Build Pipelines *

Hong Kong Consumer Watchdog Hit by Severe Ransomware Attack *

Clop Ransomware Attack on BORN Ontario Child Registry Affects 3.4 million Individuals *

Mixin Network Halts Operations After Suffering a $200 Million Hack *

Critical BIND DNS System Vulnerabilities Enable DoS Attacks *

Three Unique Categories of Cyberattacks with Ties to China Targeting Southeast Asian Government Entities *

Xenomorph Android Malware Targets U.S. Banks and Cryptocurrency Wallets *

Phishing Campaign Lured as Drone Manuals Targets Ukrainian Military *

Spyware Operation EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese Through Watering Hole Attacks *

Data Breach at National Student Clearinghouse Affects 890 Schools *

Sony Corporation Allegedly Breached by RANSOMEDVC Ransomware Group *

Nansen, a Cryptocurrency Analytics Company, Urges Password Resets After Vendor Data Breach *

OpenSea API Users Requested to Rotate API Token Following a Third-Party Security Breach *

Stealthy and Modular Deadglyph Malware Cyberespionage Attack Targets Middle East Government Entities *

Gelsemium APT Group Targeting Southeast Asia's Government Entities *

Data Breach at Ohio Community College Exposes Nearly 300,000 Individuals *

Spyware Attacks Exploit Newly Resolved Apple and Chrome Zero-Day Vulnerabilities *

BBTok Banking Trojan's Latest Variant Takes Aim at Moreover 40 Latin American Banks *

Bermuda Government Attributes Cyberattack to Russian Hacker Group *

Cybercriminals Redirect Hotel Guests to Fake Booking.com Site to Swipe Credit Card Information *

Atlassian Addresses High-Severity Vulnerabilities with Security Updates *

New LuaDream Malware Used by 'Sandman' Hackers to Infiltrate Telecommunication Providers *

Suspected Ukrainian Hacker Linked to 'Free Download Manager' Malware Attack *

CISA and FBI Warns About Snatch Ransomware Group's Attacks *

Air Canada Confirms Security Breach, Reveals Exposure of Employee Records *

Cyber Group 'Gold Melody' is Marketing Compromised Access to Ransomware Attackers *

Apple Releases Urgent Updates to Fix Three Zero-Day Exploits *

Pizza Hut Australia Faces Data Breach Affecting 200,000 Customers *

Researchers Found Fake POC on GitHub Distributing VenomRAT Malware *

Hackers Selling Over 2million Pakistanis' Data from Restaurants After a Massive Breach *

City of Pittsburg Suffers Cyberattack Results in Outage *

Advanced Phishing Attacks Aimed at Chinese Users Using ValleyRAT and Gh0stRAT Malwares *

Nagios XI Network Monitoring Software Fixes Critical Security Flaws *

Security Flaws in Atos Unify Expose Systems to Backdoor Attacks *

Fortinet Releases Critical Security Updates for FortiOS, FortiProxy, and FortiWeb Products *

P2PInfect Botnet Updates to Stealthier Variant with Activity Surges by 600 Times *

T-Mobile App Glitch Exposes User Account Information to Others *

Hackers from China Target North American and APAC Firms with Web Skimmer Campaigns *

New Rust-Based Malware Campaign 'Operation Rusty Flag' Targets Azerbaijan Entities *

AMBERSQUID Cryptojacking Operation Attacks Leverages AWS Services *

Phishing Attack Targets Victims of Celsius Crypto Bankruptcy *

Hackers Employ new HTTPSnoop and PipeSnoop Malware to Target Telecom Companies *

Next-Gen Android Banking Trojan Hook Builds Upon ERMAC's Legacy *

International Criminal Court Systems Compromised in Recent Cyber Attack *

GitLab Urges on Users to Apply Critical Pipeline Flaw Security Updates *

Trend Micro Fixes a Critical Zero-Day vulnerability in Apex One Endpoint Security Products *

Hackers from APT36 Infect Android Devices with Clones of the YouTube App *

Unauthenticated RCE vulnerability Affects Thousands of Juniper Devices *

Bumblebee Malware Makes a Comeback, Leveraging WebDAV for New Assaults *

38TB of Private Data leaks from Microsoft's Unsecured Azure Storage *

SprySOCKS, a New Linux Malware, has been Used in Cyber Espionage Attacks *

Shell's Australian BG Group Business Affected by MOVEit Breach *

Lazarus Group Targets CoinEx Exchange in Ongoing Cryptocurrency Platform Attacks *

Cuba Ransomware Gang Targets Mutiple Sectors with Newly Updated Malware *

UNC3944, a Financially Motivated Threat Actor, Shifts Efforts Toward Ransomware Attacks *

TikTok Flooded with Cryptocurrency Giveaway Scams Impersonating 'Elon Musk' *

Auckland Transport Authority Experiences Alleged Ransomware Attack *

Ransomware Attack on ORBCOMM Leads to Disruption in Trucking Fleet Management *

Retool Attributes Security Breach to Google Authenticator's MFA Cloud Sync Function *

NodeStealer Malware Targets Facebook Business Accounts Across Various Browsers *

MGM Casino Faces Ransomware Attack with ESXi Server Encryption *

Caesars Entertainment Pays Ransomware After Suffering a Data Breach *

Microsoft Discovers Flaws in the ncurses Library that Exposes Linux and macOS Systems *

Malicious Google Ads Exploit Cisco Webex to Distribute Malware via Tracking Templates *

Iranian Cyberattackers Infiltrate Defense Organizations through Password Spray Tactics *

Proof-of-Concept Exploit Demonstrates Windows 11 'ThemeBleed' RCE Vulnerability *

Vulnerability in N-Able's Take Control Agent Exposes Windows Systems *

Rollbar Discloses a Data Breach, Exposing its Clients Access Tokens *

Airbus Launches Inquiry After Hacker Exposes Data *

Mozilla Addresses Critical Zero-Day Exploit in Firefox and Thunderbird by Patching WebP Vulnerability *

Kubernetes Flaws Expose Windows Endpoints to Remote Attacks *

Hackers Employ 3AM Ransomware to Salvage Unsuccessful LockBit Assault *

Eight Vulnerabilities Exposed in Microsoft Azure HDInsight Analytics Service *

The Latest WiKI-Eve Attack is Capable of Stealing Numeric Passwords Through WiFi *

Espionage Group 'Redfly' Quietly Exploits Power Supplier's Network for Half a Year *

Adobe Exploited the Zero-Day Vulnerability in Acrobat and Reader Software *

MetaStealer Malware Takes Aim at Apple macOS in Recent Attacks *

GitHub Fixes a Security Vulnerability which Exposed More Than 4,000 Repositories to Repojacking Attack *

Advanced Phishing Operation Targets Windows Machines by Utilizing Agent Tesla, OriginBotnet, and RedLine Clipper *

Microsoft Patch Tuesday Security Advisory - September 2023 *

Rhysida Ransomware Group Continues its Attack on US Hospitals with Demanding 1.3 million Dollar Ransom *

Newly Emerged Sponsor Backdoor by Charming Kitten Targets Brazil, Israel, and U.A.E. Entities *

MGM Resorts Suffers a Cyberattack, Resulting in the Shutdown of IT Systems *

HijackLoader Modular Malware Gains Traction in Cybercrime Circles *

Google Addresses Another Chrome Zero-Day Vulnerability Exploited in Attacks *

Vietnamese Cybercriminals Use Facebook Messenger to Distribute Python Stealer *

New Steal-It Campaign Steal NTLMv2 Hashes from Compromised Windows Using PowerShell *

Malicious Telegram Clones on Google Play Infect Over 60,000 Users with Spyware *

Phishing Campaign in Microsoft Teams Distributes DarkGate Malware *

Cybercriminals Exploit Genuine Advanced Installer Tool for Crypto-Mining Attacks *

Cybercriminals Steals More Than $690,000 Following Takeover of Vitalik Buterin's Twitter Profile *

Dymocks Booksellers Data Breach Impacts 836000 Customers *

Ragnar Locker Ransomware Gang Claims Responsibility for Israel's Mayanei Hayeshua Hospital Cyber Attack *

Cisco is Warning About Zero-Day Exploit of Cisco ASA and FTD Software in the Wild *

Notepad++ Releases Version 8.5.7 to Resolve Four Security Flaws *

Apache Superset Flaws Exploit Enables Remote Code Execution Attacks on Servers *

Google Looker Studio Exploited in Phishing Attacks to Target Cryptocurrency Enthusiasts *

Apple Releases Emergency Updates to Fix Two Actively Exploited Zero-Day Vulnerabilities Targeting iPhones and Mac *

Security Experts Warn of Iranian Hackers Using Fortinet and Zoho Flaws in Breach of US Aviation Organisations *

IBM Reveals Data Breach Affecting Janssen Healthcare Platform *

Cisco BroadWorks Platform Affected by Authentication Bypass Flaw *

Mirai Variant Strikes Low-Cost Android TV Boxes, Turning Them into DDoS Weapons *

Dunghill Leak Ransomware Group Claims Responsibility for Sabre Data Breach *

Security Researchers Uncovered Nine Vulnerabilities in SEL's Power Management Products *

September 2023 Android Updates Addresses Multiple Vulnerabilities Including an Actively Exploited Zero-Day *

New SideTwist Backdoor and Agent Tesla Variant Unleashed via Phishing Campaigns *

IOS Devices Can be Exploited with Flipper Zero's Bluetooth Spam Attack Functionality *

Microsoft Signature Key Stolen from Windows Crash Dump Used by Storm-0558 to Target Organizations *

W3LL's Phishing Kit Breaches Thousands of Microsoft 365 Accounts, via Bypassing MFA *

NXP Semiconductors Alerts its Customers to Data Breach Impacting Personal Information *

Critical Remote Code Execution Vulnerabilities Found in ASUS Routers *

Coffee Meets Bagel Confirms Recent Outage Caused Due to Cyberattack *

Chaes Malware Incorporates Google Chrome DevTools Protocol for Data Theft *

Zero-Day Vulnerability in Atlas VPN Exposes Users Actual IP Addresses *

MinIO Storage System Vulnerabilities Exploited by Hackers to Compromise Servers *

Zaun, a Fence System Company's Data Breach, Exposes Sensitive Data about UK Military Sites *

Freecycle Confirms Enormous Data Breach Affecting 7 Million User Accounts *

An Attack on a German Financial Agency's Website Began in September 2023 Has Been Disrupted Ever Since *

Chinese-Speaking Hackers Unleash Extensive iMessage Smishing Campaign Across the United States *

Vietnamese Cybercriminals Employing Malicious Malvertising Campaign to Target Facebook Business Accounts *

Security Researchers Discover Breach of Ayush Jharkhand Portal, Exposing Records of 320,000 Patients *

Okta Issues Warning About Social Engineering Attacks Targeting Super Administrator Privileges *

Plaintext Passwords can be Stolen from Websites using Chrome Extensions *

A Data Breach at the University of Sydney has Affected Recent Applicants *

Vulnerability in VMware SSH Authentication Bypass Now Has an Exploit in the Wild *

Emerging SuperBear Trojan Utilized in Targeted Phishing Attack Against South Korean Activists *

Russian-Backed 'Infamous Chisel' Android Malware Targeting the Ukrainian Military *

Cybercriminals Focusing on Microsoft SQL Servers for FreeWorld Ransomware Deployment *

Threat Actors Hacked Sourcegraph Website Using a Leaked Admin Access Token *

Earth Estries' Targets Governments and Tech Companies from Multiple Continents in an Espionage Campaign *

LogicMonitor SaaS Platform Users Targeted in Ransomware Attacks *

Hackers Breach Forever 21 Systems to Access more than 500,000 Members Information *

Lazarus Hackers from North Korea Linked to VMConnect Malicious Packages on PyPI *

Anonymous Sudan Shuts Down X Platform in Demand for Elon Musk's Starlink Service *

Windows Container Isolation Framework can be Exploited by Hackers to Bypass Endpoint Security *

Paramount Suffers a Data Breach After a Security Incident *

Google Chrome Security Patch Released to Fix High-Severity Vulnerability *

VMware Warning About a Critical SSH Authentication Bypass Flaw in VMware Aria Operations *

All in One WP Migration Flaw Exploit Could Result in a Data Breach *

DreamBus Malware Infects Servers by Exploiting a Vulnerability in RocketMQ *

Chinese Hackers Suspected of Breaching Japanese Cybersecurity Agency in Prolonged Attack *

Hackers Utilize Automated Tools to Overwhelm Mobile Devices with OTP SMS Messages *

Cisco VPNs Compromised Through Brute Force Attacks in Hacking Campaign *

DarkGate Malware Operations Increases as Creator Rents Malware to Affiliates *

New Android MMRat Malware Steals Data via the Protobuf Protocol *

University of Michigan Has Shut Down its Network Following a Cyberattack *

Spain's Police Warn About LockBit Locker Ransomware Phishing Attacks Against Architectural Firms *

Mom's Meals Disclosed a Data Breach That Affected More than 1200000 Individuals *

KMSDBot Malware Gets an Upgrade with Enhanced Capabilities to Attack IoT Devices *

JPCERT Uncovers Innovative 'MalDoc in PDF' Attack Technique *

Experts Discovered a Microsoft Entra ID Exploit That Grants Attackers Elevated Privileges *

Metropolitan Police Force's Data Exposed After Its Contractor's IT System Gets Breached *

Ohio History Connection Suffers a Ransomware Attack Affecting Thousands of People *

Leaseweb, World's Top Cloud and Hosting Provider, is Restoring 'Critical' Services Following a Security Incident *

Flax Typhoon Hackers Employ Advanced Tactics, Leveraging LOLBins for Stealthy Operations, Microsoft Reports *

Major Data Breach at Kroll Exposes Confidential Information of FTX, BlockFi, and Genesis Creditors *

The Telegram Bot "Telekopye" is Powering Large-Scale Russian Phishing Scams *

NVIDIA Graphics Driver Vulnerability Could Lead to Memory Corruption *

Smoke Loader Dropped New Whiffy Recon Spyware Utilises WiFi to Pinpoint Location *

Jupiter X Core WordPress Plugin Flaws Enable Hackers to Take Over Websites *

Pole emploi, France's National Employment Authority Suffers Data Breach Affecting 10 Million People *

Hackers Breach Internet Organization Using Public ManageEngine Exploit *

Danish Hosting Firms, CloudNordic and AzeroCloud, Lost all Customer Data After a Ransomware Attack *

Scarab Ransomware Spreads Worldwide with the Help of Spacecolon Toolset *

Cybercriminals Exploit WinRAR Zero-Day Vulnerability to Hack Trading Accounts *

Over 3000 Unpatched Openfire Servers Found Vulnerable to Hackers Exploit *

EVLF, a Syrian Threat Actor, Found to be Creator of CypherRAT and CraxsRAT Malware. *

Roblox Game Developers Targeted by Dozens of Malicious npm Packages *

Hacking Forum Selling Scraped Data of 2.6 Million Duolingo Users *

XLoader macOS Malware Takes on New Identity as 'OfficeNote' Productivity Application *

University of Minnesota is Investigating Potential Security Breach Incident *

Carderbee Hacking Group Utilises PlugX Malware to Target Asian Organisations in Supply Chain Attack *

Energy One Launches Investigation into Recent Cyberattack *

Cisco VPN Products are Targeted by Akira Ransomware to Breach Organizations *

Vulnerabilities in TP-Link Smart Bulbs Could Expose WiFi Passwords to Hackers *

HiatusRAT Malware Resurfaces, Attacking Taiwanese Firms and US Military Personnel *

CISA Adds Adobe ColdFusion Flaw to Known Exploited Vulnerability Catalog *

BlackCat Ransomware Group Targets Japanese Watchmaker Seiko in Cyberattack *

New Vulnerability in Ivanti Sentry is Exploited in the Wild *

Tesla Reports Over 75,000 Individuals Affected by Large-Scale Data Breach in May 2023 *

Numerous Android Malware Applications Employing Sneaky APK Compression to Bypass Detection *

Cuba Ransomware Exploits Veeam Vulnerability to Target Vital U.S. Entities *

Juniper Networks Warning Regarding New Juniper Junos OS Flaws That Expose Devices to Remote Attacks *

Ransomware variant BlackCat adopts advanced Impacket and RemCom tools *

New Google Chrome Feature Notifies Users Regarding Automatic Removal of Harmful Extensions *

Microsoft's DNS Misconfiguration Causes Hotmail Email Delivery Failures *

Security Vulnerability in WinRAR Allows Hackers to Execute Programs via Opening RAR Archives *

Apple iOS 16 Vulnerability Facilitates Covert Cellular Connectivity While Simulating Airplane Mode *

Global Wave of Phishing Attacks Targets Zimbra Email Server Accounts *

Bronze Starlight Group is Using Cobalt Strike Beacons to Target Asian Gambling Industry *

Zulip Chat App Employed by Russian Hackers for Stealthy Diplomatic Phishing Operations and Covert C&C Operation *

LABRAT Campaign Takes Advantage of GitLab Vulnerability for Cryptomining and Proxy Hijacking Operations *

CISA Issues Alert on Exploitation of Critical Citrix ShareFile Flaw in the Wild *

Stealthy Malware Infections Build 400,000 Proxy Botnets *

Critical Vulnerability Exploited to Hack Nearly 2,000 Citrix NetScaler Instances *

Google Chrome 116 Release Patches a Total of 26 Vulnerabilities *

QR Code Phishing Attack Employed to Target Multiple U.S. Organizations *

PowerShell Gallery Weaknesses Expose Users to Supply Chain Attacks *

Cybercriminals Exploit Cloudflare R2 for Hosting Phishing Pages *

Threat Actors Hijacking LinkedIn Accounts in a Widespread Campaign *

Norfolk and Suffolk Police Unintentionally Disclose Personal Data of 1,230 Individuals *

Numerous Vulnerabilities Detected in 'ScrutisWeb Software' Pose a Remote Hacking Risk to ATMs *

Android Banking Malware Gigabud RAT Targets Institutions of Various Countries *

New Remote Access Trojan QwixxRAT Distributed via Telegram and Discord Platform *

VMware ESXi Servers are Targeted by the Monti Ransomware with its New Linux Locker *

Data Center Vulnerability Exposed by Multiple Issues in CyberPower and Dataprobe Products *

The Info-Stealing Malware Exposed over 100K Hacking Forum Accounts *

Discord.io Confirmed a Breach of Its User Database After a Hacker Stole Data From 760K Users *

New Spam Campaign Distributes Knight Ransomware as Disguised TripAdvisor Complaints *

Ernst & Young's (EY) MoveIt Breach Exposes Bank of America Customers Data *

Indian Government's Parivahan Website Suffered Data Breach Exposing Source Code and 10K User Sensitive Data *

A New Set of CODESYS SDK Flaws Exposes OT Environments to Remote Attacks *

In Early 2022, a Critical Vulnerability in Magento Shopping Carts was Discovered and Exploited *

Researchers Uncover APT31's Sophisticated Backdoors and Data Exfiltration Methods *

SystemBC Malware Evolves to Target Power Company in Southern Africa *

Cyber Espionage Group 'MoustachedBouncer' Utilizes Adversary-in-the-Middle (AiTM) Attacks for Diplomatic Espionage *

Critical Flaw in Dell Compellent Integration Tools Exposes VMware vCenter Admin Credentials *

CISA Links Barracuda ESG Attacks to New Whirlpool Backdoor *

New Statc Stealer Malware Targeting the Microsoft Windows to Steal Sensitive Personal and Payment Information *

Gafgyt Malware Exploits Half-Decade Old Vulnerability in End-of-Life Zyxel Router *

CISA Adds Actively Exploited Microsoft .NET and Visual Studio Vulnerability to KEV Catalog *

Cybercriminals Abusing Open-Source Merlin Post-Exploitation Toolkit to Breach Entities *

Microsoft Office Update Disrupts Actively Exploited RCE Attack Chain *

Missouri Issues Alert Regarding Stolen Health Information Due to IBM MOVEit Data Breach *

Massive EvilProxy Phishing Campaign Targets the 120,000 Microsoft 365 Users *

New Rhysida Ransomware is Targeting Healthcare Organizations *

Code Flaw in Microsoft Visual Studio Lets Extensions to Collect Credentials *

Downfall Attack Exploit Targets Intel Processors, Extracting Encryption Keys and Sensitive Data *

AMD Zen CPUs Leak Sensitive Data Due to a New Inception Attack *

Latest Variant of Yashma Ransomware Targets Several English-Speaking Nations *

8 Years of Voter Data Exposed in UK Electoral Commission Data Breach *

Microsoft Patch Tuesday Security Advisory - August 2023 *

QakBot Malware Group Increases Command and Control Network with Additional 15 New Servers *

Vulnerable Redis Servers are Targeted by a New SkidMap Linux Malware Variant *

Cyber Attack Hits Prospect Medical Holdings' Healthcare Facilities Affecting Five Cities *

New Malware Campaign Uses OpenBullet Configurations to Target Rookie Cyber Criminals *

ScarCruft Breach 'NPO Mashinostroyeniya,' a Russian and Indian Defence Manufacturing Company *

Colorado Department of Higher Education Suffers Data Breach *

Researchers Identified Weaknesses in Tesla's Infotainment System that Unlock Paid Features and Exposes Secrets *

Threat Actors Using Reptile Rootkit Malware Targeting South Korean Systems *

Cybercriminals Target IT Pros with Fake VMware vConnector Packages on PyPI *

A New PaperCut Critical Bug Allows for Remote Code Execution Attacks on Unpatched Servers *

Malicious NPM Packages Were Found to Exfiltrate Sensitive Data From Developers *

Mozilla Firefox 116 Fixes Multiple High-Severity Vulnerabilities *

Rilide Malware Incorporates Chrome Extension Manifest V3 Adaptation For Data Theft *

Massive Cyber Attack Targets Hundreds of Citrix NetScaler ADC and Gateway Servers *

New Microsoft Azure AD CTS Feature Exploited to Move Laterally in Network *

Malicious Apps Avoid Google Play Store Scanners by Using Sneaky Versioning Techniques *

Google Chrome 115 Updates Include Patch for Critical V8 Vulnerabilities *

Slack Messaging Platform Experiences Outage Affecting Its Users *

Salesforce's Email Services Critical Zero-Day Exploited Using Facebook Phishing Campaign *

New Collide Power Widespread Side-Channel Attack Exploits Vulnerability in All CPUs *

Researchers Uncover Authentication Bypass Flaw in Ivanti EPMM Versions *

Researchers Discover AWS SSM Agent Abused as a Stealthy Remote Access Trojan *

Russian Hackers are Using Microsoft Teams Phishing Attacks to Target Government Organizations *

Space Pirates Target Multiple Organizations in Russia and Serbia by Using Deed RAT Malware *

Hundreds of European Bank Customers Targeted by SpyNote Android Trojan *

China's APT31 Allegedly Targeting Air-Gapped Systems in Eastern Europe *

NodeStealer's Latest Variant Targets Facebook Business Accounts and Crypto Wallets *

Threat Actors Targeting Italian Organizations with WikiLoader Malware *

Patchwork Hackers Targeting Chinese Research Organizations with EyeShell Backdoor *

Hackers Exploiting 'BleedingPipe' Vulnerability to Target Minecraft Servers and Players *

P2PInfect Malware Botnet Breach Redis Servers Using Replication Feature *

Hackers Stealing Signal and WhatsApp User Data via Fake Android Chat App *

AVRecon Botnet Providing Illegal Proxy Service Using Compromised Routers *

'Maximus' US Government Contractor Data Breach Affects 8 Million People *

Cyber Criminals Hack Israel's Largest Oil Refinery Operator 'BAZAN Group' *

Critical Security Vulnerability Found in Metabase BI Software *

Ivanti Fixes a Zero-Day Flaw in its Endpoint Manager Mobile (EPMM) Software *

Hackers Employ SUBMARINE Backdoor in Barracuda Email Security Gateway Hack *

Abyss Locker Ransomware Encrypts VMware ESXi Servers *

Hackers Exploit Windows Search Feature to Distribute Remote Access Trojans *

New Android Malware Steals Crypto Credentials Using uses OCR *

STARKMULE Employs U.S. Military-themed Document Lures to Target Koreans *

BlueBravo Targets European Diplomatic Entities Using GraphicalProton Backdoor *

IDOR Web App Flaws Enables Unauthorized Access *

Hawai'i Community College Suffers Data Breach *

Fenix Cybercrime Group Targets Taxpayers from Mexico and Chile *

Decoy Dog Malware Poses Grave Risk to Enterprise Networks *

Hackers Actively Exploiting Vulnerable Apache Tomcat Servers *

WordPress Ninja Forms Plugin Flaws Expose Websites to Data Leak *

Zimbra Addresses Zero-Day Vulnerability Exploited in XSS Attacks *

Over 900k MikroTik Devices Affected by Code Execution Vulnerability *

Researcher Discovers New AI Tool Dubbed 'FraudGPT' Used in Sophisticated Cyber Attacks *

Ubuntu Linux Vulnerabilities Affect 40 Percent of Ubuntu Users *

ALPHV Ransomware Integrates Data Leak API for Enhanced Extortion Approach *

NATO's Communities of Interest (COI) Cooperation Portal Suffers Data Breach *

Nitrogen Malware Exploits Google Ads to Deliver Ransomware Attacks *

JumpCloud Cyberattack Exposes North Korean Nation-state Actors IP Address *

Casbaneiro Banking Malware Adopts UAC Bypass Technique for Stealthy Attacks *

400,000 Corporate Credentials Stolen by Info-stealing Malware Families *

Realst macOS and Infostealer Malware Targeting Cryptocurrency Wallets *

VMware Fixes Critical Bug Exposing Cloud Foundry API Admin Credentials in Audit Logs *

Indian Railway Catering and Tourism Corporation (IRCTC) Suffers Massive Outage *

Zenbleed Attack Exposes Sensitive Data in AMD Zen2 Processors *

Norwegian Government's ICT Platform Hacked Via Zero-Day Vulnerability *

Ivanti Addresses A Zero-Day Flaw in its MobileIron Platform *

OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection *

Atera Windows Installers Vulnerable to High-Risk Privilege Escalation Attacks *

Open-Source Software Supply Chain Attacks Target Banking Sector *

Microsoft Azure AD Token Forging Technique Goes Beyond Outlook And Wiz Reports *

Clop Ransomware Gang Employing Clearweb Sites to Expose Data Stolen in MOVEit Attacks *

Coastal Mississippi County Hacked in a Ransomware Attack *

Threat Actors Distribute HotRat Malware Via Pirated Softwares *

DDoS Botnets are Exploiting Critical Vulnerability in Zyxel Devices *

BundleBot Malware Distributed Via Masqueraded Google AI Chatbot and Utilities *

Lazarus Group's Campaign Targets Crypto, Gambling and Cyber Sector Developers *

Mallox Ransomware Exploits Vulnerable MS-SQL Servers to Breach Networks *

New Peer-to-Peer Malware 'P2PInfect' Targets Redis Servers Running Windows and Linux Systems *

Critical Vulnerabilities Found in Apache OpenMeetings Web Conferencing Tool *

JumpCloud Breach Attributed to North Korean APT Lazarus Group *

Critical AMI MegaRAC Flaws Enable Hackers to Crash Vulnerable Servers *

Chinese APT41 Using New WyrmSpy and DragonEgg Spyware to Target Mobile Devices *

Two Ransomware Groups Target Beauty Giant 'Estée Lauder' *

Hackers Target Pakistani Organizations with ShadowPad Malware *

Threat Actors Transform Microsoft Exchange Servers as Malicious C2 Servers *

Adobe Releases Patches for Actively Exploited ColdFusion Flaws *

Citrix Patches Zero-Day Vulnerabilities in its ADC and Gateway Products *

FIN8 Utilizes Upgraded Sardonic Malware Variant to Deploy BlackCat Ransomware *

VirusTotal Data Breach Exposes Personal Details of Registered Customers *

Microsoft Exchange Online Service Suffers New Outage Blocking Emails *

SophosEncrypt Ransomware: Impersonating the Popular Sophos Brand *

Supply Chain Attack Enabled by Critical Privilege Escalation Design Flaw in Google Cloud Build *

Hackers Exploit WebAPK to Trick Android Users into Installing Malicious Apps *

Hackers Exploiting WordPress WooCommerce Payments Flaw in Massive Campaign *

Threat Actors Exploit Microsoft Word Vulnerabilities to Distribute LokiBot Malware *

Threat Actors Utilising Malicious USB Drives to Distribute SOGU and SNOWYDRIVE Malware *

Companies Attempt to Bolster their Cyber Defenses as Ransomware Threatens Data Security *

Researches Uncover Critical Security Vulnerabilities in Honeywell Experion DCS and QuickBlox Services *

Hackers Exploit Lemmy Instances Via Zero-Day Vulnerability *

AIOS WordPress Plugin Found Storing User Passwords in Plaintext Format *

Hackers Use New Generative AI Cybercrime tool WormGPT to Launch Attacks *

Gamaredon Hacking Group Distribute Malware via Instant Messaging Apps *

Microsoft Security Flaw Enables Hackers to Breach 24+ Organizations Using Fake Azure AD Tokens *

Data Breach at Colorado State University Impacts Students and Staff Personal Data *

AVrecon Malware Exploits 70,000 Linux Routers to Establish Massive Botnet *

Ukraine and Poland's Military and Government Entities Targeted Using PicassoLoader Malware *

Zimbra Urges Administrators to Manually Fix Exploited Zero-Day Attacks *

CISA Warns About Rockwell Automation ControlLogix Vulnerabilities Used in Industrial Systems *

BlackLotus Windows UEFI Bootkit's Source Code Leaked on GitHub *

Researchers Found Fake POC on GitHub Distributing Data Stealing Malware *

Unauthenticated REST API Access Compromises Cisco SD-WAN vManage *

Fortinet Patches Critical Stack-based Overflow Flaw in FortiOS and FortiProxy Devices *

Researchers Publish Proof of Concept for Ghostscript's Critical RCE Vulnerability *

Russian State Hackers Use BMW Car Ads to Lure Western Diplomats *

New PyLoose Malware Hijacks Computational Power For Cryptocurrency Mining *

Microsoft Discloses a Breach of US Government Exchange Email Accounts by Chinese Hackers *

SonicWall Alerts Customers to Critical Flaws in its GMS and Analytics Suites *

Hackers Abuse Loophole in Windows Policy to Load Malicious Kernel Drivers *

Microsoft Office Zero-Day Vulnerability Exploited in Attack Against NATO Summit *

Apple Releases Critical iOS Update to Fix Zero-Day Vulnerability in WebKit *

Deutsche Bank Confirms Data Breach: Customer Data Exposed through Provider Breach *

HCA Healthcare Acknowledges Data Breach as Hacker Steals Data of 11 Million Patients *

Microsoft Patch Tuesday Security Advisory - July 2023 *

Hackers Actively Targeting Latin American Businesses Using TOITOIN Banking Trojan *

RomCom Threat Actors Target NATO Summit Attendees in Phishing Campaign *

VMware Issues a Warning Regarding the Availability of Critical vRealize RCE Flaw Exploit Code *

Apple Issues an Emergency Update Regarding Recent Attacks Using Zero-Day Exploitation *

Hackers Exploit Revolut's Payment Systems, Stealing $20 Million *

BlackByte 2.0 Ransomware Executes Infiltration, Encryption, and Extortion Within 5 Days *

Nickelodeon Launches Investigation Following Leak of "Decades Old" Data *

Charming Kitten APT Group Enhances Targeting of macOS Systems with 'NokNok' Malware *

Hackers Targets the Cloud-Native Environments of JupyterLab and Docker APIs in Silentbob Campaign *

The Latest Version of the 'Big Head' Ransomware Unveils a Bogus Windows Update Alert *

A Critical Unauthenticated SQLi Flaw Patched in MOVEit Transfer Software *

Mastodon Social Network Fixes Critical Flaws that Allow Server Takeover *

Barracuda Addresses Ongoing Email Gateway Login Challenges *

CISA Urges Govt Agencies to Patch Actively Exploited Android Driver *

Threat Actors Employ Vishing Technique to Deploy New 'Letscall' Malware *

CISA Raises Concerns of Netwrix Auditor RCE Bug Exploitation in Truebot Malware Attacks *

Two Malicious File Management Apps on Google Play Steals User Data *

Cisco Issues a Warning About a Flaw That Enables Attackers to Crack Traffic Encryption *

New Linux Kernel Vulnerability 'StackRot' Exploit Enables Privilege Escalation *

Microsoft Resolves Windows LSA Protection Warnings Bug *

Android Security Patch For July Resolves Three Actively Exploited Vulnerabilities *

New Stealer-as-a-Ransomware 'RedEnergy' Targets Energy and Telecom Sectors *

TeamsPhisher Tool Exploits Microsoft Teams Bug, Enabling Malware Delivery to Users *

Actively Exploited Flaw in SolarView Series Exposes Energy Organizations to Attacks *

Japan’s Largest Port 'Port of Nagoya' Operations Disrupted *

Mozilla Addresses 13 Vulnerabilities in the Firefox 115 Release *

Ransomware Encryption Impacts Over Two-thirds of Manufacturing Companies *

DDoSia Attack Tool Upgrades and Expands Targeting Across Multiple Businesses *

New GuLoader Campaign Targets Law Firms in the United States *

Threat Actor 'Neo_Net' Employs Android Malware to Target Global Financial Institutions *

Microsoft Denies Anonymouns Sudan’s Data Breach Claim of 30 Million Customer Accounts *

Researchers Warn that 300,000 Fortinet Firewall Appliances are Vulnerable to Attacks. *

Sophisticated Threat Meduza Stealer Targeting 19 Password Managers and 76 Crypto Wallets *

Hackers Target European Government Entities in SmugX Campaign *

BianLian Ransomware Gang Targets Leading Global Business Conglomerate 'Piramal Group' *

Hackers Exploiting WordPress's Ultimate Member Plugin Flaw in the Wild *

Samsung Phone Vulnerabilities Listed in CISA's 'Must Patch' Catalog Likely Exploited by Spyware Vendor *

BlackCat Ransomware Group Exploits WinSCP Search Ads to Distribute Cobalt Strike *

Researchers Discovered an Upgraded Version of RustBucket Malware Targeting macOS Users *

Charming Kitten, An Iranian Hacking Group Uses Updated POWERSTAR Backdoor in Espionage Attacks *

TMSC's Hardware Supplier Kinmax Technology Suffers Ransomware Attack by LockBit Ransomware Gang *

Hackers Target Vulnerable SSH Servers To Perform Proxyjacking *

North Korean Hacker Group 'Andariel' Strikes with its New EarlyRat Malware *

MuddyWater Employs a New C2 Framework Called PhonyC2 *

The Android Spy App LetMeSpy Suffers a Major Data Breach *

New Windows-Based Info Stealer Malware 'ThirdEye' Steals Sensitive Information *

Flutter-Based Fluhorse Android Malware Employed to Steal Credit Cards Details and 2FA Codes *

Critical Flaws in Social Login Plugin and LearnDash LMS Plugin for WordPress Fixed by Vendors *

SQL Injection Vulnerabilities Found in Gentoo Soko Leading To Remote Code Execution *

ArcServe Patches a High-Severity Security Vulnerability In Its UDP Backup Software *

8Base Ransomware Gang Engages in Double Extortion Attacks *

Akira Ransomware's Linux Version Encryptor Targets VMware ESXi Servers *

Google Chrome Releases New Update to Patch High-Severity Vulnerabilities *

Siemens Energy and Schneider Electric Confirms Data Breach in MOVEit Data-theft Attack *

Threat Actors Using New Unique Execution Chain to Target NPM Repository *

Outlook Web Suffers Outage Impacting Users Across America *

Mockingjay Process Injection Method Allows Malware To Evade Detection *

Suncor Energy Suffers Cyber Attack Impacting Petro-Canada Gas Station Customers *

Hackers Expose Data of 45,000 New York City Students in MOVEit Breach *

Researchers Uncover New Cybercrime Group 'Muddled Libra' Using Social Engineering to Target BPO Sector *

Japanese Cryptocurrency Exchange Hit by macOS Backdoor 'JokerSpy *

New Malware Campaign Uses Android Banking Trojan 'Anatsa' to Target Banking Customers *

Angry LastPass Users Locked Out as MFA Resets Cause Frustration *

Super Mario Game Compromised to Distribute Windows Malware *

American And Southwest Airlines Suffered a Data Breach Exposing Pilot's Credentials *

Grafana Released Patches For Critical Auth Bypass Due to Azure AD Integration *

New Strain of JavaScript PindOS Delivers Bumblebee and IcedID Malwares *

Data Breach in MOVEit Transfer Impacts Genworth Financial and CalPERS, Exposing Data of 3.2 Million Individuals *

Fortinet Resolves Critical Remote Command Execution Flaw in FortiNAC Devices *

Newly Discovered Bug in Microsoft Teams Allows Malware Distribution by External Accounts *

Phishing Campaign MULTISTORM Exploits India and U.S. with Remote Access Trojans *

CISA Updates Known Exploited Vulnerabilities Catalog with Six Additional Security Flaws *

New Cryptojacking Campaign Targets IOT and Linux Device using Trojanized OpenSSH Version *

Mirai Botnet Exploiting Multiple Vulnerabilities in D-Link, Zyxel, and Netgear Devices *

VMware Addresses Critical Vulnerabilities in vCenter Server Allowing Code Execution and Authentication Bypass *

Zyxel Fixes a Critical Command Injection Vulnerability in its Network Attached Storage(NAS) Devices *

Apple Fixes Three Zero-Day Exploits Used in Triangulation Spyware Attack *

North Korean Hacking Group 'APT37' Employing FadeStealer Malware to Conduct Cyber Espionage *

Microsoft Releases Workaround for Outlook Freezes and Slow Starts *

iOttie Discloses Data Breach Post its Official Site Hack *

Condi Malware Targets TP-Link Archer AX21 Wi-Fi Router with DDoS-as-a-Service Exploit *

Tsunami Botnet Malware Infects Linux SSH Servers *

Microsoft Resolves Critical Azure AD Authentication Flaw Allowing Complete Application Takeover *

Info-Stealing Malware Compromises Over 100,000 ChatGPT Accounts *

RDStealer Malware: Uncovering a Remote Desktop Exploitation for Data Theft from Shared Drives *

Hackers Using Fake OnlyFans Content to Distribute 'DcRAT' Malware *

ASUS Patches Critical Vulnerabilities in its Multiple Routers Models *

Iowa's Des Moines Public Schools Confirms a Ransomware Attack *

Malwarebytes Issued a Fix for the Chrome Display Issue Caused by the Windows 11 KB5027231 Update *

Researchers Uncover Advanced Toolkit Specifically Targeting Apple macOS Systems *

Massive Data Breach at India's Largest Tech Retailer Exposes Sensitive Employee and Customer Data *

BlackCat Ransomware Gang Threatens to Leak Data Stolen During Reddit's System Hack *

Microsoft States DDoS Attacks as the Root Cause of the Recent Azure and Outlook Outages *

Russian Hackers Employ USB-Spreading Malware to Target Ukrainian Government and Military Officials *

Hackers Promote New Mystic Stealer Via Malware as a Service *

Researchers Uncover Location Tracking Attack Exploiting SMS Delivery Reports *

Emerging Threat Actor Diicot Exploits Diicot Brute, a Go-based SSH Brute-Forcer, to Compromise Linux Systems *

Chinese Cyberespionage Group 'UNC4841' Behind Barracuda Zero-day Attacks *

Rhysida Ransomware Group Leaks Stolen Documents from Chilean Army *

Clop Ransomware Group Initiates Extortion of MOVEit Data-Theft Victims *

Abuse of Cloud Mining: Hackers and Threat Actors Exploit Services to Launder Cryptocurrency *

GravityRAT Malware Targets WhatsApp Backups on Android Devices *

Google Chrome's 114 Update Includes Patch for Critical Vulnerability *

Chinese Hackers Exploit DNS-over-HTTPS Protocol for Distribution of Linux Malware *

Ofcom, UK Media and Telecoms Regulator, Falls Victim to MOVEit Hack *

Critical Security Flaws Uncovered in Microsoft Azure Bastion and Azure Container Registry *

Malicious GitHub Repositories Disguised as Fake Security Researchers Distribute Zero-Day Malware *

New ChromeLoader Campaign Detected Spreading 'Shampoo' Malware through Counterfeit Warez Websites *

Microsoft Addresses Windows Kernel Vulnerability with Default Disabled Fix *

Widespread Brand Impersonation Campaign Utilizes 6,000 Websites to Fake 100 Brands *

Critical Vulnerability in WordPress Stripe Payment Plugin Exposes Customer Order Details *

New DoubleFinger Loader Targets Cryptocurrency Wallets in Cyber Attacks *

VMware Releases Patch for Zero-Day Vulnerability Exploited to Install Backdoors in Virtual Machines *

Microsoft Patch Tuesday Security Advisory - June 2023 *

Pirated Windows 10 ISOs Utilize EFI Partitions to Install Clipper Malware *

Swiss Government Suffers DDoS Attacks Post Data Leak *

'Have I Been Pwned' Discloses Zacks Investment Research's Data Breach *

Threat Actors Harness Powerful BatCloak Engine for Fully Undetectable Malware *

Researchers Uncover Security Flaws in Honda's 'PETE' e-Commerce Platform *

A Major Data Breach Exposed Personal Information of Users Via Govt’s CoWIN Portal *

Researchers Uncover a Flaw in Popular Strava App's Heatmap Feature Exposing Home Address *

University of Manchester Suffers a Cyberattack, Resulting in a Likely Data Theft *

Russian Telecom Company 'Infotel' JSC Suffers an Outage *

Critical Vulnerability in Microsoft Visual Studio Exploited to Distribute Malicious Extensions *

Fortinet Patches Critical RCE Flaw in Fortigate SSL-VPN Devices *

Hackers Impersonate Crypto News Journalists, Steal $3 Million in Digital Assets *

New SPECTRALVIPER Backdoor Targets Vietnamese Public Companies with Advanced Tactics *

New Stealth Soldier Backdoor Malware Targets North Africa in Espionage Attacks *

New Critical SQL Injection Flaws Discovered in MOVEit Transfer *

Microsoft Discovers AitM Phishing and BEC Attacks Targeting Major Financial Institutions *

Microsoft Azure Portal Suffers an Outage Claimed to be the Result of DDoS Attacks *

Asylum Ambuscade Group Combines Cybercrime with Espionage to Target Small and Medium Businesses *

Security Researchers Publish PoC for Actively Exploited Windows Win32k Flaw *

CLOP Ransomware Gang Actively Exploiting MOVEit Zero-day Flaw *

Japanese Pharmaceutical Company 'Eisai' Suffers Ransomware Attack *

AIIMS Suffers Another Cyberattack, Following November 2022 Cyberattack *

Cisco Patches Critical-Severity Flaws in Expressway Series and TelePresence Video Communication Server (VCS) *

Malicious Campaign Deploys Satacom Downloader for Spreading Crypto-Stealing Addons *

Cisco Resolves AnyConnect Bug Allowing Windows SYSTEM Privileges *

VMware Addresses Critical Vulnerabilities in Aria Operations for Networks *

Hackers Exploit Minecraft Mods to Distribute Fractureiser Malware on Windows and Linux *

Cyclops Threat Group Facilitates Distribution of Information Stealing Malware to Cybercriminals *

Researchers Discovered Over 60,000 Android Apps Installing Adware on Mobile Devices *

PowerDrop: New PowerShell Malware Targets the U.S. Aerospace Industry *

Outlook Faces Multiple Outages Allegedly Caused by Hacktivist Group Anonymous Sudan *

Google Releases Patch for Zero-Day Chrome Vulnerability Exploited in the Wild *

Android Security Patch Resolves Critical Vulnerabilities, Including Mali GPU Flaw *

Brazilian Cybercriminals Exploit LOLBaS and CMD Scripts to Target Online Bank Accounts *

Magecart-Style Campaign Exploits Legitimate Websites to Steal Credit Card Information *

Threat Actors Exploit Barracuda ESG Zero-Day Flaw to Distribute Backdoor *

$35 Million Worth of Cryptocurrency Stolen in Atomic Wallet Breach *

New Malware Campaign Targeting Online Sellers with Info-Stealer *

Splunk Addressed High-Severity Vulnerabilities in its Enterprise Products *

Chinese Hackers Camaro Dragon Employs New 'TinyNote' Backdoor for Intelligence Gathering *

US and South Korea Warn Kimsuky Hackers Impersonating Journalists to Gather Intelligence *

Google removed 32 Malicious Extensions from Chrome Web Store Downloaded by 75 Million Times *

North Korean Hackers, ScarCruft Uses LNK Files to Launch RokRAT Malware *

New MOVEit Transfer Zero-Day Vulnerability is Mass-Exploited in Data Theft Attacks *

New Horabot Campaign Targets Latin Americans' Gmail and Outlook Accounts *

Researchers warn Organisations about Saleforce 'Ghost Sites' Exposing Sensitive Information *

iPhones on Kaspersky Networks are Being Targeted with Unknown Malware *

Dark Pink APT Group Continues to Target Asia-Pacific Entities *

Hackers Pushing SeroXen RAT To Target Gaming Community *

Threat Actor 'Spyboy' Promotes Terminator Tool Capable of Bypassing AV, XDR, and EDR Solutions *

Researchers Uncover Proof-of-Concept for RCE Flaw Affecting Popular Python Library ReportLab Toolkit *

Researchers Warn About a Backdoor Functionality in Gigabyte Motherboards *

Google Releases Chrome 114; Addressing 18 Security Vulnerabilities *

Researchers Found DogeRAT Malware Targeting Indian Android Users *

RomCom Malware Impersonating ChatGPT, GIMP Spreaded via Google Ads *

Researchers Spotted 'SpinOk' Spyware Trojanized in 101 Android Applications *

Researchers Found Vulnerability in WordPress's 'Gravity Forms' Plugin Used in 930,000 Websites *

'Automattic' Rolls Security Patch to Address Critical Flaw in the Jetpack Plugin *

Apple Critical 'Migraine' Flaw Enables Attackers to Bypass System Integrity Protection *

MCNA Dental Suffers Ransomware Attack; Impacting 8.9 Million Patients *

Hacking Forum Exposed the Data of 478,000 RaidForums Members *

New GobRAT Malware Targeting Linux Routers in Japan *

Jimbos Protocol Suffered Flash Loan Attack Resulting in Theft of Over $7.5 Million *

BlackByte Ransomware Group Claims Responsibility for City of Augusta's Cyberattack *

Researcher Uncovers 'File Archiver in the Browser' Phishing Toolkit to Exploit ZIP Domains *

Emby Forced to Shutdown Hacked User-hosted Media Servers *

Unpatched Zyxel Firewalls Exploited by New Variant of Mirai Botnet *

New Bandit Stealer Malware Found Targeting Web Browsers and Cryptocurrency Wallets *

Researchers Discovered a Critical OAuth Vulnerability in Expo Framework *

QBot Malware Exploits DLL Hijacking Flaw in Windows WordPad EXE to Infect Devices *

Buhti Ransomware Gang Exploits Leaked Encryptors to Target Windows and Linux Systems *

Researchers Uncover Predator Android Spyware’s New Data Theft Capabilities *

Critical Vulnerability in Google Cloud's Cloud SQL Service Exposes Confidential Data *

D-Link Fixes Critical Vulnerabilities in its D-View 8.0 Network Device Management Platform *

New Russian-linked Malware 'COSMICENERGY' Targets Industrial Systems *

Threat Actors Found Using Encrypted RPMSG Messages in Microsoft 365 Phishing Attacks *

Barracuda Networks Patches Zero-Day Vulnerability in its Email Security Gateway Appliance *

Zyxel Patches Critical Flaws in its Firewall and VPN Products *

Researchers Uncover New Version of Legion Malware Targeting SSH Servers and AWS Credentials *

Lazarus Group Targets Microsoft IIS Servers to Deploy Malware *

Microsoft Exchange Servers Infected with the New PowerExchange Malware *

GitLab Issues an Emergency Update to Address a Critical Path Traversal Vulnerability *

Hackers Attack 1.5 million WordPress Sites by Leveraging a Cookie Consent Plugin Vulnerability *

Researchers Discover North Korean Kimsuky Group Leveraging Sophisticated Reconnaissance Toolkit *

Asian Government Entities Targeted by Newly Discovered APT Group, GoldenJackal *

Rheinmetall, German Arm Manufacturer, Falls Victim to BlackBasta Ransomware Attack *

Newly Discovered AhRat Malware Disguised in Screen Recording App on Google Play Store *

Newly Discovered Windows Kernel Driver Used by Iranian Hackers to Target Middle East Entities *

'Crypto Phishing Service 'Inferno Drainer' Steals $5.9 Million from Victims *

Microsoft 365 Suffers New Outage Causing Connectivity Issues *

Threat Actor 'GUI-vil' Exploiting AWS EC2 Instance for Crypto-mining Operations *

BlackCat Ransomware Group Employing Malicious Windows Kernel Drivers to Evade Detection *

Hackers Could Chain Two Flaws to Achieve Code Execution in Pimcore *

New Attack Method 'BrutePrint' Found Brute-Forcing Fingerprints on Android Devices *

Threat Actors Use Fake CapCut Websites to Distribute Malware *

Threat Actors Hide TurkoRAT Malware in npm Packages *

Infamous Cyber Group FIN7 is Back With Cl0p Ransomware *

Hackers Employ SIM Swapping to Target Microsoft Azure Machines *

Dish Network Likely Paid Ransom Following the Recent Ransomware Attack *

Luxottica Discloses a Data Breach; 70M Users Info Leaked *

A Faulty Security Update Taken Down ASUS Routers Globally *

CISA Issues a Warning on a Samsung ASLR Bypass Flaw *

Cryptojacking Group Exploits Oracle WebLogic Server for Cryptocurrency Mining *

'Lemon Group' Hacks Millions of Android Devices, Installing Guerilla *

New Vulnerability Discovered in KeePass Exposing Cleartext Master Password *

Retaliatory Cyberattack: Indian Hackers Target Pakistani Embassy Websites Following DDoS Attack on Indian State Police *

Apple Addresses Three New Zero-day Vulnerabilities with Patch Releases *

MalasLocker Ransomware Targets Zimbra Servers, Demands Charitable Donations *

Houthi-Linked Cyber Threat Group OilAlpha Targets Android Users in the Arabian Peninsula *

Unpatched Vulnerability Found in Belkin Wemo Smart Plugs by Researchers *

Malicious Visual Studio Extensions Discovered on Microsoft's VSCode Marketplace by Researchers *

Cisco Addresses Four Critical RCE Flaws in It's Smart Switches *

Chinese Hacking Group "Camaro Dragon" Exploits TP-Link Routers to Target European Organizations *

Hackers Exploit Geacon, a Cobalt Strike Port, to Target macOS Users *

Multiple Flaws Discovered in Kiddoware's Android Application 'Parental Control - Kids Place' *

Hackers Targeting Microsoft Azure Admin Account for Stealthy Access to VMs *

K D Hospital, a Multi-Specialty Healthcare Facility, Falls Victim to Ransomware Attack *

Researchers Found Vulnerabilities in Sierra Wireless, Teltonika Networks, and InHand Networks' Routers *

New APT Group, Lancefly Employs 'Merdoor' Backdoor *

PharMerica Suffers a Data Breach; Over 5.8 Million Patients Impacted *

New Ransomware-as-a-Service Operation, MichaelKors Targets Linux and VMware ESXi Systems *

Threat Actors Target Poorly Managed Microsoft SQL Servers Using CLR SqlShell Malware *

New Ransomware Operation, RA Group Targets US and South Korean Companies *

Rockwell Automation Fixed Multiple Vulnerabilities Present in its Products *

Threat Actors Found Exploiting Recently Fixed WordPress Plugin Vulnerability *

U.S. Transportation Department Suffers Data Breach; 237,000 Employees Impacted *

Greatness, New Phishing-as-a-Service Platform helps Cybercriminals to Generate Convincing Phishing Pages *

Researchers Uncovered a Vulnerability in Ferrari Website, Exposing Sensitive Information *

Researchers Found Multiple Vulnerabilities in Netgear's NightHawk Routers *

Toyota Disclosed Data Breach Exposing Car Location Data of 2 Million Customers for a Decade *

Attackers Exploiting Follina Vulnerability to Distribute XWorm Malware *

Discord Disclosed Data Breach After its Support Agent's Account got Compromised *

FBI and CISA Warns Bl00dy Ransomware Targets Education Sector via PaperCut RCE Flaw *

New APT Group Red Stinger Targeting East Europe's Critical Infrastructures *

Researchers Uncover Stealthier Version of Linux BPFDoor Malware *

ABB, a Swiss Automation Company Struck by the Black Basta Ransomware *

Ransomware Gangs Targeting VMWare ESXi Servers with Leaked Babuk Ransomware Source Code *

Researchers Found Critical Privilege Escalation Vulnerability in Elementor Plugins *

North Korean Hackers Breach South Korea's Seoul National University; KNPA Issues Warning *

Researcher Found New Variant of RapperBot Malware with Cryptojacking Capabilities *

Threat Actors Employ DownEx Malware to Target Government Organizations in Central Asia *

Threat Actors Deploying Aurora Stealer Via Popunder Ads *

Researchers Disclose Info on Zero-Click Windows Vulnerability Enabling NTLM Credential Theft *

New DDoS Botnet Malware AndoryuBot Exploits Critical Ruckus RCE Vulnerability *

SideWinder APT Group Deploys Server-Based Polymorphism Technique in Attacks on Pakistani Government Organizations *

Sysco, a Global Food Chain, Faces Data Breach Impacting Customer and Employee Information *

Critical Linux Kernel Netfilter Vulnerability Enables Root Privilege Escalation *

Microsoft Releases Optional Fix Guidelines for Secure Boot Zero-Day Vulnerability *

Adobe Releases Patch for 14 Vulnerabilities in Substance 3D Painter Software *

Microsoft Patch Tuesday Security Advisory - May 2023 *

Healthcare Solution Provider 'NextGen' Suffers Data Breach Impacting 1 Million Customers *

After MSI Breach, Intel Investigates Intel Boot Guard Private Keys Leak *

FBI Seizes 13 Domains Linked to DDoS-For-Hire Services *

Critical Vulnerability in Siemens Industrial Control Systems Could Disrupt Power Grid *

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine *

Researchers Found SideCopy Group's Phishing Campaign with Indian Military Themed Lures *

Researchers Uncover New Ransomware Operation Dubbed 'Cactus' *

New Ransomware 'Akira' Targets Enterprise Networks *

Vulnerability in OpenAI's Account Validation Process Allows Unlimited Credits *

A Security Incident Exposed Private Tweets of Twitter Circle *

Fortinet Releases Patches for High-Severity Vulnerabilities in FortiADC and FortiOS *

New PaperCut RCE Exploit Bypasses Existing Detections *

Dragon Breath APT Group Targets Gambling Industry Using Double-Clean-App Technique *

Hackers Employ New Web-Inject Toolkit DrIBAN to Target Italian Banking Clients *

Threat Actors Hack Packagist Repository; Dozen PHP Packages Compromised *

New Android FluHorse Malware Targets Users with Malicious Apps *

Updates for Android Fixes a Kernel Flaw used in Spyware Attacks *

ALPHV Gang Breaches Constellation Software in a Ransomware Attack *

Two WordPress Custom Field Plugins Exposes Over 1M Sites to XSS Attacks *

Cisco Disclosed New RCE Vulnerability in Cisco SPA112-Port Phone Adapters *

Meta Thwarts a Malware Campaign that Used ChatGPT to Steal Accounts *

ALPHV Ransomware Added McDermott International to its Victim List *

Researchers Found New Android Subscription Malware 'Fleckpe' on Google Play *

Three New Vulnerabilities Found in Microsoft Azure API Management Service *

City of Dallas Suffers Royal Ransomware Attack Resulting in Shutdown of its IT Systems *

Russian Hacking Group 'Sandworm' Utilizes WInRAR to Erase Ukrainian Government's Data *

New Info-stealing Malware 'NodeStealer' Steal Cookies to Hijack Facebook Accounts *

Dragon Breath Group Employs New Double DLL Sideloading Technique to Evade Detection *

A Data Breach at Brightline Affects 783,000 Pediatric Mental Health Patients *

Hackers Exploit Authentication Bypass Vulnerability and RCE Vulnerability in DVR Devices *

Iranian Government's BouldSpy Android Spyware Found Targeting Minority Groups *

Researchers Uncover Three New Flaws in FRRouting Software *

Cryptocurrency Exchange Platform Level Finance Hacked, Resulting in Loss of 214k LVL Tokens *

CISA Added TP-Link, Apache, and Oracle Vulnerabilities to its Known Exploited Vulnerabilities Catalog *

Servers Running Salesforce Software Are Leaking Sensitive Data *

Researchers Found Threat Actors Distributing New LOBSHOT Malware via Google Ads *

Vietnamese Threat Actor Employs Malverposting Tactics to Infect 500,000 Devices *

Hackers Target AT&T Email Accounts to Steal Cryptocurrency *

Russian Hackers Target Ukrainian Government with Phishing Emails *

Sharpboys Breach Israeli Prime Minister Benjamin Netanyahu's Facebook Account *

Americold, A Leading Cold Storage Company Suffered Outage Followed by Network Breach *

Hackers Found Targeting Vulnerable Veeam Backup Servers Exposed on the Internet *

Zyxel Addresses Critical Vulnerabilities in its Firewall Devices *

Hackers Use Realistic Checkout Forms to Steal Credit Cards *

CISA Issued a Warning about Critical Vulnerabilities in Illumina's DNA Sequencing Systems *

Researchers Found New Variant of ViperSoftX Info-Stealing Malware with Broader Range of Targets *

New macOS Info-stealing Malware 'Atomic' is being Sold Via Private Telegram Channel *

Multiple Malicious Gaming Apps Found Distributing Adware on Google Play *

Russian Hacking Group Found Operating New Politically Motivated Surveillance Campaign Paperbug in Tajikistan *

Researchers Found RTM Ransomware Group Using New Linux Encryptor to Target VMware ESXi Servers *

Researchers Found Chinese Hacking Group Gallium Using New Linux Malware Strains in Cyberespionage *

PrestaShop Releases New Version to Fix a Critical SQL Filtering Vulnerability *

Apache Superset Servers are Vulnerable to Authentication Bypass and RCE Attacks *

Cisco Discloses New Zero-Day Vulnerability in its Prime Collaboration Deployment (PCD) Software *

Evasive Panda Hacking Group Targets Tencent QQ Messaging App with MgBot Malware *

Researchers Found New Version of Mirai Botnet Malware Exploiting a Vulnerability in TP-Link WiFi Routers *

VMware Released Patches for Critical Vulnerabilities Discovered in its Workstation and Fusion Software Hypervisors *

New Critical SLP Vulnerability Allows Massive 2200X DDoS Amplification Attack *

Iranian Hackers Targeting Israel with a PowerLess Backdoor Via Phishing Attacks *

APC Addresses Critical Vulnerabilities in its Easy UPS Online Monitoring Software *

Canadian Directory Publisher Yellow Pages Suffers a Cyberattack Resulting in Data Leak *

Researchers Found New Side Channel Attack Affecting Multiple Generations of Intel CPUs *

Attackers Hacked KuCoin’s Twitter Account to Promote Crypto Scam *

Microsoft 365 Search Outage Impacts Outlook, Teams, and Exchange Online *

Hackers can Abuse Improperly Wiped Corporate-grade Routers to Gain Sensitive Data *

CISA Adds Three More Security Flaws to its Known Exploited Vulnerabilities Catalog *

Researchers Found a New Malware Toolkit Dubbed Decoy Dog via Anomalous DNS Traffic *

In Both Europe and the US, EvilExtractor Seen an Uptick in Malware Activity *

Alongside 3CX Breach, Lazarus X_TRADER Hack Affects Critical Infrastructure *

Google Ads Support Ransomware Gangs to Employ the BumbleBee Malware *

MediaWiki and TWiki-based University Websites Compromised to Spread Fortnite Spam *

GhostToken Flaw Enable Attackers to Hide Malicious Apps in Google Cloud Platform *

American Bar Association Suffers Data Breach, Affecting 1.4 Million Members *

Kubernetes RBAC Exploited in a Large-scale Cryptocurrency Mining Campaign *

African Telecommunication Service Providers are Targeted by Daggerfly Threat Group *

Attackers Abuses Abandoned 'Eval PHP' WordPress Plugin to Compromise Websites *

Lazarus Threat Group Found Using Linux Malware in Fake Job Campaigns *

Two Critical Vulnerabilities Found In Alibaba Cloud's ApsaraDB RDS and AnlayticDB for PostgreSQL *

VMware Addresses Critical Arbitrary Code Vulnerability in its Aria Operations for Logs *

Threat Actors Using AuKill Hacking Tool to Disable EDR Software on Targeted Systems *

PaperCut Warns of Critical Vulnerabilities that are Actively Exploited in the Wild *

Blind Eagle Threat Group's New Multi-Stage Attack Pushes NjRAT Trojan on Compromised Systems *

Researchers Found Attackers Deploying Trigona Ransomware on Unsecured Microsoft SQL Servers *

Pakistani Hackers Transparent Tribe Target Indian Government Agencies Using Linux Malware Poseidon *

Google Addressed Another Zero-Day Vulnerability in Chrome Browser *

Vice Society Ransomware Gang Leaks Data Stolen from US Network Infrastructure Giant CommScope *

Iranian Hackers Leveraging Legitimate Simplehelp Remote Support Software to Carry Out Persistent Attacks *

CISA, FBI Alerts on Russian State-Sponsored APT28 Threat Group Targeting Cisco Routers *

Iranian Hacking Group 'Mint Sandstorm' Targets US Critical Infrastructure in Retaliation to Iranian Attacks *

CISA Adds macOS and Chrome Bugs to its Known Exploited Vulnerabilities Catalog *

A Security Researcher Published New Sandbox Escape PoC Exploit for VM2 Library *

Ex-Conti Members Collaborate with FIN7 Hacking Group to Push New Domino Malware *

QBot Malware is Now Distributed Using Malicious PDFs and Windows Script Files *

New Credential-Stealer Zaraza Bot Targets 38 Different Web Browsers, Including Google Chrome *

Hackers Abused Google Command and Control Red Team Tool in Data Theft Attacks *

New Android Malware Chameleon Targets Users in Australia and Poland *

Researchers Found New LockBit Encryptors Targeting macOS Devices *

The Indian Cybercrime Coordination Center Issued an Alert on 'Hacktivist Indonesia' Group Targeting Govt Websites *

Researchers Found Hackers Using Action1 RMM in Ransomware Attacks *

NCR’s Aloha POS Platform Suffers an Outage as a Result of BlackCat Ransomware *

Attackers are Spreading Android Goldoson Malware Via 60 Google Play Apps *

Kodi Suffered a Data Breach Exposing 400K User Records *

Researchers Found Vice Society Ransomware Using New PowerShell-Based Data Theft Tool in Attacks *

CISA Adds Two Actively Exploited Vulnerabilities in Android and Novi Survey to its KEV Catalog *

Google Chrome Releases Emergency Update to Fix a Zero-Day Vulnerability *

Russian State Sponsored APT29 Group Targeting NATO and European Union Countries *

Researchers Uncover 'Read The Manual' Locker Cyber-criminals *

Researchers Found New Legion Tool with Credential Harvester and SMTP Hijacking Capabilities *

Microsoft Warns of a Phishing Campaign Targeting Tax Preparers and Accounting Firms *

Pakistani Hackers 'Transparent Tribe' Targeting Educational Institutions of India *

Security Researchers Warn to Patch Critical MSMQ Vulnerability in Windows *

Hyundai Suffers Data Breach Exposing Customers’ Personal Data *

Kyocera Addressed a Vulnerability in its Android Printing App that can be Abused to Install Malware *

Fortinet Patches Critical Vulnerability in its FortiPresence *

Microsoft Patch Tuesday Security Advisory - April 2023 *

A New 'By-Design' Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers *

Infected Websites Distributing Monero Malware via Fake Google Chrome Update Errors *

Attackers Hacked iPhones via Invisible Calendar Invites to Drop Spyware *

Microsoft Patched Actively Exploiting Zero-day Vulnerability in Windows CLFS *

SAP Addresses Two Critical-Severity Vulnerabilities in its April 2023 Security Updates *

European HR and Payroll Management Company SD Worx Suffers a Cyberattack *

NPM Repository Flooded with Malicious Packages Causing DoS Attack and Service Unavailability *

Apple Patches Two Zero-day Vulnerabilities on Older iPhones and iPads *

Researchers Found New Cryptojacking Campaign Targeting Linux Machines *

Scammers Using Authentic YouTube Email Address to Lure Users into Providing Credentials *

Iran-based Hackers Carrying Out Destructive Attacks in Disguise as of Ransomware *

Researchers Disclose Critical RCE Flaw in vm2 Sandbox Library *

CISA Urges Agencies to Address Backup Exec Issues Exploited by a Ransomware Gang *

Massive Balada Injector Campaign Targeting WordPress Sites Since 2017 *

MSI Affirms Security Breach Accusations Post Ransomware Attack *

Apple Patches 2-Zero days Exploited to Hack iPhones and Macs *

Cisco Released Patches for Multiple Vulnerabilities in its Various Products *

Medusa Ransomware Acknowledges Cyberattack on the Open University of Cyprus *

Money Message Ransomware Claims MSI Breach; Demands 4 Million USD *

Google Patches Several Security Vulnerabilities with Chrome 112 *

Researchers Found Four Vulnerabilities in the Popular Japanese Word Processor 'Ichitaro' *

CISA Warns on Vulnerabilities Discovered in Nexx Smart Devices *

New Clipper Malware 'CryptoClippy' Targeting Portuguese Cryptocurrency Users *

Researchers Found Threat Group Mantis Using Upgraded Malware to Target Palestinian Entities *

Researchers Found New Version of Typhon Information-Stealer with Enhanced Anti-Analysis and Evasion Capabilities *

Google Announced Android's April 2023 Security Update Addressing Over 65 Vulnerabilities *

Researchers Found New Rilide Malware Targeting Chrome-Based Browsers to Steal Cryptocurrency *

ALPHV Ransomware Exploits Three High-Severity Vulnerabilities in Veritas Backup Software *

Check Point Researchers Spotted New Rorschach Ransomware Deployed Against a US-Based Company *

IRS-Authorized 'eFile.com' Website was Found Serving JavaScript Malware *

HP Announces Critical Information Disclosure Flaw in its LaserJet Printers to be Patched within 90 Days *

Researchers Found New Information-Stealing Malware 'OpcJacker' Used in Malvertising Campaigns *

Hackers Using Malicious WinRAR Self-Extracting Archives to Plant Backdoors on Devices *

Hackers Target Victims of 3CX Supply Chain Attack with Gopuram Malware *

Researcher Found Multiple Vulnerabilities in Osprey Pump Controller *

American Telecommunication Company Lumen Technologies Suffered Two Cyberattacks *

Researchers Discovered a New 'Money Message' Ransomware Extorting $1 Million *

Fake Threat Group Midnight Extorting Previously Breached U.S. Companies *

Researchers Found Cylance Ransomware Targeting Linux and Windows Systems *

TMX Finance and its Subsidiaries Suffers Data Breach Affecting 4.8 Million Customers *

Hackers Exploited a High Severity Flaw in the Elementor Pro WordPress Plugin to Upload Backdoors *

Researchers Found Threat Actors Exploiting 10 Year Old Windows Vulnerability with 'opt-in' Fix in Recent Attacks *

A Severe Super FabriXss Vulnerability has been Discovered in Azure Service Fabric Explorer *

Researchers Found Malware Botnets Exploiting Realtek and Cacti Vulnerabilities *

New AlienFox Toolkit Targets Popular Cloud Services for Credential Harvesting *

Chinese Threat Group RedGolf Uses a Custom Backdoor KEYPLUG to Target Windows and Linux Systems *

Threat Group Winter Vivern Exploiting a Zimbra Vulnerability to Steal NATO Emails *

CISA Added Five Vulnerabilities Exploited to Drop Spyware to its Known Exploited Vulnerabilities Catalog *

A Misconfigured Microsoft Bing Application Allows to Breach the Office 365 Users *

Hackers Compromised 3CX Desktop App Using Digitally Signed and Trojanized Version of 3CX (VOIP) *

Researchers Discovered a New Malware ‘Melofée’ Targeting Linux Server *

QNAP Addresses High Severity Linux Sudo Vulnerability in NAS Devices *

Hackers Exploited 'burn' Smart Contract Function in SafeMoon's Liquidty Pool to Drain $8.9 Million *

Clop Ransomware Breached Crown Resorts' Network by Exploiting GoAnywhere Zero-day Vulnerability *

Security Researchers Disclosed WiFi Protocol Vulnerability Allowing Attackers to Hijack Network Traffic *

Researchers Found Trojanized Tor Browsers Targeting Russians with Crypto-Stealing Malware *

Attackers Targeted European Entities to Distribute Remcos RAT and Formbook Malware *

Pakistan-Based SideCopy APT Group Targeting India's DRDO with Action RAT *

Researchers Found New Variants of IcedID Loader Delivering Other Malware *

A New MacStealer Malware Targeted Mac Users and Stealing iCloud Keychain Credentials *

Apple Fixes WebKit Zero-Day Bug on Older iPhones *

Twitter Removes Source Code that Leaked on GitHub and Searching for Downloaders *

Attackers Targeting U.S. Taxpayers in New Emotet Phishing Campaign *

Critical Flaw in AI Testing Framework MLflow May Expose AI and Machine-Learning Models *

OpenAI Reveals About ChatGPT User Data Exposure Incident *

Microsoft Warn of Outlook Vulnerability Exploited by Russian Attackers *

Procter & Gamble Discloses Data Breach via GoAnywhere Zero-day *

Chinese Nuclear Energy Institutions Targeted by 'Bitter' Espionage Hackers *

Lionsgate's Streaming Network Reveals Over 37 Million Subscribers' Data *

Malicious Python Package Employ Unicode Technique to Evade Detection *

Researchers Disclose Chinese Nation State Hackers' New Attack Strategies *

Threat Actors Targeting 450 Financial Apps Using Android Banking Trojan *

Code Hosting Platform 'GitHub' Swiftly Replaces Exposed RSA SSH Key *

Play Ransomware Gang Publishes Data Stolen From Maritime Firm Royal Dirkzwager *

WordPress Fixed a Critical Vulnerability in WooCommerce Payments Plugin *

BlackGuard Stealer Targeting 57 Cryptocurrency Browser Extensions and Wallets *

Cisco Addressed High Severity Vulnerabilities in its IOS and IOS XE Software *

Microsoft Fixes Windows 11 Snipping Tool's Acropalypse Privacy Flaw *

Researchers Warn About Kimsuky Threat Group Stealing Gmail Content *

Researchers Published Proof-of-Concept (PoC) for Netgear Orbi Mesh Wireless System Vulnerabilities *

A Trojanized ChatGPT Chrome Extension Found Stealing Facebook Accounts *

CISA Warned on Critical Vulnerabilities in Industrial Control Systems Products *

Play Ransomware Gang Released Data Allegedly Stolen From Logistics Services Company Royal Dirkzwager *

Mozilla Fixes Firefox Crash Issue in Windows 11 and macOS Systems *

Hackers Employing New CommonMagic and PowerMagic Malware To Steal Victims' Information *

Threat Actors Targeting Linux Servers with Different Variants of ShellBot Malware *

Fraudsters Extort 1 Crore INR from 81 Users Via a Mobile Payment App *

Threat Actors Exploited a Zero-day Vulnerability in General Byte Bitcoin ATMs *

Ferrari, Italian Luxury Sports Car Manufacturer Discloses a Data Breach *

Realtek SDK, Huawei Routers, and Hadoop YARN Servers are Targeted by New HinataBot Botnet *

FBI, CISA and MS-ISAC Releases Advisory to Warns About LockBit 3.0 Ransomware Attacks *

New Trigona Ransomware Targets Australia, United States and European Countries *

Threat Actors Now Distributing Emotet Malware via Malicious Microsoft OneNote Files *

NBA Suffers Data Breach that Exposes its Fans' Personal Information *

Scammers Abuse Twitter’s 'Quote Tweet' Feature to Target Bank Customers *

Attackers Distributing Android Malware 'FakeCalls' in South Korea *

A Cyberattack at Latitude Financial Services Leads to Data Theft at Two Service Providers *

Google Warned About 18 Zero-Day Flaws in Samsung's Exynos Chipsets *

Attackers Abuse Adobe Acrobat Sign to Deliver Redline Info-Stealing Malware *

Mozilla Announced the Release of Firefox 111 with Dozen of Vulnerability Patches *

Attackers Hacked U.S Federal Agencies Using Old Telerik UI Vulnerability *

Researchers Discovered First Dero Cryptojacking Campaign Targeting Kubernetes *

Healthcare Provider ILS Suffered a Data Breach Exposing 4.2 Million Patient Data *

Researchers Disclosed the Technical Details of Critical Microsoft Outlook Vulnerability *

Tick APT Group Compromised a Data-Loss Prevention Company in East Asia *

CISA Added a Critical Adobe ColdFusion Vulnerability to its Known Exploited Vulnerability Catalog *

New Threat Group YoroTrooper Running Cyber-Espionage Campaign Against CIS Government Organizations *

Rubrik Suffers Data Breach in GoAnywhere Zero-Day Attack *

SAP Addressed Five Critical Vulnerabilities in its Security Updates *

Microsoft Patch Tuesday Security Advisory - March 2023 *

Euler Finance Lost $197 Million in Crypto in Flash Loan Attack *

Dark Pink APT Group Using KamiKakaBot Malware Against Southeast Asian Government and Military Entities *

A Massive Cyberattack Hijacks East Asian Websites to Redirect Victims to Adult Content *

Threat Actors Using AI-generated YouTube Videos to Spread Info-stealer Malware *

Researchers Discovered Critical Security Vulnerabilities in Akuvox E11 Video Doorphone *

Unidentified Attackers Target Government Networks by Abusing New FortiOS Bug in Zero-Day Attacks *

Researchers Disclosed a Cross-Site Search Vulnerability in OpenSea NFT Marketplace *

Researchers Found a New CASPER Attack that Leaks Data from Air-gapped Computers *

German Vehicle Manufacturer BMW Exposes Clients Data and Business Secrets *

U.S. Office Supply Distributor Essendant Suffers Multi-Day Outage *

Updated Version of Prometei Malware Found Infecting 10000 Systems Worldwide *

Clop Ransomware Gang Starts Extorting GoAnywhere Zero-Day Exploit Victims *

Researchers Found BATLOADER Malware Abusing Google Ads to Deliver Secondary Payload *

New Threat Actor UNC2970 Targeting Security Researchers Using New Custom Malwares Families *

Researcher Found New GoBruteforcer Malware Targeting Servers with phpMyAdmin, MySQL, FTP, Postgres Services *

CISA Adds Two Vulnerabilities to its Known Exploited Vulnerabilities Catalog *

Cerebral Healthcare Platform Suffered a Data Breach Affecting 3.18 Million Patients *

Researchers Found the New Variant of Xenomorph Android Malware Targeting Over 500 Banks *

Threat Actors Exploiting Remote Desktop Software Vulnerabilities to Spread PlugX Malware *

New Variant of IceFire Ransomware is Now Actively Targets Linux Systems *

Attackers Targeted Oracle WebLogic Servers with New ScrubCrypt Crypter *

A Chinese Hacking Campaign Targets Unpatched SonicWall SMA Appliances to Install Custom Malware *

AT&T Vendor Hack Results in the Disclosure of 9 Million Customer Records *

Researchers Reported About Bitwarden's Autofill Feature Flaw that can be Abused to Steal Credentials *

New Sharp Panda Campaign Targets Southeast Asian Government Entities with Soul Malware *

Veeam Addressed a High Severity Backup Services Vulnerability Affecting its Backup Infrastructure *

Fortinet Fixed a Critical RCE Vulnerability Affecting FortiOS and FortiProxy *

SYS01stealer: A New Attack Targeting Critical Infrastructure Enterprises Using Facebook Ads *

Transparent Tribe Hackers Employ Trojanized Messaging Apps to Distribute CapraRAT *

Microsoft Releases a Fix for Outlook Login Issues in Exchange Environments *

Acer Discloses Breach Following the Sale of 160GB of Data on a Hacking Site *

The March 2023 Android Update Addresses Two Critical Code Execution Flaws *

New HiatusRAT Malware Found Targeting DrayTek Vigor Routers for Data Theft *

Researcher Found Blackfly APT Group Targeting Asian Entities *

Experts Revealed About a Blind Spot in Google Cloud Platform that Leads to Data Exfiltration Attacks *

Researcher Published Proof-of-Concept for Microsoft Word's Critical RCE Vulnerability *

The Sandbox Blockchain Games’ Employee Account Hacked to Send Malware-Linked Emails *

Threat Actors Using Malicious Microsoft OneNote Attachments to Infect Windows Systems *

Researchers Found New FiXS ATM Malware Targeting Banks of Mexico *

Tennessee State University and Southeastern Louisiana Universities Suffers Cyberattack *

CISA and FBI Warn of Increased Royal Ransomware Attacks *

Researchers Found Thousands of Websites Compromised Using Stolen FTP Credentials *

Threat Actors Launch New Cryptojacking Campaign, Targeting Misconfigured Redis Database Servers *

Microsoft Fixed MMIO Information Disclosure Vulnerabilities in Intel CPUs *

Experts Uncover a Full-Featured Information Stealer and Trojan in a Python Package on PyPI *

Scammers Target Trezor Customers with Fake Data Breach Notifications *

Aruba Networks Patched Six Critical-Severity Vulnerabilities Impacting ArubaOS Versions *

Iron Tiger Attackers Create New Linux Version of their Custom SysUpdate Malware *

Cisco Addresses Critical RCE Vulnerability in Web UI of Multiple IP Phones *

BlackLotus is the First UEFI Bootkit Malware to Bypass Secure Boot Defenses on Windows 11 *

Microsoft Addressed a Global Outage Impacting its Exchange Online Mailboxes *

Blind Eagle Hackers Targeting Colombian Entities via Spear-Phishing *

Attackers Using Advanced Hacking Operation SCARLETEEL to Infiltrate Cloud Services *

Researchers Identified Pair of Security Defects in Trusted Platform Module (TPM) 2.0 *

American TV Giant Dish Network Confirms Ransomware Attack Behind Multi-Day Network Outage *

CISA Alerts on Active Exploitation of ZK Java Framework RCE Flaw *

Attackers Promoting New Exfiltrator-22 Post-Exploitation Framework to Spread Ransomware *

LastPass Releases Additional Information on December 2022 Password Vault Data Breach *

Researchers Found Mysterious Nevada Group Targeting Thousands of Cloud Servers *

Attackers Use LinkedIn URL Shortener to Send Amazon Prime Phishing Emails *

Two Critical Flaws in WordPress Houzez Theme and Plugin are Being Actively Exploited in the Wild *

U.S. Marshal Service Suffered a Data Breach Followed by Ransomware Attack *

Ohio’s Largest Oil Producer Encino Energy Targeted by Cyberattack *

ChromeLoader Campaign Now Distributing Malicious VHD Files Disguised as Game Programs *

Cyberattacks Target Data Center Organizations to Steal Information *

News Corp's Data Breach Statement Reveals Hackers were on it's Network for 2 Years *

Attackers Flood NPM Repository with 15000 Malicious Packages Containing Phishing Links *

American TV Giant Dish Network Suffers an Outage *

Stanford University Suffers Data Breach Affecting 897 PhD Applicants *

Researchers found Unknown Threat Actors Targeting Government Entities with PureCrypter Malware *

Pirated Final Cut Pro Software Targets macOS for Cryptocurrency Mining *

Researchers Discover a Cyber Group Employing Lilith RAT and Atharvan Malware to Target the Material Research Industry *

Dole, a Fruit and Vegetable Company, Hit by a Ransomware Attack *

Analysts Warn of Increasing Attacks Leveraging Zoho ManageEngine Products *

Canada’s Second Largest Telecom TELUS Investigating a Possible Data Breach *

Cisco Addresses High-Severity Vulnerabilities in its Application Centric Infrastructure Components *

Attackers Exploited R1Soft Server Backup Manager Vulnerability to Deploy Backdoor *

New S1deload Info-Stealer Malware Targets YouTube and Facebook Accounts *

Shipping and Medical Laboratories are Targeted by New Threat Actor Hydrochasma *

Hackers Using Fake ChatGPT Apps to Distribute Windows and Android Malware *

VMware Fixed a Critical Injection Flaw in Carbon Black App Control *

CISA Adds Three New Security Flaws to its Known Exploited Vulnerabilities Catalog *

Security Researchers Release the Proof-of-Concept Exploit for Critical Fortinet's FortiNAC RCE Flaw *

Researchers Found MyloBot Botnet Infecting Thousands of Systems Everyday *

Video Game Publisher Activision Suffered a Data Breach *

Pakistani Threat Actor SideCopy Targeting Indian Government Agencies Using ReverseRAT Backdoor *

Apple Updated its Security Advisories to Add New Class of Vulnerabilities *

Researchers Found a New Stealc Malware with Wide Range of Capabilities *

HardBit 2.0 Ransomware Operators Use Victim’s Insurance Details to Set Up Ransom Payment *

Samsung Adds New Security Feature to Protect Against Zero-Click Attack *

Indian Ticketing Platform RailYatri Suffered a Data Breach Affecting 31 Million Customers *

Attacker Targeted Coinbase Employees in Smishing Attack *

Attackers Using New Version of OxtaRAT Backdoor to Target Armenian Entities *

Researchers Found a New WhiskerSpy Backdoor Delivered via Trojanized codec Installer *

Threat Actors Exploiting Microsoft Exchange ProxyShell Vulnerabilities to Deploy Cryptocurrency Miners *

Experts Found Attackers Targeting South Korean Journalists with RambleOn Malware *

Researchers Found New Mirai Botnet Variant Targeting Linux and IoT Devices *

GoDaddy Reports a Multi-Year Security Breach it Suffered *

Threat Actors Targeted Microsoft IIS Servers with New Frebniis Malware *

Fortinet Patches Two Critical Security Flaws in FortiNAC and FortiWeb Product *

CISA Alerts on Windows and iOS Vulnerabilities Exploited as Zero-Days *

Louisiana HBCU's Xavier University Reported a Data Breach that Occurred in November 2022 *

Researchers Found an Authenticated RCE Vulnerability in Arris Router *

Scandinavian Airlines Suffered Cyberattack Exposing Customer Data *

Burton Snowboards Cancelled Online Orders Following Cyber Attack *

RedEyes APT Group Using New Malware 'M2RAT' to Steal Victims' Data *

Splunk Patches High Severity Vulnerabilities in its Enterprise Solution Update *

New Stealthy Malware 'Beep' is Very Focused in Avoiding Detection *

Tonga Communications Corporation Suffers Ransomware Attack *

Hyundai and Kia Car Thefts Rise due to TikTok Challenge *

Hackers Using New MortalKombat Ransomware and Laplas Crypto-Hijacker Targeting U.S Victims *

Community Health Systems Suffers Data Breach Affecting One Million Patients *

Microsoft Exchange Server 2013 Reaches End of Support Lifecycle in April 2023 *

Al-Toufan Hacking Group Targets Websites of Bahrain Airport and News Sites *

Microsoft Patch Tuesday Security Advisory - February 2023 *

United States’ Largest Bottler Pepsi Bottling Ventures Suffers Data Breach *

Garrison Women's Health Suffered Data Breach Affecting 4,000 Patients *

Apple Addressed New Actively Exploited WebKit Zero-Day Vulnerability *

Cloudflare Detects and Mitigates Largest Recorded DDoS Attack *

Modified Version of ESXiArgs Ransomware Blocks VMware Host Recovery *

New Ransomware Group DarkBit Targets Israel's Top Research University Technion *

Threat Actors Hacked Namecheap’s Email Account to Send Phishing Emails *

CISA Warns About North Korean Hackers Targeting Healthcare Organizations in Ransomware Attacks *

CISA Adds Three More Security Flaws to its Known Exploited Vulnerabilities Catalog *

Multiple Medical Groups in California Suffered a Ransomware Attack *

Researchers Found Malicious Packages on PyPI and NPM Repositories *

Play Ransomware Claims Attack on A10 Networks *

Clop Ransomware Gang Claims Exploiting GoAnywhere Zero-Day Flaw *

Microsoft Announces Retirement of Microsoft Support Diagnostic Tool (MSDT) and Troubleshooters *

Researchers Found Multiple Vulnerabilities in Wireless Industrial Internet of Things (IIoT) Devices *

NewsPenguin Threat Actor Targets Pakistani Entities in Phishing Campaign *

Russian Hackers Use Fake Crypto Job Offers to Push Enigma Malware *

Reddit Hit by Cyberattack that Allowed Hackers to Steal Source Code *

The Largest Canadian Bookstore Indigo Suffered a Cyberattack *

Researchers Found Russian Hackers Using New Graphiron Malware to Target Ukraine *

Ross Memorial Hospital in Lindsay Hit by a Cyberattack *

Munster Technological University (MTU) in Ireland Suffers a Major IT Breach *

Multiple Document Management Systems Found with Unpatched Security Vulnerabilities *

Google Released Chrome 110 that Addresses 15 Vulnerabilities *

Pharmaceutical Distributor AmerisourceBergen Hit by a Cyberattack *

Researchers Found New Medusa Botnet Targeting Linux Users *

GuLoader Malware Targets E-commerce Industry Using Malicious NSIS Executables *

Developers Release an Emergency Patch for GoAnywhere MFTaaS's Actively Exploited Zero-Day Flaw *

Researcher Disclosed a Flaw Detected in Toyota's Global Supplier Management System (GSPIMS) *

Google Chrome to End Support for Windows 7,8,8.1, Windows Server 2012, and 2012 R2 Starting February 2023 *

OpenSSL Releases a Patch to Fix High-Severity Vulnerabilities *

U.S. Cellular's Third-Party Vendor Suffers Data Breach Affecting its 52000 Customers *

Researchers Disclosed About High-Severity Format String Vulnerability Present in F5 BIG-IP *

India’s Largest Truck Brokerage Company FR8 Exposes 140GB of Information in a Data Leak *

TgToxic Malware is Targeting Android Users from Southeast Asia *

Hackers Mimicking Ukrainian Ministry Officials to Deploy Malware *

TruthFinder and Instant Checkmate Discloses a Data Breach Affecting 20 Million Consumers *

A New Wave of Ransomware Attacks Targeting ESXi Systems Using a VMware Flaw *

Major Internet and Power Outages Struck Bermuda *

A New Android Banking Trojan is Aimed at Brazilian Financial Institutions *

A GoAnywhere MFT Zero-day Flaw Enables Server Intrusion *

Florida Hospital Shuts Down its IT Systems Post a Cyberattack *

Threat Actors Targeting Vulnerabilities in SugarCRM and Oracle E-Business Suite *

Jira Software from Atlassian has a Critical Authentication Vulnerability *

Hackers from Iran's Oil Rig Using a New Backdoor to Steal Data from Government Agencies *

Hackers Use KoiVM Virtualization Technology to Evade Detection when Installing the Formbook Data Stealer *

North Korean Lazarus Hacking Group Stole 100GB of Data Via Campaign Named "No Pineapple!" *

Financial Software Provider, ION Group, has been Hit by a Ransomware Attack Affected Global Markets *

Cisco Addressed High-Severity Vulnerability in its IOx Application *

Car Retailer Arnold Clark Suffers a Data Breach Claimed by Play Ransomware *

Hackers Stolen the Details of 240,000 Skating Customers from Planet Ice *

Fraudulent Crypto Apps Infiltrate Apple App Store and Google Play Store *

BlackCat Ransomware Gang Claims an Attack on Solar Industries, an Industrial Explosives Manufacturer *

Hackers Used Google Fi Data Breach to Carry Out SIM Swap Attacks *

A Phishing Attack Against Latvia’s Ministry of Defense Linked to Russian Hacking Group *

Guildford County School Suffers a Cyberattack Resulting in Outage *

US Telecommunications Company Charter Communication Impacted by Third-Party Data Breach *

Indianapolis Housing Agency Suffers Ransomware Attack Affecting 212,910 Peoples *

Hackers Advertising New Golang-Based Malware via Telegram Channel *

Attackers Stole Encrypted Code-Signing Certificates of GitHub Desktop for Mac and Atom Apps *

Developers Disagree with a New Vulnerability Reported in KeePass Software *

QNAP Fixes a Critical Vulnerability in its NAS Devices *

UK Retail Company JD Sports Suffered a Data Breach Affecting 10 Million Customers *

A Critical Vulnerability in Lexmark Printers Affects Over 120 Models *

Researchers Found Gootkit Malware with New Components and Obfuscation Techniques *

ISC Patched Multiple High-Severity DoS Vulnerabilities in DNS Software Suite BIND *

Researchers Warn About Multiple Vulnerabilities in Healthcare Software OpenEMR *

Researchers Found Attackers Using Portable USB Storage Devices to Spread New Variant of PlugX Malware *

Several Malicious Apps have been Found on Google Play Store with Over 5 Million Downloads *

Hackers Using New SwiftSlicer Data Wiper to Infect Windows OS *

A Major Microsoft 365 Outage was Caused by a Change in WAN Router IP Address *

A Hacker Group Called Sandworm Attacked a Ukrainian News Agency with Five Data Wipers *

Researcher Found 75,000 WordPress Sites Still Using Vulnerable LearnPress Plugin Version *

Data Breach Against Two Health Service Organizations Affected 400,000 Individuals *

BayCare Clinic Suffers Data Breach Due to Tracking Pixel Used by Third Party Vendor *

German Airport's Websites, Administration Bodies, and Financial Sector Organizations Suffers DDoS Attack *

New Mimic Ransomware Uses 'Everything' Windows Search Tool to Encrypt Files *

The CISA of Federal Organizations Breached Using Legit Remote Desktop Software *

Phishing Campaigns Employ New Python RAT Malware to Target Windows *

Threat Actors Leveraging Critical Realtek SDK Flaw in Millions of Attacks *

North Korean Hackers Actively Harvesting Credentials in the Latest Cyberattacks *

Zacks Investment Research Security Breach Affects 820,000 Customers *

Researchers Found Threat Actors Abusing Google Ads to Spread Malware *

DragonSpark Attackers Group Use Golang Malware to Evade Detection *

Several Microsoft Services Including Teams, Outlook, Store Stop Responding: Microsoft Probes Outage *

Arm Mali GPU Vulnerability Leads to Arbitrary Kernel Code Execution and Root on Pixel 6 Phones *

A Vulnerability in Diksha App Exposed Personal Information of Millions of Indian Teachers and Students *

Zendesk Suffered Data Breach After its Employee Fell into Phishing Attack *

Security Researchers Disclosed Two Security Flaws in Samsung's Galaxy Store App for Android *

Apple Backported Security Patches for Zero-Day Vulnerability in Older iPhone and iPad Models *

Nunavut Energy Supplier Qulliq Energy Corporation Suffered a Cyberattack *

Roaming Mantis Adds New DNS Changer to its Android Malware to Hack WiFi Routers *

Costa Rica's Ministry of Public Works and Transport (MOPT) Hit by Ransomware Attack *

Riot Games’ Development Environment Compromised Via Social Engineering Attacks *

Drupal Patches Vulnerabilities that Lead to Information Disclosure *

Chinese Hackers Leverages a Fortinet Flaw as a Zero-day Exploit to Drop Malware *

Hackers Actively Using OneNote Attachments to Spread Malware *

Researchers Dismantle Massive Ad-fraud Operation Dubbed 'Vastflux' *

Over 19,000 End-of-life Cisco Routers Vulnerable to RCE Attacks *

The Windows 10 KB5019275 Preview Update Comprises 14 Fixes *

Vulnerabilities of Critical Significance OpenText Enterprise Content Management System Patched *

Gamaredon Company Utilizes Telegram to Launch Cyberattacks Against Ukraine *

Hackers May Abuse GitHub Codespaces Functionality to Host and Disseminate Malware *

Researchers Discovered a New Banking Trojan Hook with RAT Capabilities *

Researchers Discovered a Critical RCE Flaw Dubbed EmojiDeploy in Microsoft Azure Services *

T-Mobile Disclosed Data Breach Affecting 37 Million Customers' Personal Information *

Attackers Hacked 34,942 PayPal Users Accounts in Credential Stuffing Attack *

Cisco Announced Patches for a High-Severity SQL Injection Vulnerability in Unified CM and CM SME *

Oracle Addresses 327 Security Vulnerabilities in its January 2023 Critical Patch Update *

HR Management Platform Myrocket.co Exposed Personal Information of Millions of Job Candidates *

CERT Coordination Center Disclosed Critical Security Flaws in Netcomm and TP-Link Routers *

Researcher Found NjRAT Trojan Being Distributed Via New Earth Bogle Campaign *

MailChimp Suffers a Breach After Attackers Gained Employee Credentials *

CISA Alerts on Vulnerabilities in Siemens, GE Digital, and Contec ICS Products *

Researchers Warn of Critical RCE Vulnerability in Zoho ManageEngine Products *

Nissan North America Suffers Data Breach Due to Poorly Configured Third-Party Vendor Database *

Microsoft Azure Services were Vulnerable to Unauthorized Access to Cloud Resources *

Git Patched Two Critical Severity Security Flaws that Allow Hackers to Execute Arbitrary Code *

Threat Actor ‘Lolip0p’ Uploaded Three Malicious Packages on PyPi Platform *

ODIN Intelligence's Website Defaced and Breached *

DNV's ShipManager Software Suffers a Ransomware Attack Affecting Thousands of Shipping *

Vice Society Ransomware Gang Leaked Sensitive Data from University of Duisburg-Essen *

Hackers Leaked Sensitive Files From San Francisco Transit Police Online *

Researcher Found Android TV Box with Pre-installed Malware *

Cryptocurrency Wallet Provider MetaMask Warns Users of a New Address Poisoning Scam *

Majority of Cacti Servers Found Unpatched against Critical Vulnerability Resulting in Attacks *

The Website of Canada's Largest Alcohol Retailer Hacked to Steal Credit Card Information *

Researchers Found CircleCI Security Incident was Caused by Info-Stealing Malware *

Hackers Breached NortonLifeLocks's Password Manager Accounts *

Polyglot Files are Used by Cybercriminals to Distribute Malware Undetected *

WordPress Plugins Found Vulnerable to Critical SQL Injection Flaws along with PoCs *

Researchers Found EyeSpy Malware Being Spread Via Trojanized VPN Installers *

Attackers Exploiting a Patched FortiOS SSL-VPN Zero-day Vulnerability Against Government Networks *

IcedID Malware Attack Compromised Active Directory Domain *

Researchers Found Hackers Actively Exploiting a Critical Flaw in Control Web Panel *

Cisco Discovers Three Vulnerabilities in Asus Router Software *

Researchers Disclosed SymStealer Security Vulnerability in Google Chrome and Chromium-Based Browser *

Australia's Fire Rescue Victoria Suffers Data Breach Claimed by Vice Society Ransomware Gang *

Gootkit Loader Abuses VLC Media Player to Infect Australian Healthcare Organizations *

Google Released Chrome 109 to Fix 17 Vulnerabilities *

New Advanced Threat Actor Dark Pink Using Custom Malware Against Government and Military Entities *

Cisco Warns About Critical Auth Bypass Vulnerability Found in End-of-Life Routers *

Scattered Spider Threat Actors Employing Vulnerable Intel Drivers to Evade Detection *

UK's Leading Mail Delivery Service Royal Mail Suffers Severe Service Disruption Following Cyberattack *

CISA Adds Two More Security Flaws to its Known Exploited Vulnerabilities Catalog *

Security Researchers Found Cryptographic Weaknesses in Threema Messaging App *

Zoom Fixes Multiple Flaws Exposing Windows and macOS Users *

Iowa's Largest School District Des Moines Public School Hit by Cyberattack *

StrongPity Hackers Targeted Android Users with a Trojanized Version of Telegram App *

Over 1,300 Fake AnyDesk Sites Found Delivering Info-Stealing Vidar Malware *

Auth0 Project Releases a Patch for RCE Flaw in the JsonWebToken Library *

Scammers Abusing Open Redirect on the UK DEFRA Website to Redirect Visitors to Fake Dating Sites *

Hackers Breached Kubernetes Clusters as Part of a Malware Campaign Via PostgreSQL Database *

CISA Alerts on High-Severity Vulnerabilities Affecting Hitachi Energy Products *

Russian Threat Group Cold River Targets Three US Nuclear Research Laboratories *

Attackers Spreading NetSupport Malware Masquerading as Pokemon Card Game to Infect Users *

MedStar Mobile Healthcare Suffers Ransomware Attack Affecting 612,000 Customers *

Threat Actors Using CAPTCHA Bypass Tactics on GitHub in Freejacking Campaign *

Hackers Bypass Firewalls Restrictions Using CloudFlare Tunnels *

Air France and KLM Suffers Data Breach; Several Customers Accounts Hacked *

Fast Food Restaurant Chain 'Chick-fil-A' Suffers Data Breach *

Rackspace's Customer Data Accessed in Ransomware Attack *

Microsoft Releases Temporary Patch for ODBC Database Connection Issues *

A New Variant of Dridex Malware Actively Attacking Windows OS and macOS Systems *

CircleCI Releases a Security Alert to Warn Users about Cyber Attack *

Bluebottle Hackers Attacked Banks Using Signed Windows Drivers *

Database of Cricketsocial.com Exposed Private Customer Data and Administrator Credentials *

Five Guys Burger Chain Suffers Data Breach Impacting Job Applicants *

Researchers Found Sudden Increase in SpyNote Android Malware Infection Rates *

New SHC-Compiled Linux Malware Found Installing Cryptominers and DDoS Bots *

Multi-Flaw Updates are Released for Qualcomm Chipsets and Lenovo ThinkPad *

Zoho Patches a Critical SQL Injection Vulnerability in its ManageEngine Products *

Multiple Car Brand's API Flaws Exposed Owner's Personal Data *

Fortinet Released Patches for High-Severity Vulnerabilities Found in FortiADC and FortiTester *

LockBit Ransomware Group Claims Ransomware Attack on Los Angeles Housing Authority *

Royal Ransomware Group Claims Data Breach Attack on Queensland University of Technology *

Threat Actors Using Stolen Information of Colombian Bank Customers as Lures in Phishing Emails *

Synology Fixed Critical Vulnerability in VPN Plus Server Software *

PyTorch Admins Reveals About Malicious PyTorch-nightly Dependency *

Bristol Community College Hit by Ransomware Attack *

A Telekom Malaysia Company Suffers a Data Breach Affecting Over 250,000 Customer Accounts *

Scripps Health Agrees to Pay $3.5 million to the Victims Affected in the 2021 Data Breach *

Jakks Pacific Toy Production’s Servers Suffers Ransomware Attack, Hive and BackCat Group Leak Data *

Royal Ransomware Group Claims Cyber attack on Iowa’s Public Broadcasting Network *

The LockBit Ransomware Gang Claims Cyberattack on Port of Lisbon in Portugal *

CISA Warns of Vulnerabilities Impacting TIBCO Software's JasperReports Product *

A Canadian Mining Firm Shuts Down a Mill After it was Attacked by Ransomware *

WordPress Sites are Being Backdoored by New Linux Malware Using 30 Plugin Exploits *

Cert-In Warns Indian Users on LastPass Data Breach and NetApp OnCommandInsight Vulnerability *

Anonymous Twitter User Published 10,000 API Keys of Crypto Trading Platform 3Commas *

CISA Warns of Several Vulnerabilities in Rockwell Automation Controllers *

Royal Ransomware Gang Claims Responsibility for Cyberattack on Telecom Company Intrado *

NETGEAR Fixes a High Severity Vulnerability Affecting Multiple Models of its Wi-Fi Routers *

Hackers Moved their Initial Infection Vector Towards Malicious Excel Add-in Files *

Attackers Abusing Google Ads to Spread Trojanized Software Products *

Hive Ransomware Claims Attack on Louisiana Hospital Impacting 270,000 Patients *

Citrix Patches Critical Severity Vulnerabilities in its ADC and Gateway Servers *

Sargent and Lundy Energy Firm Suffered a Data Breach that Impacted Personal Information of 6,900 Individuals *

A Hacker Claims to have Stolen Data of 30 Million Indian Railways Users *

New YouTube Bot Malware Found Stealing Sensitive Data *

North Korean Lazarus APT Group Targeting NFT Investors in Phishing Campaign *

BlueNoroff Threat Actors Adopted New Techniques to Bypass Windows MotW Protection *

Researchers Found a Password Vulnerability in ZyXEL Indoor Routers *

BTC.com Suffers a Cyberattack Losing Cryptocurrency Worth $3 Million *

New GuLoader Malware Found Adopting New Anti Analysis Techniques to Evade Detection *

Hackers Targeted Bitkeep Wallet Users in Cryptojacking and Drained $8M in Assets *

Researchers Warn of Critical Linux Kernel Vulnerability Affecting SMB Servers Enabled with ksmbd *

Cincinnati State Technical Community College Suffers a Cybersecurity Breach *

Researchers Disclosed a High-Severity Flaw in Kyverno’s Container Image Signature Verification Mechanism *

Researchers Discovered Critical Authentication Bypass Vulnerability in Ghost CMS *

Microsoft Silently Fixed Cross Tenant Network Bypass Flaw in its Azure Container Service *

Researchers Uncover W4SP Stealer in Multiple PyPI Packages Under Various Names *

Threat Actors Deploy New Info-stealer Malware to Infect Software Pirates *

Hackers Actively Exploit WordPress Gift Card Plugin with 50K Installations *

Researchers Warn Indian Officials About Kavach 2FA Phishing Attacks *

Widespread 2FA Bypass Attacks Hit Comcast Xfinity Accounts *

LastPass Suffers a Data Breach Exposing Customer Vault Data *

FIN7 Hackers Use an Auto-Attack Platform to Breach Vulnerable Exchange Servers *

A Hacker Leaked Customer Data of Betting Firm BetMGM on Hacking Forum *

Researchers Disclosed Multiple High-Severity Flaws in Password Management Solution Passwordstate *

The Zerobot Botnet is added with New Capabilities and Exploits New Vulnerabilities *

Researchers Discovered Banking Trojan 'GodFather' Targeting 400 Banks and Crypto Exchanges Applications *

Hackers Gained Profit from Hacking JFK Airport's Taxi Dispatch System *

Hackers Targeted Telecom and Government Systems with Raspberry Robin Worm *

Attackers Hacked Private GitHub Repositories of Okta Company *

Researchers Found Malicious Packages with 'W4SP' Info-Stealer Malware on PyPi Platform *

Hackers Targeting Brazilian Banking Users with New Android Trojan BrasDex *

Security Researchers Suspect KMSdBot Botnet Offering DDoS-for-Hire Services for Attackers *

Researchers Found New Microsoft Exchange Exploit Used by Play Ransomware to Breach Servers *

Phishing Sites Distributing DarkTortilla Malware *

Researchers Found Fake Malicious ‘SentinelOne’ Package on PyPi Repository *

Meta Platforms Took Down Fake Accounts Operated by Nearly 200 Spyware Vendors Across the Globe *

Play Ransomware Gang Claims Cyberattack on Hotel Chain 'H-Hotels' *

Microsoft Reclassified a Windows Vulnerability as Critical Severity *

Department of Healthcare and Human Services Reports Data of 254K Patients Being Compromised *

Colombian Energy Company EPM Hit by BlackCat Ransomware Attack *

CRM Platform SevenRooms Suffers Data Breach Exposing Customers’ Information *

Samba Releases Security Updates to Address Multiple High Severity Vulnerabilities *

After Being Disrupted by Google, Glupteba Malware is Back *

FBI Warns About BEC Attacks Targeting Food Shipments *

CISA Adds Critical Veeam Backup and Replication Vulnerabilities to its Known Exploited Vulnerabilities Catalog *

Microsoft Warns New Minecraft DDoS Malware Infecting Windows, Linux and IoT Devices *

Researchers found a New MirrorStealer Malware Targeting Japanese Politicians *

Ukrainian Government Networks Breached Using Trojanized Windows 10 Installers *

New Phishing Campaign Uses Facebook Posts to Evade Email Security *

Hacker Posted Social Blade's User Data on Hacking Forum Stolen in Data Breach *

5.7M Gemini Users’ Personal Information Leaked in Third-Party Vendors’ Data Breach Incident *

FuboTV Suffers Streaming Outage Due to Cyberattack *

Australia's TPG Telecom Suffers a Data Breach Affecting 15,000 Customers *

Ransomware Hackers Using Microsoft-Signed Drivers to Access Systems *

FBI Seizes 48 Booter or Stresser Online Platforms that Used for DDoS Attacks *

Unknown Threat Actors Uploaded 144,000 Phishing Packages on NuGet, NPM, and PyPi Open-Source Package Repositories *

Microsoft Fixes the LSASS Memory Leak Flaw Affecting Windows Servers *

VMware Releases Patches for Critical Security Vulnerabilities in ESXi and vRealize *

Microsoft Patch Tuesday Security Advisory - December 2022 *

Stalkware Application Xnspy Found Stealing Data from Thousands of iPhone and Android Devices *

A New Python Backdoor Allows Hackers to Access Compromised VMware ESXi Servers Remotely *

The Global Pravasi Rishta Portal of the Indian Foreign Ministry Leaks Passport Information *

Apple Addressed New Actively Exploited Zero-Day Vulnerability in its Security Updates *

LockBit Ransomware Gang Claims Ransomware Attack on Finance Department of California *

Hive Ransomware Group Claims Attack on Knox College *

Fortinet Released Emergency Patch for Already Exploited FortiOS SSL-VPN Vulnerability *

Nearly 360,000 Individuals' Information was Affected in Ontario COVID-19 Vaccine Data Breach *

A Cryptocurrency Mining Campaign Infects Linux Users with Go-Based Malware Called CHAOS *

Uber Suffers a Data Breach After an Attack on its Third-Party Vendor *

An Iran-Backed MuddyWater Campaign Abuses the Syncro Remote Administration Tool *

Australian Telecom Firm Telstra Apologizes for Data Leak that Exposed 130,000 Customer's Data *

Air Gapped PCs Highly Vulnerable to Data Theft via Power Supply Radiation *

Rackspace Issues a Phishing Warning Following a Ransomware Incident *

Cisco Warns Companies of High Severity Unpatched Flaw Affecting IP Phones Firmware Globally *

Researchers Disclose a Novel Attack Method to Bypass Popular Web Application Firewalls *

An Updated TrueBot Variant Exploiting the Netwrix Auditor Bug and the Raspberry Robin Worm *

Researchers Discover Drokbk a New Malware that Leverages GitHub as a Dead Drop Resolver *

Iranian Hackers Target the Diamond Industry with Fantasy Data-Wiping Malware *

Formbook Malware is Distributed via Trojanized OneNote Document *

Hive Ransomware Group Targeted French Sports Brand Intersport *

CommonSpirit Health Suffered Ransomware Attack that Exposed Data of 623,000 Patients *

Cisco Discloses a High Severity Vulnerability Affecting its IP Phones 7800 and 8800 Series *

New Zerobot Malware Leveraging more than 21 Flaws in Zyxel Firewalls, F5 BIG-IP, D-Link Routers *

Compromised WordPress Plugins Redirect Website Visitors to Push Notification Scam *

Attacker Tried Over 6,000 Attempts to Hack ICMR Server *

The Vice Society Ransomware Gang Targeted more than 30 Schools in 2022 *

Hackers Breached CloudSEK's Confluence Server Using Stolen Employee Credentials *

Attackers found Vulnerability in SiriusXM Platform to Unlock and Start Cars Remotely *

Amnesty International Canada was Allegedly Targeted in Cyberattack by Beijing *

Researchers Discovered Largest Dark Web "In The Box" *

Antwerp's Digital Partner Suffered a Cyberattack Disrupting the City's Digital Services *

VTB Bank, Russia's Second Largest Financial Institution, Suffers Massive DDoS Attack *

Hackers Selling Personal Data Of 150,000 Patients of Tamil Nadu's Sree Saran Medical Centre *

The André-Mignot Teaching Hospital in France Suffers a Ransomware Attack *

A Chain of Three Harmless Linux Vulnerabilities could Allow Hackers to Gain Full Root Privileges *

A Vulnerability in IBM Cloud Databases for PostgreSQL Allows Unauthorized Access *

Researchers Found Malicious Android Apps with More than Two Million Downloads on Google Play Store *

New Zealand Health Insurer Accuro Suffered a Cyberattack Affecting 34,000 Customers’ Data *

North Korean Hacking Group Using New and Fake Crypto Apps to Breach Networks and Steal Cryptocurrency *

Google Fixes a Ninth Zero Day Vulnerability in its Chrome Browser Update *

The Previously Undocumented Data Wiper CryWiper Masquerades as a Ransomware *

Attackers Targeting Unpatched Redis Servers to Drop New Redigo Backdoor *

Multiple Platform Certificates Used by Android OEM Device Vendors used to Digitally Sign the Malware *

Colombian Healthcare Provider Keralty Suffers Ransomware Attack that Disrupts its Operations *

The Schoolyard Bully Malware Infected more than 300,000 Devices to Harvest Facebook Account Credentials *

New DuckLogs Malware-as-a-Service Found to Be Used By Thousands of Cybercriminals *

Researchers Found Some NPM Tools Fail to Display Security Flaws *

NVIDIA Patches Critical GPU Display Driver Vulnerabilities in Windows and Linux *

North Korean Attackers Using New Dolphin Backdoor to Spy on South Korean Targets *

Google Released Chrome 108 to Fix High-Severity Memory Safety Vulnerabilities *

Hackers Breached GoTo's Dev Environment and Cloud Storage; Impacting its Affiliate 'LastPass' *

Researcher found Outdated OpenSSL used in Dell, HP, and Lenovo Devices *

Hive Ransomware Claims Responsibility for Attack on Guilford College in North Carolina *

Attackers using Trigona Ransomware in Increasing Worldwide Attacks *

Malicious Android App 'Symoo' Detected with 100,000 Installs on Google Play Store *

Lanner Patched Over a Dozen BMC Firmware Vulnerabilities *

Southampton County in Virginia Disclosed Theft of Individuals' Personal Information Following Ransomware Attack *

Acer Releases Patches for High Severity Vulnerability Allowing to Disable Secure Boot *

Scammers Used FC Barcelona's Website Domain for Third-Party Fraud Campaign *

Over 5.4 Million Twitter Users' Records are Freely Available on a Hacking Forum *

Researchers Discovered A Critical Remote Code Execution Vulnerability in Windows Internet Key Exchange *

A Ransomware Group Aimed at Belgian Municipality But Hits the Police Instead *

New Ransomware Attacks Targeting Ukraine Organizations Linked to Russian Sandworm Group *

Google Patches a Zero-Day Vulnerability in its Chrome Browser Update *

The Vice Society Ransomware Group Claims Responsibility of Attack on Cincinnati State College *

Hackers Target Windows Gamers with Miners and Info-Stealers via Fake MSI Afterburner *

Researchers Detected New Stealthy Variant of RansomExx Ransomware Developed Using Rust Programming Language *

Hackers Included Spyware in New Variants of SoftVPN and OpenVPN Trojan Software *

Millions of Android Devices Require Patches for ARM Mali GPU Vulnerabilities *

Ducktail Threat Actors Targeting Facebook Business Accounts via WhatsApp *

Security Researchers Disclosed a Cross-Tenant Vulnerability in AWS AppSync Service *

Pro-Russian Hackers Claim Responsibility for DDoS Attack on European Parliament Website *

Delhi's AIIMS Server Suffers a Cyberattack Disrupting Patient Care Services *

Issue in Sophos and McAfee Scanning Engines results in Bypass of Cisco Secure Email Gateway Filter *

Researchers found Sudden Spike in World Cup-Themed Phishing Emails *

The Sharkbot Banking Trojan Distributed via Fake Android File Managers *

Threat Actors Targeted Discontinued Boa Web Servers to Infiltrate Energy Organizations *

More than 1500 Mobile Applications Leaking Algolia API Keys *

An Info-Stealing Google Chrome Extension 'VenomSoftX' is Used to Steal Cryptocurrency and Passwords *

Researchers Found Cybercriminals Increasingly Adopted Aurora Infostealer Malware in their Operations *

Attackers Trying to Bypass 2FA of Crypto Exchange Platforms Via Team Viewer and Fake Support Chat *

Hacking Group Daixin Team Claims to have Stolen 5 Million AirAsia Passengers' and Employees' Data *

DraftKings’ Customers Suffer Credential Stuffing Attack Resulting in Loss of $300,000 *

New AXLocker Ransomware Group Stealing Discord Accounts of Infected Users *

Attackers Using Google Ads to Spread Royal Ransomware *

New Variants of LodaRAT Malware are Being Deployed in Conjunction with Other Sophisticated Malwares *

Hackers Employing a Windows Zero-day Vulnerability to Deploy QBot Malware *

Indian Central Depository Services Limited Reveals About its Network Being Compromised by Malware *

Over 22000 Students Targeted in Credential Phishing Attack Impersonating Instagram *

Critical Omron PLC Vulnerability Exploited by Sophisticated Malware Targeting Industrial Control Systems *

Atlassian Fixes Critical Vulnerabilities in Crowd Server and Bitbucket Server *

Samba Addresses Vulnerability Resulting in DoS Attacks and Remote Code Execution *

Chinese Hackers Deliver Custom Malware to Government Organizations via Google Drive *

Previously Unknown ARCrypter Ransomware Expanding its Attacks Worldwide *

Researchers Discovered a New Version of RapperBot Malware Targeting Gaming Servers *

Researchers Discovered a Phishing Kit Impersonating Well-Known Brands to Target US Consumers *

Attackers Abusing a DLL Hijacking Flaw in the Windows 10 Control Panel to Infect Systems *

Disneyland Cybercrime Group Uses Punycode to Spoof Popular Bank Brands` *

F5 Addresses Several Security Flaws and Issues in its Products *

CISA Revealed About Federal Agency Being Hacked by Iranian Hackers Using Log4Shell Exploit *

Pro-Russian Hackers Claim Responsibility for DDoS Attack on FBI Websites *

Mozilla Announced the Release of Firefox 107 with Patches of High Impact Vulnerabilities *

Hundreds of Amazon RDS Instances Leak Users’ Personal Information *

PCspooF Vulnerability in TTE Affecting Network Technology used in Aircraft and Spacecraft *

State-Sponsored Chinese Hacking Group Targeting Government and Defense Organizations in Asian Countries *

Security Researchers Disclosed Details of Security Flaws in Zendesk Analytics Service *

Spotify's Backstage Developer Platform is Vulnerable to Critical RCE Flaw *

Researchers Discovered New Version of DTrack Backdoor Targeting European Organizations *

Researchers Discovered New KmsdBot Malware Mining Cryptocurrency and Launching DDoS Attacks *

'Fangxiao' A Malicious For-Profit Group Uses 42,000 Sites for Brand Impersonation Scheme *

Researchers Identified an Information Disclosure Vulnerability in Aiphone Intercom Products *

Russian Hackers Infected Ukrainian Organizations with New Somnia Ransomware *

New Phishing Campaign Targeting Spain Taxpayers to Steal Bank Details *

Cisco Addresses 33 Vulnerabilities in its Enterprise Firewall Products *

Foxit Patches Four Code Execution Vulnerabilities in its PDF Reader *

A New Extortion Scam Threatens to Leak Websites Sensitive Information Globally *

A 24 Hour Outage has Rendered Royal Mail Tracking Unavailable *

Sobeys a Canadian Food Retail Giant Hit by Black Basta Ransomware *

New Android Spyware BadBazaar Linked to Chinese Cyberspies *

Two Malicious Android Apps Spotted Distributing Xenomorph Banking Trojan *

US Confiscates 18 Domains Used for Recruiting Money Mules *

New Version of IceXLoader Malware is Dropped Via Phishing Emails *

Threat Group ‘Worok’ Concealing New Information-Stealing Malware in PNGs *

Android Spymax RAT Malware Targets the Indian Defense Forces *

Lenovo Fixes High Severity Vulnerabilities Allowing Attackers to Deactivate UEFI Secure Boot *

New Information-Stealing Malware StrelaStealer Targeted Outlook and Thunderbird Accounts *

Intel and AMD Addresses Multiple Vulnerabilities in its Patch Tuesday Updates *

SAP Released Patches for Critical BusinessObjects and SAPUI5 Vulnerabilities *

Massive Google SEO Poisoning Campaign Hacks 15,000 Sites *

LockBit 3.0 Ransomware Distributing Amadey Bot Malware Via Phishing Emails *

Cloud9 Chrome Botnet Using Malicious Extensions to Remotely Control Victim's Browsers *

Citrix Patches a Critical Authentication Bypass Vulnerability in its ADC and Gateway Product *

VMware Patches Three Critical Vulnerabilities in Workspace ONE Assist *

Siemens and Schneider Electric Addresses Several Security Vulnerabilities in its Products *

SocGholish Operators Expands its Malware Staging Infrastructure to Counter Defenders *

Cyberattack on PNORS Technology Leads to the Breach of Victorian School Students' Health Records *

The Largest Canadian Food Company Maple Leaf Foods Encountered Cyberattack *

The Robin Banks Phishing-as-a-Service (PhaaS) Platform Back to Steal Bank Accounts *

Hackers Abusing Microsoft Dynamic 365 Customer Voice in Phishing Attack *

CISA Warns About Critical Vulnerabilities in Three ICS Software *

Apple Releases Xcode Update to Patch Git Vulnerabilities *

Verified Twitter Users are Targeted by New Phishing Attack *

New Crimson Kingsnake Group Impersonating Law Firms in Business Email Compromise BEC Attacks *

Indian Government Employees are Being Targeted by a New Malware Campaign *

Users Across the Globe are Facing Issues in Accessing Twitter *

RomCom RAT Malware Distributed via Websites Impersonates SolarWinds NPM, KeePass, Veeam Software *

LockBit Ransomware Gang Claims Cyberattack Against German Manufacturing Company Continental *

Cisco Fixed High-Severity Vulnerabilities in Email, Identity, and Web Security Products *

ALMA Radio Telescope Suffers Cyberattack Forcing it to Suspend All Operations *

Splunk Addresses 9 High-Severity Vulnerabilities in its Enterprise Product *

Fortinet Fixed 6 High-Severity Vulnerabilities in its Multiple Products *

Researchers Disclosed Multiple Vulnerabilities in Checkmk's IT Infrastructure Monitoring Software *

Threat Actor Distributing Malware Via Hundreds of U.S. News Sites *

Malicious PyPI Packages Found Dropping 'W4SP' Info-Stealing Malware *

Infamous Emotet Malware Resumed its Operation After Five-Month Break *

Vodafone Italy Disclosed Data Breach After their Reseller FourB Hit by Cyberattack *

Hacker Steals 130 GitHub Repositories from Dropbox in Data Breach *

Malicious VPN Application Infects Android Users with SandStrike Spyware *

Malicious Android Apps Downloaded Over One Million Times Spotted on Google Play Store *

OpenSSL Releases Patches to Fix Two High Severity Vulnerabilities in Open-Source Library *

Microsoft Fixed a Critical RCE Vulnerability Detected in Azure Cosmos DB Jupyter Notebooks *

Cyberattack on Air New Zealand Compromises Multiple User Accounts *

Threat Actors Abusing Antivirus Software to Drop LODEINFO Malware Targeting Japanese Organizations *

Australian Defense Contractor Suffers Ransomware Attack *

Researchers Discovered a Security Vulnerability in Galaxy Store App for Samsung *

Label Printing Giant Multi-Color Corporation Confirmed Data Breach *

Bed Bath & Beyond Inc Suffers a Data Breach *

U.S. Bank Reveals Data Leak Affecting 11,000 Customers *

See Tickets Suffers a Major Card Data Breach Lasting for 2.5 Years *

Michigan Medicine Suffered Data Breach Impacting 33K Patients *

ConnectWise Fixes the RCE Flaw that Left Thousands of Servers Vulnerable to Attacks *

Twilio, A Cloud Communications Company Discloses Another Data Breach *

Google Patches the Seventh Zero-Day Vulnerability in its Chrome Browser *

Cyberattack on Aurubis Forces IT Systems to Shut Down *

Researchers Discover Android Malware Droppers on Google Play with 130K Installations *

Threat Actors using Clop Ransomware to Encrypt Devices Previously Infected with Raspberry Robin Worm *

The Latest Fodcha Botnet Featuring Ransom Demands has Emerged *

Drinik Android Malware Impersonating Official Tax Management Tool Targeting Users of 18 Indian Banks *

Australian Clinical Labs Disclosed Data Breach After Months of Data Leak Post *

Microsoft Fixed Sync Issue in the Vulnerable Driver Blocklist *

Medibank Confirms Hackers had Accessed the Customer's Personal Information During Ransomware Attack *

New Version of FurBall Android Malware Used for Spying Iranian Citizens *

Advocate Aurora Health (AAH) Suffers Data Breach that Exposing Data of 3 Million Patients *

Ursnif Malware Switches from Stealing Bank Accounts to Gaining Access to Computers *

Hackers Exploit Microsoft Azure SFX Vulnerability to Hijack Service Fabric Clusters *

Apache Patched RCE Vulnerability in its Open-Source Commons Text Library *

WordPress Fixed 16 Vulnerabilities with Security Update 6.0.3 *

Researchers Uncovered a Previously Undetected PowerShell Backdoor Infected Over 60 Users *

Microsoft Suffers Data Breach Due to Misconfigured Server that Exposes Customers’ Information Online *

Cobalt Strike Releases Out-of-Band Security Update for Critical RCE Vulnerability *

DiceyF Attackers Deploying GamePlayerFramework in Attacks Against Asian Casinos *

Hackers Targeted Hong Kong Government Agency's Network in a Year-Long Campaign *

Ransom Cartel Ransomware Shares Similar Traits with the Notorious REvil Ransomware *

Black Basta Ransomware Gang Employing Qakbot to Drop Brute Ratel C4 Framework *

MyDeal Suffers Data Breach where 2.2 Million Customers' Personal Information was Stolen *

Australia's Largest Health Insurance Company Medibank Suffers Ransomware Attack *

A Zero-Day Vulnerability in Windows Mark of the Web Receives Free Unofficial Patch *

End of Life for Over 45,000 VMware ESXi Servers *

Venus Ransomware Encrypting Windows Devices via Publicly Exposed Remote Desktop Services *

New PHP Version of Ducktail Malware Targeting Facebook Business Accounts *

Zimbra Zero-Day Vulnerability Leveraged to Compromise Over 900 Servers *

Microsoft Researchers Discovered A New Prestige Ransomware Targeting Organizations in Ukraine and Poland *

Colombian Govt Suffers Data Leak Exposing Secret Australian Police Agents *

India's Largest Electric Utility Company Tata Power Hit by Cyberattack *

Microsoft Office 365 Could Expose the Content of Messages due to Vulnerable Email Encryption Mode *

Hackers Distributing Android Banking Malware Copybara Via TOAD Tactics *

Magniber Ransomware Target Windows Users Via Fake Antivirus and Security Updates *

A Critical Flaw in Siemens SIMATIC PLCs Allows Hackers to Steal Cryptographic Keys *

Cloudflare Mitigates Largest DDoS Attack Aimed at Gaming Platform Minecraft's Server *

Windows, MacOS, and Linux Systems Targeted by New Alchimist Attack Framework *

Scammers Abusing Google Forms in New Covid-19-Themed Phishing Campaign *

Unofficial WhatsApp Application 'YoWhatsApp' is Stealing User's Account *

Hackers Creating Typo-Squatted Clone Packages to Trick Developers for Supply Chain Attacks *

Aruba Addressed Critical RCE and Authentication Bypass Bugs in its EdgeConnect Enterprise Orchestrator *

POLONIUM Threat Group Uses Creepy Malware in Cyber Espionage Against Israeli Organizations *

Microsoft Exchange Servers Targeted to Drop Lockbit Ransomware *

Researchers Warn of a Critical RCE Vulnerability in VM2 Sandbox Library *

Adobe Fixes Critical Flaws in ColdFusion, Adobe Commerce and Other Products *

Microsoft Patch Tuesday Security Advisory - October 2022 *

Caffeine, a Phishing-as-a-Service Platform Makes it Easy to Launch Phishing Attacks *

Researchers Disclosed New Emotet's Delivery and Evasion Techniques *

Toyota's Access Key Mistakenly Exposed on GitHub Leaking Customer Data *

Pro-Russian Hackers Take Down US Airports' Websites with Large-scale DDoS Attacks *

Android Security Updates for October Patches Critical Vulnerabilities *

Hackers Targeting Solana Cryptocurrency Owners via Fake Phantom Security Update *

Dark Web Carding Market BidenCash Leaks Details of 1.2 Million Stolen Credit Cards *

Source Code of Intel Alder Lake's UEFI Firmware has been Leaked *

Callback Scammers Strengthen their Social Engineering Techniques *

Taiwanese Chipmaker 'ADATA' Denies RansomHouse's Recent Data Breach Claims *

Fortinet Patches Critical Auth Bypass Flaw in FortiGate Firewalls and FortiProxy Web Proxies *

Threat Actors Actively Exploiting a Zero-Day RCE Vulnerability in Zimbra Collaboration Suite *

Eternity Hackers Group Offering New LilithBot Malware-as-a-Service Via Telegram Channel *

Newly Patched macOS Archive Utility Vulnerability Details Released *

Telstra's Third-Party Platform Suffers a Breach Exposing its Employee Information *

A New Bug found in Linux Kernel 5.19.12, Which Damages Intel Laptop Displays *

Hackers Breach the Tucson City's Network and Stolen the Information of Over 125,000 People *

Researchers Discovered New 'Maggie' Backdoor Targeted Several Microsoft SQL Servers *

Consumer Banking Company Chase Bank Suffers Outage which Affects UK Customers *

Live Chat App Comm100 Trojanized to Spread Malware in Supply Chain Attack *

US Alert: Hackers Using New Custom Malware to Steal Data from US Defense Organization *

Hackers Injecting Malicious JavaScript on Scammer's Crypto Sites to Steal Crypto Funds *

A Popular Chinese-language YouTube Channel found Distributing Malicious Tor Browser Installer *

A High-severity Vulnerability in Packagist PHP Repository could Lead to Supply Chain Attack *

Cheerscrypt a Linux-Based Ransomware Linked to Chinese Hackers *

Researchers Warn Microsoft Exchange Zero-Day Mitigation can be Bypassed for On-premise Servers *

Hackers Selling Fake Microsoft Exchange ProxyNotShell Exploits on GitHub *

BlackCat Added NJVC to its Data Leak Site *

Threat Actors Abusing Web Browser App Mode to Create Desktop Phishing Pages *

After Data Leak, Retail Chain 'DNS' Confirmed Data Breach *

CISA Adds Critical Bitbucket Server and Microsoft Exchange Vulnerabilities to Known Exploited Vulnerabilities (KEV) Catalog *

Hackers Exploiting Vulnerable WordPress Websites to Inject SolarMarker Malware *

Unknown Attacker Hacked Shangri-La Hotel Group's Customer Database *

Researchers Discovered Several Fake LinkedIn Profiles for CISOs of Large Organizations *

Cisco Fixed Several High-Severity Vulnerabilities in its Networking Software *

Lazarus Attackers Using New BYOVD Technique in Cyberattacks *

Scammers Dropping Cobalt Strike Beacons via Fake US Govt Job Offers *

Microsoft Confirms New Exchange Zero-Day Flaws are Being Exploited in Wild *

Microsoft Discovered Lazarus Hackers Weaponizing Open-Source Software *

Indian Government Swachh City Platform Suffers Data Breach *

Researchers Discovered New Zero-Day Vulnerabilities in Microsoft Exchange Being Actively Exploited in Attacks *

Hackers Using New Malware to Backdoor VMware ESXi Servers *

Hackers are Exploiting Ethernet VLAN Stacking Flaws to Launch DoS, MiTM attacks *

Researchers Uncovered New Secret Attack Campaign Targeting Military Contractor Companies *

World's Leading Business Media Brand Fast Company Hacked by Attackers *

New Chaos Malware Launches DDoS Attacks on Windows and Linux Devices *

The Internal Revenue Service Warned American about Huge Rise in Smishing Attacks *

Cybercriminals Distributing macOS Malware via Lucrative Job Offers Impersonating Crypto.com *

Optus Suffers a Breach Leading to Release of 10,200 Customer Records *

NullMixer Malware Distributed via Malicious Websites Mimicking Cracked Software *

Hackers Distributing Graphite Malware Using New Code Execution Technique *

New Info-stealing Malware Erbium Target Popular Video Games Via Fake Cracks and Cheats *

Tibetan Entities Targeted by Chinese Hacker using New LOWZERO Backdoor *

WhatsApp Patched 2 Major Zero-Day Bugs that Affect Both iOS and Android Versions *

Researchers Found 'Scylla' Ad-fraud Campaign on Google Play Store and Apple Store *

An Attack Targeting Universities, Telcos, and ISPs is Discovered by Researchers *

Android Users Targeted with Info-stealing Malware Via Fake Indian Banking Rewards Apps *

Several npm Packages Published by Crypto Exchanges have been Compromised *

Microsoft Patched Spoofing Vulnerability in Microsoft Endpoint Configuration Manager *

Microsoft SQL Servers Targeted in New TargetCompany Ransomware Attacks *

A New RCE Firewall Bug Exploited by Attackers in Sophos Firewall; Hotfix Available *

A Worldwide Outage Affects YouTube Live Streams *

GitHub Users Targeted with New Phishing Campaign *

Threat Actors Actively Exploiting Critical Magento Vulnerability *

Threat Actor Hacked Microsoft Exchange Servers to Spread Phishing Campaign *

CISA adds Critical ManageEngine RCE Bug to its Known Exploited Vulnerabilities Catalog *

Threat Actors Using LinkedIn Smart Links to Evade Detection in Phishing Campaign *

Over 39,000 Unauthenticated Redis Servers are Exposed to the Internet *

CISA Warns of Multiple Vulnerabilities Detected in the Dataprobe's Power Distribution Units *

15-year Old Python Vulnerability Affects more than 350,000 Open-source Repositories *

Oracle Addressed a Critical Vulnerability in its Cloud Infrastructure *

Hackers Steal $162 Million Worth of Digital Assets from Crypto Trading Firm Wintermute *

Attackers Hacked 2K Game's Support Platform to Infect Players with Malware *

Security Company Imperva Stopped a Long-lasting 25.3 Billion Request DDoS Attack *

Hive Ransomware Claimed Responsibility for Cyberattack on New York Racing Association *

Attack on Financial Technology Company Revolut Exposes 50,000 Users' Data *

Microsoft and VMware Alert on Chromeloader Malware Campaign *

U.S. Government Agencies Targeted with Better-Crafted Lures in Phishing Attacks *

American Airlines Suffered a Data Breach Exposing Employee and Customer Data *

Uber Accuses Contractor for Breach, Claims Lapsus$ Threat Group Behind the Cyberattack *

LastPass's Development Systems were Accessed for Four Days in a Data Breach *

Hacker Claims to have Stolen GTA 5 and 6 Source Code and Assets *

Security Researchers Found New Attacks of Notorious Hacking Group TeamTNT *

North Korean Attackers Targeted Media Companies with Malicious PuTTY SSH Client *

BlackCat and Quantum Ransomware Groups Using Emotet Malware to Deploy Payloads *

A Ransomware Attack Results in a Data Breach at New York Ambulance Service *

A Hacker Sells the Personal Information of 219,000 Starbucks Customers in Singapore *

Organizations Must Patch Stuxnet Vulnerabilities, Says CISA *

Uber's Internal Systems Breached Exposing Vulnerabilities Reports *

Threat Actors Distributing New Malware Bundle via YouTube *

Akamai Mitigates Another Record-Breaking DDoS Attack in Europe *

Hive Ransomware Takes Responsibility for the Attack Against Bell Technical Solutions *

Phishing Campaign Targeting Greek Taxpayers to Steal Victims' Passwords *

Scammers Using Queen’s Death to Steal Users' Microsoft Credentials in Phishing Attacks *

Lenovo Addressed Several BIOS Vulnerabilities in September 2022 Security Updates *

FBI Warns on Hackers Targeting Healthcare Payment Processors *

Hackers Target Nuclear and Genome Researchers Via Multi-Persona Impersonation Phishing Technique *

Hackers Compromise Software Provider Magento's in a Supply Chain Attack *

Cyber Espionage Attacks Targeting Asian Governments and Organizations *

WPGateway Zero-Day Vulnerability Actively Exploited in the Wild *

Apex One RCE Vulnerability is Actively Exploited, Warns Trend Micro *

Microsoft Patch Tuesday Security Advisory - September 2022 *

Lorenz Ransomware Gang Exploiting Mitel MiVoice VOIP Appliance Vulnerability *

Hacktivist Gang GhostSec Claims Responsibility for Compromising 55 Berghof PLCs in Israel *

Researchers Discovered New Android Banking Trojan 'Zanubis' Targeting Peru Banks *

Steam Community User Accounts are being Stolen Via New Browser-in-the-Browser Attacks *

Apple Addressed Actively Exploited Zero-Day Vulnerability in its Security Updates *

American Rental Company U-Haul Confirms Data Breach, Exposed Customers' Driving License Information *

Ransomware Developers Adopting a New Encryption Technique to Evade Detection *

Six High-Severity HP Firmware Vulnerabilities Left Unpatched For Over a Year *

Admins are Urged to Patch a High-Severity Vulnerability in ConnectWise Automate Tool *

The Lampion Malware Abusing File Sharing Service WeTransfer in Phishing Attacks *

Albania Hit by Another Cyberattack, Blamed on Iran *

5 Million Attacks Blocked Targeting Zero-Day in BackupBuddy WordPress Plugin *

Bumblebee Malware Now Using New Stealthy Infection Technique *

New Attack Technique GIFShell Used to Create Reverse Shell Using Microsoft Teams GIFs *

North Korean APT Group Lazarus Targets U.S. Energy Sector *

Iranian Threat Group DEV-0270 Abusing BitLocker Feature to Encrypt Windows Systems *

The Armed Forces General Staff Agency of Portugal Suffers a Cyberattack *

Threat Actors Found Utilizing PowerShell Empire After Initial Compromise *

New Moisha Ransomware Actively Targeting Several Organizations *

Attackers Hacked 200,000 The North Face Accounts in Credential Stuffing Attack *

Threat Group APT42 Distributing a Custom Android Spyware via SMS Phishing Campaigns *

Cisco Refuses to Patch Zero-Day Vulnerability in EoL Routers *

HP Patches a High Severity Flaw in its Support Assistant Tool *

New Linux Malware Shikitega Evade Detection Via Multi-Stage Deployment *

Ransomware Attack Hits Second Largest U.S. School District Los Angeles Unified *

Mirai Variant Moobot Botnet Targeting Vulnerable D-Link Routers *

InterContinental Hotels Group Hit by Cyberattack Disrupts IT Systems *

Zyxel Addressed a New Critical RCE Vulnerability in NAS Firmware Security Updates *

Ransomware Attackers Abusing Genshin Impact Game's Anti-Cheat Driver to Kill Antivirus *

EvilProxy Phishing Toolkit Allows Hackers to Steal Authentication Tokens to Bypass MFA *

TikTok Denies Security Breach Claims, Stating the Leaked Data is Unrelated *

QNAP Fixes a Photo Station Zero-Day Vulnerability Leveraged in Deadbolt Ransomware Attacks *

Italy’s Energy Sector Hit by BlackCat Ransomware Group *

NFL's San Francisco 49ers Confirms Data Breach; Information of 20K People Stolen *

French Clothing Store, Damart Hit by Hive Ransomware; $2 Million Ransom Demanded *

The SharkBot Malware Strikes Back to Steal Login Credentials *

Threat Actors Stole Victim Data with Prynt Stealer's Backdoor *

Internal Revenue Service Accidentally Leaked Personal Information of 120,000 Taxpayers *

Google Chrome Emergency Update Patches New Zero-Day Vulnerability *

Chilean Government Agency Hit by a New Ransomware Attack *

New Instagram Phishing Campaign Targets Thousands of Accounts Via Blue-Badge Offer *

Over 1,000 iOS Applications Detected Exposing AWS Credentials *

Famous Social Media Platform Twitter Suffers Outage, Thousands of Users Reported Connection Problems *

Ragnar Locker Ransomware Gang Claims Cyberattack Against TAP Air Portugal Airline *

Malicious Google Chrome Web Browser Extensions were Downloaded by 1.4 Million Users *

A TikTok Android App Vulnerability Enable Hackers to Hijack Accounts *

New Bug in Google Chrome Lets Websites Write to Clipboard Without User Approval *

Apple Fixed an Actively Exploited iOS Zero-Day Vulnerability in Older iPhone Models *

Microsoft Azure Outage Knocks Ubuntu Virtual Machines Offline Globally *

Russian Streaming Platform START Discloses Data Breach *

Threat Actors Hide Malware in the Images of the James Webb Telescope *

Chinese Threat Actors Actively Targeting Australian Government Via ScanBox Malware *

New Golang-based 'Agenda' Ransomware Targeting Healthcare and Education Entities *

Vodafone Idea Denies Data Breach Exposing Call Data of 20 Million Customers *

Baker & Taylor the Largest Library Solution Distribution Firm Hit by Ransomware Attack *

2.5 Million U.S Students Loan Accounts Details Exposed in Nelnet Data Breach *

Akasa Air's Data Breach Exposes Passengers' Personal Information *

Russian Attackers Employing New Malware to Hijack ADFS *

Iranian Hackers Leveraging Log4j 2 Vulnerabilities in Attacks Against Israeli Entities *

CISA Added 10 New Actively Exploited Vulnerabilities to its Catalog *

Threat Actors Exfiltrated LastPass Source Code Using a Compromised Developer Account *

The DoorDash Service Reveals a New Data Breach Linked to Twilio Hack *

Threat Actors Using the Fake "Cthulhu World" P2E Project to Spread Malware that Steals Data *

A Critical RCE Vulnerability Discovered in Atlassian Bitbucket Server *

A Database Leak in India Exposed Federal Police and Banking Records *

Researchers Identified that Over 130 Entities Hit by Okta Phishing Attack *

Canadian Manufacturing Company Bombardier Recreational Products (BRP) Hit by Cyberattack *

Phishing Campaign Targets PyPI Maintainers Leading to Hijacking of PyPI Packages *

Cisco Fixes Two High Severity Vulnerabilities Affecting its Nexus-Series Business Switches *

Mozilla Fixes Several Vulnerabilities in Firefox and Thunderbird Products *

New Evil PLC Attack Weaponizes PLCs to Hack OT and Enterprise Networks *

Researchers Found New BEC Campaign Using MITM Attack to Monitor Microsoft 365 Accounts *

Plex Alerts Users to Reset Passwords After Detecting a Data Breach *

IBM Fixes High-Severity Vulnerabilities in its MQ Messaging Middleware *

Dominican Republic's Government Agency Suffers Quantum Ransomware Attack *

Researchers Reveal 8-Year-Old Vulnerability DirtyCred Found in Linux Kernel *

Google Researchers Identified Iranian Hackers Using a New Tool to Steal Victims’ Email Data *

France Hospital Hit by a Ransomware Attack Demanded $10 Million Dollar Ransom *

Attackers Targeted Hotel and Travel Firms Via Phishing Campaigns *

Greek Natural Gas Operator DESFA Hit by Cyberattack *

GitLab Patches a Critical RCE Vulnerability Impacting its Community and Enterprise Edition *

Researchers Find RTLS Systems Vulnerable to MiTM Attacks and Location Tampering *

Scammers used Compromised PayPal Account to send Phishing Invoice Mail to PayPal Users *

Novant Health Disclosed Data Breach; Impacts 1.3 Million Patient Records *

Researchers Discovered New 'Escanor' Malware Weaponized in Microsoft Office and Adobe PDF Documents *

Grandoreiro Banking Malware Spotted Targeting Spanish and Mexican Manufacturer Employees *

CISA Warned About a Critical SAP Vulnerability Exploited in the Wild *

Researchers Detected 241 NPM and Python Packages Drop Cryptominers on Linux Systems *

Attackers Infecting Vulnerable WordPress Websites to Deliver RAT and Trojan Malware *

FBI Alert: Attackers Using Proxy and Configurations in Credential Stuffing Attacks *

Attackers Compromised General Bytes Bitcoin ATM Servers Using a Zero-Day Flaw *

Chinese APT41 Group Targeted 13 Entities Worldwide in 2021 *

Amazon Fixes a High-Severity Flaw in its Ring Application *

Cozy Bear Attackers Actively Targeting Microsoft 365 Users *

Researchers Describe Evasive DarkTortilla Crypter Used to Deliver Malware *

Threat Actors Employing Bumblebee Malware Loader to Compromise Active Directory *

Cisco Fixes a High Severity Vulnerability in Secure Web Appliance *

Google Blocked the Largest HTTPS DDoS Attack of All Time *

A New MailChimp Data Breach Exposing DigitalOcean Customers' Email Addresses *

North Korean Attackers Infecting Job Seekers with macOS Malware *

Malicious Browser Extensions Downloaded by More than 7 Million People Since 2020 *

Google Released Security Update to Address a Zero-Day Flaw in Chrome Browser *

Apple Patches Two Actively Exploited Vulnerabilities in iPhone, iPad, and macOS Security Updates *

Clop Ransomware Gang Breaches UK Water Supply Company But Misattributes the Victim *

BharatPay Suffers Data Breach Exposing 37,000 Users’ Personal and Transaction Details Online *

Hacker Loots 20,000 Items Worth $6 Million from CS:GO Trading Site *

Researchers Detected AEPIC Leak and SQUIP Bugs in Intel and AMD Processors *

Twilio Data Breach Exposed Phone Numbers of 1,900 Signal Users *

Behavioral Health Group Notifies Customers of Data Breach Affecting 198K Patients *

Malicious PyPi Packages Targeting Counter-Strike Servers with DDOS Attacks *

Argentina's Judiciary of Cordoba Suffers Play Ransomware Attack *

Security Researchers Disclosed a Security Flaw in Microsoft Signed UEFI Boot Loaders *

A New SOVA Malware Variant Now Encrypts Android Files *

Realtek eCos SDK Vulnerability Expose Multiple Routers to Remote Attacks *

CISA and FBI Alerts on Zeppelin Ransomware Attacks *

VLC Media Player Banned in India, Website and Download Link Blocked *

A Malicious MiMi Chat App Drops New Backdoor rshell on Mac, Linux Systems *

Researchers Detected Security Flaws in Xiaomi Smartphones Powered by MediaTek Chips *

Scammers Abusing Google Sites and Microsoft Azure Web App to Steal Cryptocurrency Wallets *

Zimbra Authentication Bypass Vulnerability Actively Exploited to Breach Over 1000 Email Servers *

Security Researchers Identified Critical Bugs in Device42 IT Asset Management Platform *

A Threat Actor Employs a New RAT Malware in Cuba Ransomware Operation *

Cisco Confirms Yanluowang Ransomware Group Breached its Network in May,2022 *

Cybersecurity Firm Detects Vulnerabilities in Indian Insurance Company Policybazaar *

Cisco Patched a Vulnerability which Allowed to Steal RSA Private Keys on ASA, FTD Devices *

Microsoft Linked Service Outage to Cisco Meraki Firewall's IDR False Positive Alert *

Palo Alto Networks Fixed a Security Vulnerability Detected in PAN-OS Firewall Configuration *

IBM Fixes Several Vulnerabilities in Cloud, Voice, Other Security Products *

CheckPoint Researchers Discovered Ten Malicious Python Packages Steal Developer's Credentials *

CISA Alerts Administrators on Windows and UnRAR Vulnerabilities Exploited in the Wild *

Cloudflare Also Hit by Threat Actors Responsible for Twilio Data Breach *

New Android Spyware 'Dracarys' is Distributed via Fake Signal Messaging App *

Microsoft Patch Tuesday Security Advisory - August 2022 *

Chinese Attackers Employed a New Malware to Backdoor Government and Defense Organizations *

Cloud Communications Company Twilio Discloses a Data Breach *

New Orchard Botnet Utilized Bitcoin Founder’s Account Information to Create Malicious Domains *

Email Marketing Firm Klaviyo Suffers a Data Breach *

Multinational Retail Company 7-Eleven Suffers a Cyberattack Forced to Close All Stores in Denmark *

Threat Actors Abused Hostinger’s Preview Domain Feature in Phishing Attacks *

F5 Addressed 21 Vulnerabilities in its Quarterly Security Updates *

North Korean Attackers Impersonating World's Largest Cryptocurrency Firm Coinbase to Target Fintech Industry *

Hackers Abused Snapchat and American Express Websites in Phishing Attacks *

A New Ransomware 'GwisinLocker' Encrypts Vulnerable ESXi Servers *

Slack Resets Users Passwords After a Bug Exposed Hashed Passwords *

Akamai Reports Largest Ever DDoS Attack, with 659.6 Million Packets per Second *

Cyberattack on UK Managed Service Provider Causes NHS Outage *

A Zero-Day Bug Exposes 5.4 Million Twitter Accounts *

The Association of German Chambers of Industry and Commerce (DIHK) Hit by a Cyberattack *

Over 280 Million Indian Citizens' Sensitive Data Exposed Online *

CISA Urges Users to Patch Vulnerable Zimbra Email Suites *

Community Healthcare "First Choice" Impacted by a Data Breach *

New Phishing Campaign Targeting Microsoft Email Services to Launch BEC Attacks *

Researchers Detected a Critical Vulnerability Affects 29 Models of DrayTek Vigor Routers *

Vulnerability in WordPress's Download Manager Plugin Hosted on Over 100,000 Sites has been Fixed *

Researchers Detected a New 'ParseThru' Flaw Impacts Golang-Based Applications *

NVIDIA fixed several Security Flaws in GeForce Security Update *

Google Addressed Multiple Security Vulnerabilities in Chrome Browser Updates *

Cisco Patches Critical Security Vulnerabilities in its VPN Routers *

CERT-In Identifies High Severity Vulnerabilities in Mac, iPhone, iPad, ChromeOS and Firefox Browser *

Attackers Stolen Wiseasy’s Employee Passwords to Access Nearly 140,000 Wiseasy Payment Terminals *

VMware Fixed a Critical Authentication Bypass Vulnerability Affecting its Multiple Products *

Taiwanese Websites Suffers DDoS Attacks Ahead of House Speaker Nancy Pelosi's Visit *

Google Released its Android OS Security Bulletin August 2022 *

A Major German Semiconductor Manufacturer Semikron Suffers Ransomware Attack *

Vulnerable GitHub Actions Workflow Allows Command Execution *

Over 3,200 Apps Leak Twitter API Keys Allow Hackers to Hijack Users' Twitter Accounts *

Security Researchers Detected a Directory Traversal Arbitrary File Deletion Flaw in CompleteFTP Software *

Cybersecurity Firm Halborn Warns of New MetaMask Phishing Campaign *

Microsoft Notifies About Outlook Crashing When Reading Uber Receipt Mails *

European Natural Gas Pipeline Operator 'Creos Luxembourg' Hit by BlackCat Ransomware Attack *

Subzero Malware Exploiting Windows and Adobe Vulnerabilities *

North Korean Threat Actor Deploying Malicious Browser Extensions to Spy on Email Accounts *

A Security Researcher Detected XSS Bugs in Google Cloud, DevSite, and Google Play *

LockBit Ransomware Hackers Abusing Windows Defender to Side-Load Cobalt Strike *

Researchers Discovered Giant Network of 11,000 Fake Investment Sites Targeting Europe *

OneTouchPoint Suffers a Data Breach Affecting 30 Healthcare Entities *

Android Adware Apps are being promoted by Facebook Ads *

Federal Communications Commission warned Americans about increasing Smishing Attacks *

Malicious Android Apps are Dropping Banking Malware on User Devices via Google Play Store *

LibreOffice addresses Multiple Security Vulnerabilities *

Microsoft 365 Suffers an Outage Impacting North American Admin Center *

Threat Actors Using Hacked Microsoft SQL Servers as Proxies to Steal Bandwidth *

Hackers Stealing Discord Users’ Payment Card Info Using Malicious npm Packages *

Cloud Services Have Been Disabled by a Kansas MSP to Fend Off Cyberattack *

Hackers Exploiting Nuki Smart Lock Vulnerabilities to Open Doors *

New ‘Robin Banks’ Phishing Service Targeting Customers of Financial Organizations *

Threat Actors Hacking Microsoft Exchange Servers with IIS Backdoors *

New Phishing Campaign ‘Ducktail' Aimed at Professionals on LinkedIn *

Hackers Employ Malware and Adware to Infect 28 Google Play Store Apps *

Threat Actors Hack Blockchain Music Platform 'Audius'; $6 million Stolen *

Hackers Employing WebAssembly-Coded Cryptominers to Avoid Detection *

New Version of Amadey Malware Distributed in SmokeLoader Campaign Via Software Cracks *

Hackers Leveraging GoMet Backdoor to Target an Ukrainian Software Company *

FileWave MDM Vulnerabilities Expose 1,000 Organizations to Remote Attacks *

Researchers Found CosmicStrand UEFI Malware in Gigabyte and ASUS Motherboards *

A Zero-Day Vulnerability in PrestaShop is Being Actively Exploited to Steal Customer's Payment Information *

Policybazaar Confirms a Network Breach in its IT Systems *

Atlassian Fixed Critical Bug Enables Hackers to login Unpatched Confluence and Data Center Servers *

Attackers Using DLL Side-Loading Technique to Drop QBot Malware on User Systems *

Zyxel Releases Security Patches to Fix Vulnerabilities in its Firewall Products *

Fraudsters Targeting Punjab State Power Corporation Limited (PSPCL) Consumers in New Online Scam *

A Threat Actor 'Devil' claimed to have stolen Account Data of 5.4 million Twitter Users *

Russian Attackers Breach Ukrainian Media Company TAVR Media to Spread Fake News About President Volodymyr Zelenskiy *

Konni RAT Malware is Used by North Korean Hackers to Attack European Nations *

SonicWall Immediately Patches a Critical SQL Injection Vulnerability *

Hackers Employing New ‘Lightning Framework’ Linux Malware to Install Backdoors and Rootkits *

Hackers Leveraged High-Severity Google Chrome Bug to Infect Journalists *

Cryptomining Group '8220 Gang' targeting Linux and Cloud Application Vulnerabilities *

Rouge ‘YouTube’ Google Advertisement Redirect Users to Windows Support Scams *

Oracle Addresses 349 New Security Vulnerabilities in its July 2022 Critical Patch Update *

Apple Addressed Multiple Security Vulnerabilities in its All Devices *

A New CloudMensis Spyware Targeting Apple macOS Users *

A New Cryptocurrency Scam Swindle Users Via Fake Nvidia Giveaway *

Russian SVR Attackers Employing Google Drive Cloud Services to Evade Detection *

Belgium Claims Chinese Threat Groups Targeting its Ministry of Defense and Interior Ministries *

Attackers Steal 50,000 Payment Card Details from 300 U.S. Restaurants in Web-Skimming Campaigns *

German-Based Giant Building Materials Producer Knauf Hit by Black Basta Ransomware Attack *

FBI Alerts of Fraudulent Cryptocurrency Apps used to trick U.S. Investors *

Flipkart owned Cleartrip Suffers Data Breach *

Albania Government Hit by a Massive Cyberattack Forced to Shut Down Websites and Online Services *

Windows Network File System Vulnerability Leads to Arbitrary Code Execution *

The Infamous Pegasus Spyware Infected Thailand Pro-Democracy Activists' Smartphones *

Threat Actors Comproised Popular Premint NFT Website and Stolen Nearly $375k Worth of NFTs *

Israel's Health Ministry Website Hit by a Cyberattack Prevented Access to Users from Abroad *

Microsoft 365 Service Outage Impacts Outlook and Exchange Online *

The Qakbot Trojan Malware Increased its Infection Rate with New Techniques *

Juniper Fixes Critical Vulnerabilities in Junos OS and Contrail Networking Products *

Attackers Spoofing GitHub Commit Metadata to Mask Malicious GitHub Repositories *

Colorado Springs Utilities Issued Warning to Customers After Identifying a Data Breach *

Researchers Detected a New Netwrix Auditor Flaw which Enables Hackers to Compromise Active Directory Environment *

Researchers Disclose Use-after-free Condition in Google Chrome WebGPU *

Threat Actors Using Digium Phone Software To Actively Exploit VoIP Servers *

Threat Actors Actively Exploiting Modern WPBakery Page Builder Addons Vulnerability *

Threat Actors Targeting Industrial Operators Using Trojan Horse Malware and Password Cracking Ecosystem *

DDoS Attacks by the Mantis Botnet Hit Hundreds of Cloudflare Users *

Microsoft Attributed Holy Ghost Ransomware Operation to North Korean Attackers *

Pakistani Hackers Targeting Indian Students in a New Spear-Phishing Email Campaign *

Hackers Targeting PayPal Users Using Phishing Kit Installed on Hacked WordPress Sites *

Nation-State Hacking Groups Targeting Journalists in Espionage and Malware Campaign *

New Retbleed Speculative Execution Attacks Impacts Intel and AMD Processors *

Famous Social Media Site, Twitter Suffers Outage; Prevented Users from Posting Tweets *

SAP Fixed Multiple Security Vulnerabilities in its July 2022 Security Patch Day *

Lenovo Fixes Three UEFI Firmware Security Flaws Impacting more than 70 Product Models *

Bandai Namco Confirmed the Cyberattack and Investigating Data Leak *

Lithuanian Energy Company 'Ignitis Group' Hit by DDOS Attack *

Researcher Detected a New Android Malware 'Autolycos' on Google Play Store, Downloaded 3 Million Times *

Uniswap Lost $8 Million Worth of Ethereum Crypto in Large-Scale Phishing Attack *

Microsoft Uncovered the Exploit Code for macOS Sandbox Escape Vulnerability *

New Data Extortion Group 'Luna Moth' Breaching Organizations Via Fake Subscription Renewals *

Microsoft Detected AiTM Phishing Campaign Targeting Over 10,000 Entities Since 2021 *

Malaysia and Indonesia Hackers Launch Cyber War Against Indian Entities Due to Nupur Sharma's Controversial Comments *

The New York Department of Motor Vehicles (DMV) Warned of Smishing Attacks *

Siemens and Schneider Electric Addressed Several Flaws in its ICS Products *

VMware Fixes Eight-Month-Old High Severity Vulnerability in vCenter Server *

CISA Urges Federal Agencies to patch the new Windows High-Severity Vulnerability *

Adobe Fixes Critical Vulnerabilities in its Acrobat, Reader, Photoshop Products *

Microsoft Patch Tuesday Security Advisory - July 2022 *

North Korean Hackers Stole $620 Million from Axie Infinity in Spear-Phishing Attack *

India’s Central Public Works Department (CPWD) Experiencing Targeted Cyberattacks Across its Offices *

Scammers Started Phishing Campaign Targeting Amazon Prime Day-Shoppers *

Attackers Leveraging Azure VMs and GitHub Actions for Cloud-Based Cryptocurrency Mining *

A Rolling-PWN Vulnerability Enables Attackers to Start Honda Vehicle Remotely *

Hackers Disguise as Cybersecurity Companies to Trick Victims into Installing Malware *

Attackers Compromised Goa’s Water Resource Department (WRD) Server and Demanded Cryptocurrency as Ransom *

New 0mega Ransomware Gang Targeting Organizations in Double-Extortion Attacks *

A New Phishing Campaign Leveraging Follina Vulnerability to Deploy Rozena Backdoor *

Hackers Targeting Russian Users by Employing a Malicious Browser Extension *

Cisco Fixes a Critical Vulnerability in its Enterprise Communication Solutions *

Fortinet Addressed Several Security Vulnerabilities in its Multiple Products *

Mangatoon Data Breach Exposed 23 Million Accounts Information *

Microsoft Patched a Flaw Crashing Office Apps While Opening with Cloud Documents *

A Canadian Communications Firm Rogers Suffers Massive Outage Affecting Mobile Service *

New Stealthy OrBit Malware Harvesting Information from Linux Systems *

Hackers Sending Fake Copyright Complaint Emails to Deploy IcedID Banking Malware *

Hackers can Exploit Online Programming Learning Websites to Launch Remote Cyberattacks *

CuteBoi Threat Group Deploys Over 1,200 NPM Malicious Packages in Large-Scale Cryptomining Campaign *

Checkmate Ransomware Attacks Targeting QNAP NAS Devices Exposed to Internet *

Hacking and Ransomware Groups Switch from Cobalt Strike to Brute Ratel Post-Exploitation Toolkit *

Bitter APT Threat Group Still Targeting Bangladesh Military Entities *

Federal Agencies Alerted on Maui Ransomware Attacks Targeting Healthcare Entities *

OpenSSL Patches a High Severity Vulnerability in Cryptographic Library *

North American Giant IT Service Provider 'SHI' Hit by a Potential Malware Attack *

Marriott Hotels Suffers a Data Breach that Exposed 20 GB of Guests Information *

USA Professional Finance Company Suffers Data Breach Affecting Patients of 650 Healthcare Providers *

Microsoft Silently Patches the ShadowCoerce Windows NTLM Relay Vulnerability *

NPM Supply Chain Attack Employed Typosquatting Technique to Launch Supply Chain Attack *

New RedAlert Ransomware Gang Targeting Windows and Linux VMware ESXi Servers *

UK Army's YouTube and Twitter Account Hacked to Promote Crypto Scams *

Google Patches An Actively Exploited New Chrome Zero-Day Vulnerability *

Django Patches A High Severity SQL Injection Vulnerability in its New Release *

One Billion Chinese Citizens' Stolen Data is Being Sold by Hackers for Bitcoins *

Jenkins Revealed Several Zero-Day Vulnerabilities in its Multiple Plugins *

Several Flaws in Brocade SANnav Storage Area Network (SAN) Affects Multiple Major Entities *

Evilnum APT Group Makes Comeback with Updated TTPs, Targeting Fintech Entities *

Microsoft Warns of Raspberry Robin Worm Infecting Hundreds of Windows Networks Via Infected USB Drives *

A Cyberattack Over Geographical Solutions Inc. (GSI) Disrupted Unemployment Services Across the United States *

Hackers Sent Fake Suspension Notices to Verified Twitter Accounts *

Google Alerts Users about Slice Payments App which Steals Photos, Audio Records, and Call Histories *

RCE Exploit Discovered in Zoho Manage Engine AD Audit Plus Bug *

A XFiles Info-Stealing Malware Now Leveraging Follina Vulnerability in Cyberattacks *

Toll Fraud Malware Targets Android Devices by Automatically Subscribing to Premium Services *

NFT Giant OpenSea Reports Data Breach and Warned Users of Phishing Attacks *

Macmillan Publishers Suffers a Ransomware Attack; Forced to Shut Down Network *

Norway's Government Websites Suffers Multiple DDoS Attacks *

Attackers Employing New Stealthy Malware to Backdoor Microsoft Exchange Servers Worldwide *

A New Info-Stealer 'YTStealer' Targets YouTube Content Creators to Steal Authentication Tokens *

MITRE Published Top 25 Most Dangerous Software Bugs List of 2022 *

Walmart Denies Yanluowang Ransomware Attack *

CISA Urged Administrators to Patch High-Severity Linux PwnKit Vulnerability *

Microsoft Patches Azure FabricScape Vulnerability Enable Hackers to Hijack Vulnerable Linux Clusters *

Amazon Patches High Severity Security Flaw in its Android Photos Application *

A Famous Raccoon Stealer Malware Returned With New Malicious Capabilities *

Researchers Found Over 900,000 Internet-Exposed Kubernetes Instances Vulnerable to Data-Exposing Cyberattacks *

Hackers Reused Same Compromised Account Credentials of Zola Website to Gain Access to User Accounts *

Threat Actors Installing New 'ZuoRAT' Malware on Unpatched SOHO Routers *

Microsoft Released Windows 10 KB5014666 Cumulative Update Include Several Bugs Fixes and New Printing Features *

American Famous Semiconductor Company AMD Investigating RansomHouse Data Theft Claims *

Unknown Threat Actor Installed Credit Card Skimmers on Bank of the West's ATMs *

A New Android Banking Malware 'Revive' Masquerades BBVA Bank’s 2FA Application *

Chinese APT Group Compromising Building Automation Systems by Leveraging Microsoft ProxyLogon Vulnerability *

The National Institute of Standards and Technology (NIST) Issues New Guidance on Securing macOS Systems *

A Cyberattack Hit Iran’s Major Steel Companies and Forced to Stop Factory Production *

The Vice Society Ransomware Group Claims Responsibility of Attack on Medical University of Innsbruck *

A New Phishing Technique Uses Microsoft WebView2 Apps to Bypass Multi-Factor Authentication *

LockBit Ransomware Gang Infecting Users Via Fake Copyright Violation Emails *

U.S. Federal Trade Commission Warns on Extortionists Targeting LGBTQ+ Community *

Microsoft Downplays High Severity Vulnerabilities in Edge Web Browser, Affecting Over 150 Million Users *

Fast Shop, a Brazilian Retailer, Disclosed a Cyberattack Involving Extortion *

Cybercriminals leveraging Mitel Zero Day to Launch Suspected Ransomware Attack *

Malicious PyPi Python Packages Sending stolen AWS keys to Unsecured Websites *

A Japan Based Automotive Fabrics Distributor TB Kawashima Confirmed on a Cyberattack *

ISGEC Heavy Engineering Limited data is Encrypted by Hackers and They Demand Bitcoin to Decrypt It *

Automotive Hose Maker Nichirin's USA Based Subsidiary Suffers Ransomware Attack *

CISA Warns on Threat Actors Leveraging Log4Shell Vulnerability to Hack VMware Servers *

New Quantum Builder Enable Attackers to Easily Launch Malicious Windows 'LNK' Attacks *

A New Phishing Campaign Targeting Microsoft 365 Users to Steal MetaMask Recovery Phrases *

Vulnerable QNAP NAS Devices are Targeted by DeadBolt Ransomware Attacks *

Italian Spyware Vendor Infects Android and iOS Users with help of Internet Service Providers *

SMA Technologies’ Critical OpCon UNIX Agent Vulnerability Receives A Patch *

Chinese Hacking Group Disguising Cyber Espionage Operation as Ransomware Attacks *

Lithuanian NCSC Warned of an Increase in DDoS Attacks on Government Websites *

Google Fixed 14 Vulnerabilities with the release of Chrome 103 Version *

Chinese Hackers Distributing 'Nimbda' Loader Bundled in 'SMS Bomber' Tool to Install Info-Stealer Trojan Payload *

MEGA Patches Several Critical Vulnerabilities in Encryption Algorithm *

Cloudflare Suffers Massive Outage Caused by Network Configuration Error *

Icefall 56 Vulnerabilities are affecting Operational Technology Devices used in Various Industries *

New APT Group ToddyCat Targets Microsoft Exchange Servers *

Yodel Parcel Company Suffers Cyberattack Disrupting Delivery Services *

Microsoft 365 Service Outage Impacts Microsoft Exchange Online and Teams *

A New Phishing Campaign Steals Microsoft 365 Credentials Via Fake Voicemails *

New DFSCoerce NTLM Relay Attack Enables Attackers to Take Control Over Windows Domain *

RobertHalf, Global HR Firm Warns Users About Credential Stuffing Attack *

Android Banking Trojan BRATA Now Evolving Into Advance Persistence Threat *

A New Surge in ECh0raix Ransomware Attacks Detected Targeting QNAP NAS Devices *

Hackers Dropping Malicious Cobalt Strike Beacons in a New Phishing Campaign *

Cisco Confirmed on not Patching RCE Flaw in Obsolete VPN Routers *

A New 'MaliBot' Android Banking Malware Distributing as Crypto-Mining or Chrome Browser Application *

Researchers Identified Dozen of Flaws in Industrial Network Management System of Siemens *

The United States Department of Justice Dismantled Russian RSocks Botnet Infrastructure *

A Vulnerability in Cisco Appliances Allows Hackers to Bypass Authentication *

WordPress Force-Updated Ninja Forms Plugin Patch on Millions of Websites *

Chinese Hackers Exploited Sophos Firewall Zero-day Bug Weeks Before Official Patch Release *

Africa's Largest Supermarket 'Shoprite Holdings' Hit by Ransomware Attack *

Citrix Fixed Critical ADM Vulnerability in its Security Updates *

New Peer-to-Peer Panchan Botnet Compromised Several Linux Servers in Education Sector *

Public Travis CI API Logs Exposed Thousands of GitHub, AWS, Docker Tokens *

A New Side-Channel Attack 'Hertzbleed' Affects Intel and AMD Processors *

Cloudflare Detects and Mitigates Largest HTTPS DDoS Attack *

Microsoft Fixed Actively Exploited Windows MSDT Zero-Day Vulnerability in its June 2022 Security Updates *

ALPHV Ransomware Group Created a New Technique for Extortion *

Unknown Threat Group Hacked Over 500 Indian Websites, Demanding an Apology to Muslims All Over the World *

Android Adware and Info-stealing Malware Downloaded Over Two Million Times on Google Play Store *

Nonprofit Health Care Company Kaiser Permanente Confirms on Data Breach, Affected Over 69,000 Individuals *

Microsoft Patch Tuesday Security Advisory - June 2022 *

Gallium Hackers Targeting Financial and Government Organizations Using New 'PingPull' Malware *

Attackers Deploying BlackCat Ransomware on Compromised Microsoft Exchange Servers *

Threat Actors Employing a New Linux Rootkit Malware ‘Syslogk’ in Cyberattacks *

A Stealthy Linux Malware 'Symbiote' Targeting Latin American Financial Entities *

Malicious PyPI Package ‘keep’ Contains Password Stealer Due to Typographical Error *

Hello XD Ransomware Group Now Dropping a Backdoor While Encrypting Systems *

New PACMAN Hardware Attack can Bypass Pointer Authentication (PAC) in Mac Systems *

AvosLocker and Cerber2021 Ransomware Gang Actively Targeting Unpatched Atlassian Confluence Servers *

Google Fixed Several Security Vulnerabilities in Chrome Browser Updates *

Iranian Hackers Use DNS Backdoor to Attack Energy Sector *

Hackers Distributing New Info-Stealer Malware Via Pirated CCleaner Pro Software *

Several Botnets Now Exploiting Critical Atlassian Confluence RCE Vulnerability to Deploy Cryptominers *

Researchers Identified a New Chinese-Linked APT Group Spying on Organizations for 10 Years *

The New Advanced Malware 'Symbiote' Infects All Linux Processes and Steal Account Credentials *

Threat Actors Compromised US Online Gun Shops to Steal Customers' Credit Card Details *

Emotet Malware is Now Harvesting Credit Card Information from Google Chrome Browser *

Medical Service Provider 'Shields Health Care Group' Suffers a Data Breach, Exposed Over 2,000,000 People Data *

Google Fixed Several Critical Android Flaws in June 2022 Security Updates *

Hackers Abused Facebook Messenger in Large-Scale Phishing Campaign to Steal Victims' Credentials *

Two Critical U-Boot Vulnerabilities Disclosed in Linux-Based Embedded Systems *

Black Basta Ransomware Strikes Vulnerable VMware ESXi Servers *

Threat Actors Deploying New Malware 'SVCReady' Via Phishing Campaigns *

Chinese Govt Hackers Compromise US Telecommunication Companies to Snoop on Network Traffic *

Black Basta Ransomware Group Employing QBot Malware in their Operations *

Italian City of Palermo Hit by Cyberattack, Impacting Wide Range of Operations and Services *

The LockBit Ransomware Group Claims to Infiltrate Mandiant Company's Network *

Hackers Actively Exploiting Critical Windows Zero-day Vulnerability in a Phishing Campaign *

Sensitive Data of Pharmaceutical Giant 'Novartis' Exposed in a Recent Cyberattack *

WatchDog Hacker Group Mining Crytpocurency in a Newly Launched Cryptojacking Campaign *

The Android Malware 'SMSFactory' Discreetly Subscribes Users to Premium Services *

Hackers Stolen NFTs From the Bored Ape Yacht Club Via Yuga Lab's Discord Server Hack *

GitLab Patches a Critical Account Takeover Vulnerability in its Enterprise Edition *

Malware Controlling Thousands of Sites in the Parrot TDS Network Identified by Researchers *

Chinese Threat Group LuoYu Using WinDealer Malware in Man on the Side Attacks *

Foxconn's Mexico-Based Manufacturing Unit Hit by Ransomware Attack *

Microsoft Suspended Malicious OneDrive Applications Used in Polonium's Attacks *

A New Clipminer Malware Brought its Operators $1.7 Million Via Transaction Hijacking *

Hackers Actively Exploiting New Atlassian Confluence Zero-Day Vulnerability in the Wild *

Attackers Targeted Hundreds of Unsecured Elasticsearch Databases in Ransom Attack *

SideWinder APT Group Creates Fake Android VPN App on Official Google Play Store *

RuneScape-Themed Phishing Campaign Steals Users' Account Details and In-Game Item Bank PIN *

A Zero-Day Vulnerability in Windows Microsoft Office Receives Free Unofficial Patch *

Researchers Found Over 3.6 Million MySQL Servers are Exposed to Public *

Costa Rica’s Public Health Service Network Hit by Hive Ransomware Attack *

Attackers can Hijack WhatsApp Accounts Using Call Forwarding Method *

Chinese APT Hackers Actively Exploiting New Microsoft Office RCE Vulnerability in the Wild *

A New XLoader Botnet Variant Hides its C2 Servers Using Probability Method *

Zoom Released Security Patches to Fix Four Critical Vulnerabilities in its Video Conferencing App *

Cisco Researchers Discovered Several Flaws in Open Automation Software Platform *

Hackers Leveraging a New Microsoft Office Zero-Day Flaw to Run PowerShell Commands *

Austrian Federal State Carinthia Hit by BlackCat Ransomware Gang *

Attackers Employing a New WSL-Based Malware to Steal Web Browser Cookies *

EnemyBot Malware Includes New Exploits for Critical Web Servers, Content Management Systems Vulnerabilities *

FBI: Attackers Marketing Network Access Credentials for U.S. Education Institutions in Hacking Forums *

Security Researchers Released Proof-of-Concept (PoC) Exploit for Critical VMware Flaw *

Microsoft Detected Multiple Security Vulnerabilities in Android Applications *

Threat Actors Stole Around 100,000 NPM User Account Credentials in GitHub OAuth Breach *

Zyxel Fixed Multiple Security Vulnerabilities in its Products *

Windows 11 KB5014019 Patch Affects Trend Micro UMH Driver, Breaking Ransomware Protection *

Scammers Impersonating QuickBooks Support Team in Phishing Attack *

Threat Actor Leveraging Stealthy BPFDoor Malware to Infect Linux and Solaris Systems *

Microsoft Shared Guidelines to Mitigate KrbRelayUp LPE Attacks on Windows Systems *

New Linux-Based Ransomware 'Cheers' Targeting Vulnerable VMware ESXi Servers *

Researchers Detected a Rise in ChromeLoader Malware Infection Rate, Targeting Windows and Mac Systems *

Developers Warned Users to Stop Using Tails 5.0 Linux Distributions Until Next Release *

Popular Python and PHP libraries Compromised to Steal Users' Amazon AWS Keys and Credentials *

Russian Government Agencies Targeted by Fake Windows Updates Campaign *

Researchers Discovered a New Chaos Ransomware Variant *

Trend Micro Fixed a DLL Hijacking Vulnerability in its Security Solution *

Mozilla Fixed Zero-Day Vulnerabilities in its Multiple Products *

Indian Airline SpiceJet Suffers Ransomware Attack, Impacted Flight Departures *

Hackers Targeted Security Researchers with Fake Windows PoC Exploits *

US Car Manufacturer General Motors (GM) Suffers Credential Stuffing Attack, Exposed its Customers Information *

Chinese Twisted Panda APT Group Targets Russian’s Defense Institutes in Espionage Attacks *

A New Unpatched Vulnerability in PayPal Allows Hackers to Steal Money From PayPal Users *

Microsoft Store App Issues are Fixed with Emergency Updates for Windows 10 *

Russian IoT Botnet Fronton Used to Launch Social Media Disinformation Campaigns *

Chicago Public Schools Suffers Massive Data Breach After Ransomware Attack *

Predator Spyware Actively Infecting Android Users in Zero-day Attacks *

Hackers Employing PDF Documents to Drop Snake Keylogger Malware *

Threat Actors Promoting New Cryptocurrency Scam Using Fake Elon Musk YouTube Videos *

Cisco Addressed a Zero-Day Vulnerability in IOS XR Router Software *

Vidar Malware is Distributed via Fake Windows 11 Downloads *

Malicious PyPI Package Drops Backdoors Targets Windows, Linux, and Mac OS *

North Korean Lazarus Hacking Group Leveraging Log4J Vulnerability to Infect VMware Servers *

QNAP Warned Customers on New DeadBolt Ransomware Attack *

Media Giant Nikkei’s Singapore Unit Suffers Ransomware Attack *

Microsoft Detects a Massive Rise in XorDDoS Malware Activity Targeting Linux Devices *

Most Sophisticated BlackCat Ransomware (ALPHV) Gang Targeting Various Organizations *

NVIDIA Addressed Ten Flaws in the Windows GPU Display Drivers *

Microsoft Warns About Brute-Force Attacks Targeting MSSQL Database Servers *

VMware Fixed Critical Vulnerabilities in its Multiple Products *

WordPress Fixed Critical Vulnerabilities in Jupiter Theme and JupiterX Core Plugins *

Over 200 Apps Found Distributing Facestealer Spyware Via Google Play Store *

Millions of Attacks Exploiting Vulnerable WordPress Tatsu Builder Plugin *

Multiple Third-Party Web Trackers Steal User's Entered Data Before Submitting *

CISA Alerts on Actively Exploited Spring And Zyxel Vulnerabilities *

A Custom PowerShell RAT Targeting German Users Looking for Ukraine Crisis Information *

Apple Patches a Zero-Day Vulnerability in its MacOS and Watch Devices *

Manufacturing Firm Parker-Hannifin Discloses Data Breach Post Ransomware Attack *

HTML Attachments Still Used in Phishing Emails as it Avoids Detection *

Sophos Fixes BSODs Flaw in Antivirus Driver Triggered After Windows KB5013943 Update *

CISA Warns May Windows Updates on Domain Controllers *

Fake Pixelmon NFT Site Infect Users with Password-Stealing Malware *

Attackers Promoted Fake Binance NFT Mystery Box Bots on YouTube to Install RedLine Malware *

SonicWall Patches New Vulnerabilities in its SSLVPN SMA1000 Devices *

Pro-Russian Hackers DDoS Italian Govt Sites Via “Slow HTTP” Technique *

Sysrv Botnet Variant is Now Exploiting New Vulnerabilities to Deploy Cryptomining Malware *

Massive WordPress JavaScript Injection Campaign Redirecting Visitors to Malicious Sites *

Zyxel Pacthes Critical Vulnerability in its Firewall Products *

Cobalt Mirage Attackers Using BitLocker and DiskCryptor in Ransomware Attacks *

A Stealthy BPFdoor Backdoor Targeting Linux and Solaris Systems *

FBI and CISA Warns on Supply Chain Attacks Targeting MSPs *

Bitter Hacking Group Targeting Bangladesh Government Entities via Spear-Phishing Campaigns *

HP Patches High-Severity BIOS Vulnerabilities Enabling Kernel Privileges *

Hackers Deploy a New Post-Exploitation Framework IceApple on Microsoft Exchange Servers *

Attackers Spreading Another Set of Malicious Apps Through Google Play Store *

Researchers Alerts on DCRat Backdoor Being Sold on Russian Hacking Forums *

Costa Rica Declares National Emergency Following Cyberattacks from Conti Ransomware Group *

Scammers Distributing Jester Stealer Malware in Phishing Attacks *

Microsoft Patches an Actively Exploited Windows LSA Spoofing Zero-Day Flaw *

Hackers Employing Critical F5 BIG-IP Vulnerability in Destructive Attacks *

FluBot Android Malware Aims at Finland in a New SMS Phishing Campaign *

German Automotive Industry Targeted by a Month-Long Malware Campaign *

Microsoft Patch Tuesday Security Advisory - May 2022 *

Microsoft Patches a Flaw in Azure Synapse and Azure Data Factory Pipelines *

QNAP has Fixed a Critical Vulnerability Affecting Remote Command Execution in QVR *

New Windows Worm Spreading Through Infected USB Drives *

US Agricultural Machinery Company 'AGCO' Suffers Ransomware Attack *

Google Docs Crashes at the Sight “And. And. And. And. And.” *

Attackers Hijacked Ferrari's Subdomain to Host Fake NFT Scam *

New NetDooka Malware Framework Distributed via PrivateLoader Malware Distribution Service *

Unsecured ElasticSearch Server Instance Exposed Thousands of Borrower's Data *

New Chinese Threat Group Moshen Dragon Targeting Asian Telecommunication Entities *

Security Researchers Disclose Years-Old Bugs in Avast and AVG Antivirus Solution *

Google Patches an Actively Exploited Linux Kernel Flaw in its Android Security Updates *

North Korean Hacker Group 'APT38' Linked to New Ransomware Strains *

Threat Actors Targeting Microsoft Logins from Compromised UK NHS Email Accounts *

Cisco Patches NFVIS Vulnerabilities Enabling Access to Root Privileges *

F5 Alerts Users on Critical BIG-IP RCE Vulnerability Allowing Device Takeover *

Hackers Targeting Pixiv, DeviantArt Artists to Push an Info-stealer Malware *

Pro-Ukraine Hackers Actively Exploiting Docker Images to DDoS Russian Sites *

Threat Actors Distributing Magniber Ransomware in a Fake Windows 10 Upgrade Campaign *

Over Millions of Routers and IoT Devices are Vulnerable to Unpatched DNS Vulnerability *

Aruba and Avaya Network Switches Highly Vulnerable to "TLStorm 2.0" Vulnerabilities *

Threat Actors Abusing Google’s SMTP Relay Service to Distribute Phishing Emails *

Car Rental Giant Sixt Hit by Cyberattack, Disrupting its Operations *

Threat Actors Employing Bumblebee Malware Instead of BazarLoader Malware in Cyberattacks *

Attackers Targeting Ukraine Websites from Compromised WordPress Sites in DDoS Attacks *

Synology Alerts Customers on Critical Netatalk Bugs, Affecting its Several Products *

Russian Threat Group Targeted Romanian Government Sites with DDoS Attack *

Austin Peay State University Suffers Ransomware Attack *

A YouTuber Encouraging Followers to Perform DDoS Attacks Against Russia *

Popular Social Media App Whatsapp Suffers Outage, Users Reported Connection Issues *

A NPM Flaw Enable Attackers to Add Other Developers to their Malicious Packages *

Microsoft Fixed Critical Vulnerabilities in Azure Database for PostgreSQL Flexible Server *

The RIG Exploit Kit Leverages an Internet Explorer Flaw to Spread RedLine Malware *

Chinese-Linked Threat Group 'Mustang Panda' Now Targeting Russian State Officers *

Threat Group Hive0117 Targeting Eastern European Organizations in Phishing Campaign *

QNAP Warned Customers to Disable AFP Until Critical Bugs Fixed *

Microsoft Disclosed a New 'Nimbuspwn' Vulnerability in Linux Operating System *

Threat Actors Actively Exploiting Critical VMware RCE Vulnerability to Deploy Backdoors *

Threat Actors Actively Spreading Emotet Malware Via Windows Shortcut Files *

Multinational Beverage Corporation Coca-Cola Suffers a Network Breach *

American Dental Associations Sensitive Data Stolen by Black Basta Ransomware *

North Korean APT Group Targeting Journalists with Malware 'Goldbackdoor' *

French Hospital Group Suffers Cyberattack; Administrative and Patient Data Exposed *

A Critical Flaw in Ever Surf Wallet Enable Attackers to Steal Victim's Cryptocurrencies *

Atlassian Patched Critical Authentication Bypass Flaw in Jira Seraph *

Hackers Slipping 'More Eggs' Malware Into Resumes Sent to Corporate Hiring Managers *

A Critical Flaw in Cisco Umbrella’s Default SSH Key Enabled Credential Theft *

UPI Suffers Outage, Social Media Flooded with Payment Failure Complaints *

T-Mobile Confirms Lapsus$ Threat Group Breached its Internal Network *

Several Critical Flaws Disclosed in SmartPTT and SmartICS Industrial Products *

QNAP Urges Users To Mitigate Critical Apache HTTP Server Flaws *

LemonDuck and TeamTNT Hacking Docker Servers in Cryptomining Malware Campaigns *

A Critical Android Chipset Vulnerability Enables Attackers to Access User's Media Files *

New BotenaGo Botnet Variant Targeting Lilin Security Camera DVR Devices *

Amazon Web Services Patches Container Escape in Log4Shell Hotfix *

Russian Threat Group Employing New Pteredo Variants to Infect Targeted Ukrainian Entities *

Hive Ransomware Group Targeting Vulnerable Microsoft Exchange Servers *

Emotet Botnet Increased its Infection Rate in March 2022 *

CISA Warns About an Actively Exploited Windows Print Spooler Vulnerability *

QNAP Warned Customers to Secure NAS Devices from Cyberattacks *

Lenovo Disclosed UEFI Firmware Driver Vulnerabilities, Affecting Over 100 Laptop Models *

Israelian NSO Group Leveraging New iOS Flaw to Drop Spyware on iPhone Devices *

CISA Issues a Warning Regarding a North Korean Hacking Group Targeting Cryptocurrency Industries *

A Threat Actor Stole $655,388 in Cryptocurrency from Apple's iCloud *

Hackers Using Fake Windows 11 Upgrade Campaign to Infect Users *

Decentralized Finance Project Beanstalk Lost $182 Million in Flash-loan Attack *

Cisco Patches a Critical Authentication Bypass Vulnerability in its WLC Software *

'JekyllBot:5' Bugs Enable Hackers to Compromise Aethon TUG Hospital Robots *

Hackers Accessed Several GitHub's Private Repositories Using Stolen OAuth Tokens *

Scammers Targeting T-Mobile Customers in SMS Phishing Attacks *

A Vulnerability in Rarible NFT Marketplace Let Attackers Steal Users' Crypto Assets *

Wind Turbine Manufacturer 'Nordex' Suffers Conti Ransomware Attack *

Oil India Limited (OIL) Suffers Ransomware Attack *

Threat Actors Targeting Ukrainian Government Entities with IcedID Malware and Zimbra Exploits *

'OldGremlin' Ransomware Group Returns with New Malware Targeting Russian Entities *

CISA Warns About an Actively Exploited Windows Local Privilege Escalation Vulnerability *

Google Fixes An Actively Exploited Vulnerability in its Chrome Browser *

Malware Campaigns Targeting African Bank Employees with RemcosRAT Malware *

Russian Hackers Employ the Industroyer2 Malware to Attack Ukraine Power Grid *

Federal Agencies Issues a Joint Advisory on APT Groups Targeting ICS/SCADA Devices *

Hackers Actively Exploiting An Already Patched Critical VMware Vulnerability *

WordPress Developers Patches a Critical Flaw in Elementor Plugin *

A New Malware Tarrask Hides Scheduled Tasks Using Windows Vulnerability *

HP Patches Critical Bugs Impacting 15 Million Endpoints in Teradici PCoIP Software *

Hashnode Blogging Platform Reported to Have Critical LFI Vulnerability *

Microsoft Patch Tuesday Security Advisory - April 2022 *

Italian Luxury Fashion House 'Ermenegildo Zegna' Confirms Ransomware Attack *

Threat Actors Leveraging Spring4Shell Exploits to Install Mirai Malware *

American Manufacturing Company 'Snap-on' Suffers a Data Breach *

Researchers Issue Alert About Information-Stealing Malwares FFDroider & Lightning *

Qbot Operators Now Distributing Malware via MSI Windows Installer Packages *

The Android Banking Trojan Mimics Bank Customer Service Calls *

Atlassian's Ongoing Outage Might Extend Another Two Weeks *

Threat Actors Distributing a New META Malware in Spam Campaigns *

Chinese Threat Actors Actively Targeting Indian Power Grid Organizations *

New Octo Malware Let Attackers Take Control of Android Devices Remotely *

A New Traffic Direction System 'Parrot' Infects 16,500 Sites to Deploy Malware *

New Malware 'Denonia' Targets Serverless AWS Lambda with Cryptominers *

Hackers Harvesting Data Via Malicious Android Apps with Million of Downloads *

Threat Actors Using New 'FFDroider' Malware to Steal Social Media Accounts *

An Ongoing Atlassian Outage Affects Jira and Confluence Customers *

OpenSSL Infinite Loop Vulnerability Affects Palo Alto Networks Firewalls and VPNs *

Scammers Using Malicious Shopping Apps to Steal Bank Credentials of Malaysian Customers *

UK Retail Chain The Works Hit by Cyberattack *

VMware Patches Critical Vulnerabilities in its Multiple Products *

CISA Issues an Alert Relating the Active Exploitation of a Critical Spring4Shell Vulnerability *

Researchers Link Chinese Threat Group 'Cicada' to Widespread Espionage Attacks *

Hackers Breach Email Marketing Company 'Mailchimp' to Conduct Phishing Attacks *

FIN7 Hacking Group Employing Stolen Credentials and Software Supply Chain Attacks *

Several Hacking Groups Capitalizing on Russia-Ukraine War To Distribute Malware *

Threat Actors Marketing New Sophisticated Malware on Russian Hacking Forums *

Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave Routers *

New RAT Malware 'Borat' Appears on Hacking Forums, Offering Several Features *

Brokenwire Hack Could Let Attackers Disrupt Charging for Electric Vehicles Remotely *

VMware Fixes Critical Spring4Shell RCE Vulnerability in its Multiple Products *

A 15 Year Old Bug in Pear PHP Repository could Lead to Supply Chain Attack *

Trend Micro Patches Actively Exploited Vulnerability in its Apex Central Product *

Threat Actors Employ New Android Spyware to Harvest Sensitive User Data *

American Express Suffers Massive Outage, Affects Payment Services *

Threat Actors Abusing Microsoft Azure Static Web Pages in Phishing Attacks *

Hackers Using Fake Trezor Data Breach Emails to Harvest Users Cryptocurrency Assets *

CISA Warns Federal Civilian Agencies to Patch Critical Sophos Firewall Vulnerability *

Critical GitLab Vulnerability Enables Hackers to Take Over User Accounts *

Palo Alto Networks Error Leaks Customer Support Cases, Attachments *

Apple Patches Two Zero-Days in its iPhones, iPads, and Macs Devices *

Zyxel Patches Critical Authentication Bypass Vulnerability in its Firewall and VPN Products *

Vulnerable Wyze Cam Devices Allow Hackers to View Video Feeds *

Chinese Hackers Installing New 'Fire Chili' Rootkit on Vulnerable VMware Horizon Servers *

Viasat Confirmed Satellite Modems were Compromised with AcidRain Malware *

Developers Release a Fix for a Zero-Day Vulnerability in Spring Java Framework *

A New Zero-Day Vulnerability in Spring Java Framework Allows Remote Code Execution *

A Severe OpenSSL Bug Affects the Majority of QNAP NAS Devices *

Globant, an IT and software Firm, Suffers a Data Breach; 70GB of Data is Stolen *

Viasat's KA-SAT Satellite Service Suffers From Cyberattack *

A New Spear-phishing Campaign Targets Russian Govt Dissidents with Cobalt Strike *

Russian Phishing Attacks Target NATO, and European Military Forces *

FBI Warns Election Officials of Credential Phishing Campaigns *

Transparent Tribe Hackers Targeting Indian Government Officials Via Modified MFA Tool *

Mars Stealer Malware Spreads Through OpenOffice Ads on Google *

New Malware 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners *

CISA Wans of Attacks on Internet-connected UPS Devices *

Shutterfly Discloses Data Breach Post Suffering Conti Ransomware Attack *

Threat Actors Using Infected WordPress Sites to Launch DDoS Attacks *

Remote Keyless System of Honda Vehicles Vulnerable to Replay Attacks *

Threat Actors Targeting Vulnerable Microsoft Exchange Servers Via Reply Chain Hijacking Attacks *

'Purple Fox' Hackers Actively Using New Variant of FatalRAT in Recent Malware Attacks *

Muhstik Botnet Targeting Redis Servers Recently Disclosed Vulnerability Via Recently Disclosed Vulnerability *

An Emergency Google Chrome Update Fixes Zero-Day Flaw Used In Attacks *

A Critical Vulnerability in Sophos Firewall Enables Remote Code Execution *

Chinese Hacking Group 'Scarab' Spotted Targeting Ukraine Amid Russia Invasion *

Threat Actors Distributing a Vidar Infostealer Via Malicious Email Attachments *

Hackers Targeting Azure Developers Via Over 200 Malicious NPM Packages *

Social Engineering Attacks Compromise Morgan Stanley Client Accounts *

Western Digital Updates My Cloud OS To Patch Critical Vulnerability *

Threat Actors Distribute a New Version of JSS Loader RAT Via Malicious Microsoft Excel Add-ins *

North Korean Hackers Actively Exploiting Recently Patched Chrome Zero-day Flaw *

VMware Releases Patches For Carbon Black App Control Flaws *

New WPS Office Flaws Give Hackers Access To Betting Firms *

China-Linked Threat Actor 'Mustang Panda' Targets European Diplomats and ISPs *

Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns *

Microsoft Confirms the Hack by LAPSUS$ Extortion Group, 37GB of Source Code Leaked *

New Dell BIOS Flaws Affect Millions of Inspiron, Vostro, XPS, Alienware Systems *

Several HP Printer Models Vulnerable to Remote Code Execution Attacks *

Greece's Public Postal Service ' ELTA' Suffers Ransomware Attack *

Researchers Expose Custom macOS Malware of Chinese Hackers *

A New Crypto Scam Dubbed 'CryptoRom' Abusing iPhone Features to Target Mobile Users *

New Backdoor 'Serpent' Targets French Entities via Open-Source Package Installer *

Hackers Targeting Bank Networks with New Rootkit to Compromise ATM Machines *

Threat Actors Spreading BitRAT Malware as Windows 10 License Activator *

Hackers Impersonating Legit Domains by Using New Browser-in-the Browser (BITB) Attack *

Opatch Releases an Unofficial Patch For Windows Zero-Day Flaw Giving Admin Rights *

Hackers Infecting Android Users Via Password Stealing Malware 'FaceStealer' *

Internet Systems Consortium (ISC) Patches High-severity Bugs in BIND Server *

A New Variant of Cyclops Blink Botnet Actively Targeting ASUS Routers *

Europe Warns of Aircraft GPS Outages Linked To Russian Invasion *

Unsecured Microsoft SQL and MySQL Servers are Targeted by Gh0stCringe Malware *

SolarWinds Warns Against Attacks Aimed at Web Help Desk Instances *

Over Hundreds of GoDaddy-Hosted Sites Were Backdoored In One Single Day *

CISA Added 15 Known Vulnerabilities Exploited in Attacks *

OpenSSL Patches a High-Severity DoS Vulnerability *

Hackers Employing Log4j Exploits to Infect Linux Machines *

A Massive Phishing Campaign Employs 500+ Domains to Steal Credentials *

Giant Automotive Manufacturer DENSO Suffers Data Breach *

QNAP Alerted on Linux 'Dirty Pipe' Vulnerability, Affecting its NAS Devices *

Threat Actors Employed CaddyWiper Data Wiping Malware in Ukraine Attacks *

New Linux Vulnerability Allows Hackers to Elevate Privileges *

Researchers found New Evidence linking Kwampirs Operators to Shamoon Malware *

Bridgstone Americas Suffers Data Breach Post Ransomware Attack *

Vulnerable Package Managers let Attackers to Infect Developers' Systems *

Giant Video Game Developer Ubisoft Disclosed a Cyberattack, Services Disrupted *

New Variant of Aberebot Trojan Harvest Users' Google Authenticator MFA Codes *

Attackers Using YouTube Platform to Infect Video Games Players with Malware *

Threat Actors Using Custom-made Hacking Tools in Cyberattacks *

Emotet Botnet Employing Over 100,000 Bots to Carryout Cyberattacks *

Iranian Threat Group Targeting Turkey and Arabian Peninsula in Malware Attack *

Threat Actors Employing Mitel Devices to Launch DDoS Reflection Attacks *

Russian Federal Agencies' Websites Compromised in a Supply Chain Attack *

CISA Updated Conti Ransomware Alert with 100 Domains used in Cyberattacks *

Chinese Threat Actors Targeting European Diplomatic Entities in Phishing Attacks *

Scammers Impersonating Government Officials and Law Enforcement in Fraud Scams *

Coinbase Blocks Over 25,000 Blockchain Addresses Linked to Russian Individuals *

A New Linux Vulnerability Enable Hackers to Gain Root Access on Vulnerable Systems *

Microsoft Fixes a Critical Azure Bug Exposing Other Customers Data *

Romania's Rompetrol Gas Station Network Suffers Hive Ransomware Attack *

Ukraine's Computer Emergency Response Team Warns of New Phishing Attacks *

TerraMaster Patches Critical Vulnerabilities in its Network-attached Storage (NAS) Devices *

Researchers Identify SharkBot Malware Disguised as an Android Antivirus on Google Play Store *

Threat Actors Using Stolen NVIDIA's Code-signing Certificates in Cyberattacks *

Russian Government Shares a List of IP Addresses DDoSing Russian Organizations *

Vulnerable Linux Kernel Versions Enable Hackers to Execute Arbitrary Commands *

New Security Bug Affects Thousands of Self-Managed GitLab Instances *

Mozilla's Security Updates address two critical zero-day vulnerabilities in Firefox *

'Lapsus$' Hacking Group Allegedly Leaks Samsung Electronics Confidential Data *

Cisco Issue Patches for Expressway Series, TelePresence VCS Products *

Researchers Propose New Side-Channel Attack on Homomorphic Encryption *

New York State Office of the Attorney General Warns Users Impacted by T-Mobile Data Breach *

Over 71,000 NVIDIA Employees Credentials Compromised as a Result Of a Data Breach *

Researchers Disclose a Malware Campaign Impersonating VC Firm Using Phishing Emails *

Developers Address Critical Security Flaws in Famous Multimedia Library PJSIP *

Researchers Disclose Critical Security Vulnerabilities in VoIPmonitor Monitoring Software *

Threat Actors Leveraging Log4Shell Vulnerabilities to Launch DDoS and Cryptomining Attacks *

Belarusian Nation-state Threat Group Actively Targeting European Government Entities *

TrickBot Operators Updates its AnchorDNS Backdoor to AnchorMail *

Threat Actors Abusing Google Ads to Push Hundreds of eBike Phishing Sites *

China-linked Daxin Malware Actively Targeting Several Governments Infra in Espionage Attacks *

TeaBot Malware Resurfaces on Google Play as a QR Code Scanner App *

Insurance Giant 'AON' Suffered Cyberattack Over the Weekend *

Second New Malware 'IsaacWiper' Targets Ukraine Amid Russian Invasion *

Automobile Giant 'Toyota' Halts Production Amid Cyberattack on Supplier *

Video Surveillance Giant 'Axis Communications' Suffers Massive Network Breach *

Threat Actors Abusing Content Filtering Devices in DDoS Amplification Attacks *

An Infostealer Malware 'Jester Stealer' Updated with New Malicious Capabilities *

Threat Actors Using Ransomware as Decoy in Ukraine Cyberattacks *

Android Visual Voice Mail App Vulnerability Let Attackers to Steal User Passwords *

NHS Urges Users to Patch Okta Advanced Server Client RCE Vulnerability *

American Multinational Technology Corporation 'Nvidia' Hit by Cyberattack *

Targeted Citibank Customers Suffer Phishing Attack with Fake Suspension Alerts *

Threat Group 'UNC2596' Exploiting Microsoft Exchange Vulnerabilities to Install Ransomware Payload *

Hackers Using Microsoft Official Store to Deploy Malware on Victims' Systems *

Threat Actor Group 'APT27' Hit US Defense Contractors Using Stealthy SockDetour Backdoor *

Deadbolt Ransomware Operators Actively Targeting ASUSTOR NAS Devices *

Researchers Identify a New Destructive Wiper Malware Leveraged in Ukraine Attacks *

CISA Warns About an Actively Exploited Flaws in Zabbix Network Monitoring Platform *

Researchers Unveil New Malware 'Small Sieve' Used by MuddyWater Hackers *

Researchers Warn of New Russian Botnet Built from Hacked Firewall Devices *

25 Malicious JavaScript Libraries Enable Hackers to Steal Users' Discord Tokens and Environment Variables *

Threat Actors Employing Dridex Bots to Deploy Ransomware Payload on Infected Networks *

Chinese Researchers Uncover Details About Equation Group's Bvp47 Backdoor *

Researchers Disclose a 9-Year-Old Bug in Horde Webmail Software *

Massive DDoS Attacks Hit Ukrainian Government Agencies and Banks Once Again *

Researchers Disclose a New Phishing Technique Bypassing Multi-factor Authentication *

Chinese Threat Group 'APT10' Targeting Taiwan Entities in a Supply Chain Attack *

Hancom Office Software Vulnerable to Code Execution and Memory Corruption Attacks *

Fraudsters Stolen $1.7 Million Worth NFTs from OpenSea Users' in a Phishing Attack *

Threat Actors Actively Scanning Vulnerable MS SQL Servers to Deploy Cobalt Strike Beacons *

A New Android Banking Trojan Spotted on Google Play Store, Targeting Europeans *

American Logistics Company 'Expeditors International' Hit by Massive Cyberattack *

Giant Cookware Distributor 'Meyer Corporation' Suffers Data Breach Following Ransomware Attack *

Islamic Republic of Iran Broadcasting (IRIB) Hit by Cyberattack *

WordPress Force-Updating UpdraftPlus Plugin Patch on Million of Sites *

Iranian Threat Group Leveraging Log4j Vulnerabilities to Affect VMware Horizon Servers *

PseudoManuscrypt Botnet Followed CryptBot Techniques Since May 2021 *

Monzo Online Banking Users Targeted by New phishing Attack *

Popular E-cigarette Online Store was Compromised to load Credit Card Skimmer *

Adobe Updated its Security Advisory for Critical Vulnerability *

Cisco Patched high severity vulnerability Impacts Cisco Email Security Appliance *

Hackers Use Microsoft Teams Chats to Spread Malware *

Researchers Alerts on Golang-based Kraken Botnet Targeting Windows Systems *

Cyber Threat Group 'Moses Staff' Targeted Israeli Organizations *

Red Cross Claimed State-Sponsored Hacking Group Responsible for the Attack *

BEC Scammers Impersonating CEOs in Virtual Meetings *

Trickbot Malware Targeting Well-known Companies to Steal Users Credentials *

Researchers Disclosed a High-Severity Vulnerability in Apache Cassandra *

VMware Patched High Severity Vulnerabilities Affecting Several Products *

BlackCat Ransomware Group Claims Swissport Ransomware Attack *

Ukrainian Defense and Two Bank Sectors Hit By Massive DDOS Attack *

Threat Actors Employing Mylobot Malware to Send Cyberbulling Emails *

Researchers Attribute ShadowPad Malware Attacks to Chinese Threat Groups *

Japanese Sportswear Company Mizuno Hit by Ransomware Attack *

Moxa Patches 5 Critical Security Vulnerabilities in its MXview Software *

Ukraine Suffers from Ongoing Massive Hybrid Warfare *

NFL’s San Francisco 49ers Team Hit by Blackbyte Ransomware Attack *

Google Pushes a Chrome Update to Fix Zero-day in its Chrome Browser *

Adobe Fixed Critical Zero-day Vulnerability, Affects Adobe Commerce and Magento Users *

Croatian Mobile Network Operator 'A1 Hrvatska' Suffers Data Breach *

Researchers Identified New Sophisticated Rust-based Ransomware Attack *

CISA Added 16 New Flaws to its Known Exploited Vulnerabilities Catalog *

Threat Group ModifiedElephant Installed Fake Digital Evidence on Indian Activists *

Apple Patches an Actively Exploited Zero-Day Flaw in its Security Updates *

Threat Actor Group 'APT29' Targeted European Diplomats Via COVID-19-Themed Phishing Emails *

FritzFrog Botnet Infects 1500 Hosts Within a Span of One Month *

Researches Disclose Advanced Threat Group 'ModifiedElephant' Stealth Mode Operation Strategies *

Vulnerable 'PHP Everywhere' Plugin Pose High Risk for Thousands of WordPress Sites *

Iranian Threat Group Deploying Backdoor Dubbed Marlin in a New Espionage Campaign *

Hackers Infected Hundreds of Magento Sites in MageCart Attacks *

FBI Alerts Users of Increased SIM Swap Fraud Hijacking Victims Numbers *

Advance Threat Group Employing New Implant to Infect Middle East Entities *

Threat Actors Targeting European Android Users in Smishing Attacks *

Kimsuki Hacker Group Using Commodity RATs with Custom Gold Dragon Malware *

Google Patches Two Critical Bugs Via Android Security Updates for Feb 2022 *

Vulnerable Mimosa Wireless Broadband Products are Exposed to Remote Attacks *

SAP Patches Multiple Security Vulnerabilities in its February 2022 Security Patch Day *

Vodafone Portugal Hit by Massive Cyberattack *

Microsoft Patch Tuesday Security Advisory - February 2022 *

Politically Motivated Threat Group Targeting Indian Military and Diplomatic Resources *

Medusa Malware Targeting Android Users in Smishing Campaigns *

Leading Sportswear Manufacturer Puma Suffers Data Breach Following Ransomware Attack *

DPD Group's Parcel Tracking Flaw May Expose Customers' Personal Information *

Vulnerable Argo CD Exposes Sensitive Information from Kubernetes Apps *

American Media Giant News Corp Hit by Persistent Cyberattack *

Researchers Identified a New Ransomware-as-a-Service (RaaS) Operation in Cyberattacks *

Israeli Company QuaDream Abusing iPhone Security Vulnerability to Deploy Spyware *

Switzerland's Aviation Firm Swissport Hit by Ransomware Attack *

Chinese Threat Actors Actively Exploiting a Zimbra Zero-day Vulnerability to Steal Emails *

Cisco Patches Several Flaws Discovered in Small Business RV Series Routers *

Intuit Warns of Phishing Campaign Sending Fake Account Suspended Mails *

Antlion Hackers Targeting Financial and Manufacturing Institutes Using Custom Backdoor *

Threat Actor Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks *

UEFI Firmware Vulnerabilities Impact at least 25 Computer Vendors *

Threat Actors Using SEO Poisoning Technique to Install Malware Package *

New Malware Used by SolarWinds Hackers Went Undiscovered for Many Years *

Kenyon Produce (KP) Snacks Company Suffers Ransomware Attack *

Morley Companies Inc. Discloses a Data Breach Post Ransomware Attack *

ESET Patches High Severity Vulnerability Affecting its Multiple Products *

Threat Actor Group 'Charming Kitten' Using New PowerShell Backdoor in Cyber Espionage Attacks *

SolarMarker Malware Employing Novel Techniques to Persist on Hacked Systems *

Researchers Disclose New Iranian Hacking Campaign Targeting Turkish Users *

Researchers Found a New Oski Malware Variant Dubbed ' Mars Stealer' in Cyberattacks *

Phishing Scammers Employing Malicious CSV Files to Drop Malware *

German Petrol Supply Firm Oiltanking Severely Impacted by Cyber-attack *

British Council Suffers Data Leak, 144000 Records Exposed *

Gamaredon Threat Group Using New Malicious Files in Phishing Attack *

Samba Patched a Critical Vulnerability that Let Hackers Gain Root Access *

Hackers Abusing UPnP Routers to Perform Malicious Activities *

WordPress Addresses a Critical Vulnerability in a Plugin with Over a Million Downloads *

Russian Threat actors Employ Stealthy Malwares in Cyber Espionage Campaign Dubbed 'StellarParticle' *

Taiwanese Electronics Manufacturer, Delta Hit by Conti Ransomware *

Hackers Taking Over CEO accounts Using Rogue OAuth Apps *

Phishing Operators Using a Windows Update to Install Malware *

Researchers Discover Over 20,000 Vulnerable DCIM Systems Prone to Attacks *

Finnish Diplomats’ Mobiles Infected with Pegasus Spyware *

Patched Windows Vulnerability with New Public Exploits Lets Hackers Become Admin *

Linux Version of LockBit Ransomware Targeting VMware ESXi Servers *

Discord Suffers Major Outage Caused by API and Database Issues *

Chaes Banking Trojan Hijacking Chrome with Malicious Extensions *

New FluBot and TeaBot Campaigns Abusing Android Devices Worldwide *

Phishing Attack Impersonate Shipping Giant 'Maersk' to Deploy Malware *

A Video Game Company BANDAI NAMCO Shutdown Servers to Prevent Cyberattacks *

Apple Patches New Zero-day Exploited to Hack macOS, iOS Devices *

German Government Warns of APT27 Group Backdooring Business Networks *

Linux System Service Flaw Enables Root on all Major Distros *

DazzleSpy Malware Targets macOS Users in Watering Hole Attack *

Threat Actors Employing Compromised Accounts to Deliver Large-scale Phishing Emails *

Premium Subscription-Based Scam Targeting Android Users *

TrickBot Malware Operators Added New Techniques to Elude Detections *

Russian Threat Group Targeting Government and Defense Industries *

New DeadBolt Ransomware Targets QNAP Devices, Demands 50 BTC for Master Key *

Initial Access Broker Attack VMware Horizon Servers in Log4Shell Attacks *

Canadian Government Hit by Cyberattack, Few Services Disrupted *

Threat Actors Hacked Segway Store to Steal Customers' Credit Card Data *

Emotet Spam Campaign Using Unconventional IP Address to Evade Security Detections *

Phishing Campaign Employing Malicious PowerPoint Files to Push Malware *

Threat Actors Now Actively Targeting a Patched Critical SonicWall RCE Bug *

Two CWP Bugs Allow Code Execution as Root on Linux Servers *

Android Malware BRATA Strikes Back with Enhanced Features, Wipes Device After Stealing Data *

Hackers Encrypted Belarusian Railway's Internal Servers in Protest *

Researchers Identified a New UEFI Firmware Implant in Cyberattacks *

Hackers Backdoored Over 90 WordPress Themes, Plugins in Supply Chain Attack *

Researchers Uncover 2 Flaws in Zoom Software, Resulting in Zero-click Attack *

SonicWall Provides Temp Fix For Firewalls Stuck in Reboot Loop *

CISA Discloses New 17 Vulnerabilities Exploited in Attacks *

Threat Group Molerats Targeting Middle East in Cyberespionage Campaign *

McAfee Agent Update Fixes Two High-Severity Vulnerabilities *

F5 Patches 24 Vulnerabilities in its BIG-IP, BIG-IQ, and NGINX Controller API Products *

Dutch National Cybersecurity Centre Warns of Lingering Log4j Threats *

WordPress Plugin Flaw Puts Users of 20,000 Sites at Phishing and Code Injection Risk *

Several Spyware Campaigns Stealing Credentials in Industrial Firms *

DoNot Hacking Group Targeting Government and Military Entities in South Asia *

Indonesia's Central Bank Discloses Ransomware Attack, Conti Leaks Data *

Cisco Flaws Provide Remote Attackers Root Privileges via Debug Mode *

Red Cross Cyberattack Leaks Data of 515,000 Individuals *

SolarWinds Patches Serv-U Vulnerability Exploited for Log4j Attacks *

Russian Attackers Employing Subscription-based Malware Service to Deploy Malware *

Scammers Impersonating United States Department of Labor in Phishing Campaign *

A New Stealthy Malware Targeting Users' Cryptocurrency Wallets and Passwords *

Researchers Discloses a Critical Flaw in SAP NetWeaver AS ABAP and ABAP Platforms *

Critical Flaw in IDEMIA Biometric Identification Devices Enable Unauthorized Access *

Large-scale Phishing Campaign Targeting Renewable Energy Firms *

Researchers Link New White Rabbit Ransomware to FIN8 Hacking Group *

Earth Lusca Hackers Targeting High-Value Targets in Government and Private Sectors *

Microsoft Issues Emergency Patches for Windows Server, VPN Bugs *

Fashion Giant Moncler Discloses Data Breach Post Ransomware Attack *

Microsoft Warns of Fake Ransomware Targeting Ukraine in Data-wiping Attacks *

High-Severity CSRF Flaw in 3 WordPress Plugins Affected 84,000 Websites *

Nintendo Warns of Phony Sites Pushing Fake Switch Discounts *

eNom Data Center Migration Process Knocks Sites Offline *

Zoho Patches a Critical Security Flaw in Desktop Central *

An Undisclosed npm Dependency Flaw Affected Facebook's Create React App *

Vulnerable Apple Safari Browser Allows Hackers to Track User Activity *

Cybercriminals Abusing Public Cloud Infrastructure to Distribute Several RAT's *

Goodwill's E-commerce Platform 'ShopGoodwill' Suffers Data Breach *

Cisco Patches a Critical Bug Affecting Unified CCMP and Unified CCDM *

Qlocker Ransomware Returns to Target QNAP NAS Devices Globally *

Defense Contractor Hensoldt Discloses a Ransomware Attack *

Massive Cyber Attack Knocks Down Several Ukrainian Government Websites *

North Korean Hackers Stealing Millions from Cryptocurrency Startups Globally *

Financially Motivated Hacking Group Targeting Cryptocurrency Startups *

Threat Actors Compromised FIFA 22 Accounts Using Social Engineering Techniques *

AWS Patched Security Vulnerabilities that Exposed AWS Customers' Information *

Sentinel LABS Released an Unofficial Patch for Privilege Escalation Vulnerability, affecting all Windows Devices *

OceanLotus Threat Group is using Web Archive Files to Install Backdoors *

Magniber Ransomware Gang now Utilizing Signed APPX Files in Attacks *

Microsoft Patched Critical Flaw in Windows HTTP Protocol Stack *

Apple Fixed a Persistent Denial of Service (DoS) Flaw Dubbed 'doorLock' *

Ransomware Operators Leveraging Log4Shell Exploit to Infect VMware Horizon Systems *

Microsoft Patch Tuesday Security Advisory - January 2022 *

New SysJoker Backdoor Actively Targeting Windows, macOS, and Linux Users *

Threat Actors Deploying New RedLine Malware Via Fake Omicron Stat Counter App *

KCodes NetUSB Kernel Module Bug Affects Millions of Routers Globally *

CISA Warns Federal Agencies of Ancient Flaws Still Being Exploited *

Threat Actor Group 'Patchwork' Infecting Users with Ragnatela Malware *

Researchers Link 'Abcbot' Botnet Operation to Xanthe Cryptomining Botnet Operators *

Threat Actors Targeting Cybersecurity Researchers and Developers in Malware Campaign *

State Hackers Employ New PowerShell Backdoor in Log4j Attacks *

Vulnerable Open-Source NPM Libraries 'colors' and 'faker' Breaks Thousands of Apps *

Linux Version of AvosLocker Ransomware Encrypting VMware ESXi Servers *

Researchers Discovered Security Flaw like Log4Shell in H2 Database Console *

A New 'Night Sky' Ransomware Targeting Corporate Companies *

Microsoft Warns of Persistent Attacks Leveraging Apache Log4j Flaws *

Y2K22 Bug Hits SonicWall's Email Security, Firewall Products *

Hackers Employ BadUSB to Target Defense Firms with Ransomware *

NHS Warns of Unknown Hacker Group Exploiting Log4Shell in VMware Horizon *

FluBot Malware Operators Targeting Europe Posing as Flash Player App *

FinalSite Hit by a Ransomware Attack that Disrupted Thousands of Schools *

QNAP Warns of Attacks Targeted at Internet-exposed NAS Devices *

North Korean Hacker Group "Konni" Attacks Russian Foreign Ministry *

Credential Stuffing Attacks Impact 1.1 Million Users at 17 Companies *

US Online Pharmacy "Ravkoo" Suffers Data Breach Post AWS Portal Hack *

Hackers Abusing Google Docs Commenting Feature to Drop Malware *

FBI Warns of an Ongoing Google Voice Authentication Scams *

Microsoft Releases an Emergency Update to Address Windows Remote Desktop Issues *

Threat Actors Injecting Web Skimmer Code to Steal Sensitive Information *

U.S. Cellular Disclose Data Breach Post Billing System Hack *

Hospitality Chain McMenamins Suffers Data Breach Post Ransowmare Attack *

Apple iOS Vulnerable to Denial of Service Flaw "doorLock" *

Broward Health Company Discloses a Data Breach, 1.3 Million Individuals Affected *

Threat Actors Deploying Purple Fox Malware via Malicious Telegram Installers *

Microsoft Release a Temporary Fix to Address Exchange Server Flaw *

Kyoto University Loses 77TB of Research Data due to Backup Error *

Netgear Leaves Six High Severity Vulnerabilities Unpatched in Nighthawk Router *

PulseTV Discloses Data Breach of 200,000 Credit Cards *

Researcher Discloses a Security Flaw in Uber's Email System *

New iLOBleed Rootkit Wiping Data from Compromised HP Enterprise Servers *

AvosLocker Ransomware Group Releases Decryptor Post Breaching US Police *

Firmware Attack May Drop Persistent Malware in Hidden SSD Area *

Chinese APT Hackers Employ Log4Shell Flaw to Attack an Academic Institution *

Prominent Crypto Trading Platform, ONUS Suffers Ransomware Attack via Log4j Hack *

Storage Devices of Several Vendors Impacted by Encryption Software Bugs *

Norwegian Media Giant Amedia Suffers Disruption Due to Cyberattack *

Researchers Disclose New Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics *

Apache Releases Log4j 2.17.1 to Address a Remote Code Execution Bug *

RedLine Malware Stealing Passwords Saved in Chromium-based Web Browsers *

BlackTech Cyber-espionage APT Targeting Japanese Companies Using Flagpro Malware *

Threat Actors Attempted to Compromise LastPass Users Master Passwords *

Researchers Identify Infiltration of Riskware Apps on Samsung's Galaxy Store *

Threat Actors Actively Abusing MSBuild for Cobalt Strike Beacon Execution *

Photo Services Giant Shutterfly Hit by Conti Ransomware Attack *

ech0raix Ransomware Group Actively Scanning for Vulnerable QNAP NAS Devices *

Pirated 'Spiderman: No Way Home' Movie Torrent Delivers Crypto-Mining Malware *

Several Vulnerabilities in Garrett Metal Detectors Let Hackers to Alter Configurations *

Global IT Services Provider Inetum Suffers Ransomware Attack *

Android Banking Trojan Spreads via Bogus Google Play Store Page *

Blackmagic Patches Critical DaVinci Resolve Code Execution Flaws *

Dridex Operators Targeting Covid-19 Victims via Omicron Phishing Taunts *

Monongalia Health System Suffers Email Breach, Affecting 400,000 Individuals *

NVIDIA and HPE Patches Apache Log4j Library Vulnerabilities in its Products *

Researchers Disclose a New Variant of Babuk Ransomware *

New Dell BIOS Updates Results in Laptops and Desktops Boot Issues *

Apple Patches macOS Security Flaw Behind Gatekeeper Bypass *

Researchers Uncover New Phishing Campaign Aimed at CoinSpot Crypto Exchange *

Threat Actors Deploying Stealthy BLISTER Malware on Windows Devices *

Pro Wrestling Tees Discloses Data Breach, 31,000 Customers Info Compromised *

Apache Patches Two Severe Security Vulnerabilities in its HTTP Server *

Microsoft Azure App Service Bug Exposes Customers Source Code Repository *

CISA, FBI and NSA Releases Joint Advisory and Scanner for Log4j Vulnerabilities *

Chinese-speaking Espionage Group Targeting Government and Transportation Sectors *

Researchers Identify Stealthy Backdoors in Auerswald's COMpact 5500R PBX's Firmware *

All Mobile Phone Generations Since 2G Vulnerable to Newly Identified Mobile Network Vulnerabilities *

FBI: Threat Actors Actively Exploiting New Zoho Zero-Day Since October 2021 *

Over 820,000 Vulnerable WordPress sites are Exposed to Attacks *

PYSA Ransomware Group was Behind Major Attacks in November 2021 *

Scammers Impersonate Pharmaceutical company 'Pfizer' in Phishing Attacks *

Sony Life Insurance Employee Arrested for Stealing $154 Million Dollars *

Hackers Taking Over Vulnerable Windows Domains via Elevation of Privilege Vulnerabilities *

Researchers Suspect 'Cytrox' for Distributing 'Predator' Spyware on iPhones *

Cyber Criminals Infected U.S. Federal Agency's Network with Backdoor *

Malicious Android App Distributes New Joker Malware, Infected Over 500,000 Android Users *

Hackers Distributing New Stealthy DarkWatchman Malware through Phishing Emails *

Threat Actors Revived TellYouThePass Ransomware in Linux, and Windows Log4j Attacks *

Threat Actors Exploiting Log4j Vulnerability to Deploy Dridex Banking Malware *

Western Digital Urges Users to Upgrade their My Cloud Devices *

Logistics Firm "Hellmann" Warns Users of BEC Emails Post Ransomware Attack *

Threat Actors Infected Over 35,000 Computers in 2021 Using a New PseudoManuscrypt Malware *

Threat Actors Targeting Spider-Man Franchise Fans with Credit-Card Harvesting *

VMware Patches a Critical Flaw in Workspace ONE UEM *

Phorpiex Botnet Surfaces Again with a more Sophisticated Variant *

Khonsari Ransomware Group Targeting Self-Hosted Minecraft Servers *

Apache Issues a New Patch to Fix 3rd Log4j Vulnerability *

Researchers Suspect New Attack Vector Identified in Log4j Exploits may Expand the Attack Surface *

Iranian State-Sponsored Hacker Abused Slack API to Steal Asian Airline Data *

US Prominent Brewery and Hotel chain "McMenamins" Hit by a Conti Ransomware Attack *

Log4j Hackers Switch to Injecting Monero Miners via RMI *

Credit Card Skimmers Targeting Ecommerce Sector via Magecart Attacks *

DDoS Mitigation Service Provider "Cloudflare" Suffers Widespread Latency and Timeouts *

A New Espionage Campaign Targeting Telecom Organizations in Middle East and Asia *

Hackers Steal Microsoft Exchange Credentials Using Backdoor "Owowa " *

Threat Actors Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges *

Apple Releases an iOS Update for Remote Jailbreak Exploit *

PyPi Removes 3 Python Packages Suspected of Dropping a Trojan on Victim Systems *

Virginia Information Technology Agency Suffers Ransomware Attack *

Workforce Management Solutions Provider, Kronos Suffers Ransomware Attack *

Over 300,000 MikroTik Devices Still Vulnerable to Remote Hacking Flaws *

AWS Suffers Second Outage in this Month, Impacts Twitch, Zoom, PSN, Hulu, others *

Vulnerabilities in Wi-Fi and Bluetooth Chips Enable Hackers to Steal Passwords *

Researchers Identify "ALPHV" as the Most Sophisticated Ransomware in 2021 *

Threat Actors Actively Exploiting Log4Shell Vulnerability to Deliver Malware on Vulnerable Machines *

Partially Fixed Dell Computer Drivers Still Vulnerable to Windows Kernel-level Attacks *

Threat Actors Targeting German E-Banking Users via New Phishing Campaigns *

Volvo Cars Suffers Ransomware Attack, R&D Information Exposed *

Researchers Link 'XE Group' to Eight Years of Credit Card Theft *

Apache Foundation Releases a Security Patch for Second Log4j Vulnerability *

Microsoft Patch Tuesday Security Advisory - December 2021 *

Mojang Studios Publishes an Emergency Minecraft Update Amid Critical Log4j Vulnerability Exploits *

Threat Actors Dropping Agent Tesla Malware Using PowerPoint Macros in On-going Phishing Campaigns *

Hackers Employ Known Info-stealing Malware "TinyNuke" Targeting French Users *

Researchers Disclose Building Blocks of Widely Active Qakbot Banking Trojan *

AWS Discloses the Cause Behind the Recent Massive Outage *

Researches Disclose an Active Campaign Exploiting Over Vulnerable 1.6 Million WordPress Sites *

17 Malicious NPM Packages Let Attackers to Steal Discord Tokens *

Google Pushes Emergency Chrome Update to Fix Zero-day in its Chrome Browser *

South Australian Government Data Breach Expose Over 80,000 Employees Info *

Threat Actors Targeting Enterprises Using New Zero-day Exploit for Log4j Java Library *

StrongPity Hacking Group Pushing Malware Using Malicious Notepad++ Installers *

Dark Mirai Botnet Actively Targeting Unpatched TP-Link Routers *

Hackers Targeting US Universities via Office 365 Phishing Campaigns *

Vulnerable Hikvision's IoT Devices Targeted by Moobot Botnet *

Emotet Malware is Now Installing Cobalt Strike Directly on Infected Devices *

Fujitsu Cites the Breach on Japanese Ministries' on Stolen ProjectWEB Credentials *

Cox Communications Disclose Data Breach Post Hacker Impersonates Support Agent *

SanDisk SecureAccess Flaw Enables Brute Force Attacks Against Vault Passwords *

Google Fixes High Severity Use-After-Free Vulnerabilities in its Chrome Browser *

SolarWinds Hackers Targeting Government and Business Organizations Worldwide *

Phony KMSPico Software Stealing Victims' Cryptocurrency Wallets *

Hackers Employ Fake 'Spam Notification' Phishing Emails to Steal Microsoft Credentials *

SonicWall Patches Several Security Flaws in its SMA 100 Series Appliances *

Grafana Patches a Zero-day Flaw Post Exploits Spread Over Twitter *

Popular Cloud Service Providers Affected by Multiple Vulnerabilities in Eltima SDK *

AWS Suffers Outage, Impacts Ring, Netflix, and Amazon Deliveries *

QNAP Warns Users to Secure NAS Devices Against Bitcoin Miner *

Conti Ransomware Strikes Scandinavian Hotel Group "Nordic Choice" *

Hundreds of SPAR Stores Suffer Massive Outage in Northern England *

BitMart Cryptocurrency Exchnage Loses $200 Million Worth of Cryptocurrency Tokens Post Hack *

Microsoft Seizes Domains Used by APT15 Chinese State Hacker Group *

Researches Disclose 17 Malicious Frameworks Used to Attack Air-Gapped Networks *

Pakistani Threat Actor "SideCopy" Targeting Indian and Afghan Governments *

Malvertising Campaigns Distributing Backdoors and Malicious Chrome Extensions *

Threat Actors Distributing Android Banking Malware "BRATA" via SMS Phishing Campaign *

Researchers Disclose 14 New XS-Leaks Attacks on Well-known Web Browsers *

Finland's National Cyber Security Centre Warns of New Android Banking Malware Campaigns *

Threat Actors Employing RTF Template Injection Method in Phishing Campaigns *

Phishing Actors Actively Exploiting Users Via Omicron Themed Phishing Campaign *

Zoho Patches a Critical ManageEngine Bug Exploited in Wild *

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats *

Scammer Sentenced for Stealing Millions of Dollars of Cryptocurrencies via SIM Hijacking *

Threat Actors Promoting a Malicious Android App to Steal Malaysian Bank Credentials, and MFA Codes *

BlackByte Ransomware Group Exploiting Proxy-shell Flaws to Deploy Web-shells on Vulnerable Microsoft Exchange Servers *

New Malware "NginRAT" Actively Targeting E-commerce Servers *

Planned Parenthood LA Discloses Data Breach Post Ransomware Attack *

Threat Actors Spreading Emotet via Fake Adobe Windows App Installer Packages *

Four Android Banking Trojans Infected Over 300,000 Android Devices in 2021 *

Mozilla Patches a Critical Flaw in its Cross-platform Cryptography Library *

TrickBot Malware Authors Employing New Ways to Evade Detection *

Russian Threat Actors Employing Babadeda Crypter to Evade Detection *

Hardware Giant "HP" Patches 8-year-old Critical Flaws in its Multi-functional Printers *

Ohio-based DNA Testing Firm "DNA Diagnostics Center" Discloses Data Breach, Impacting 2.1 Million People *

'Sabbath' Ransomware Operators Target Critical Infrastructure in US and Canada *

North Korean Defectors and Journalists Targeted by a New Chinotto Malware *

Threat Actors Utilizing Compromised Google Cloud Instances to Mine Cryptocurrency *

Marine Services Provider "Swire Pacific Offshore" Suffers Ransomware Attack *

Threat Actors Hide New Linux Malware Payload in Cron Jobs to Steal Credit Card Data *

Stealthy Hacker Group "WIRTE" Targeting Governments in the Middle East *

Researchers Warn of Attacks Targeting Recently Patched Apache HTTP Server Vulnerability Exploited in Wild *

Japanese Multinational Conglomerate "Panasonic" Discloses Data Breach Post Network Hack *

Furniture Retail Giant IKEA Email Systems Hit by Ongoing Cyberattack *

Researchers Disclose New Zero-day Vulnerability in Windows 10 Mobile Device Management Service *

APT C-23 Hackers Targeting Target Middle East Users Using New Android Spyware Variant *

Researchers Uncover a New Stealthy JavaScript Malware Dropping Several Windows based RATs *

Iranian Threat Actors Exploiting Microsoft MSHTML RCE Flaw to Steal Google, Instagram Credentials *

Advanced Hacking Group Targeting Biomanufacturing Industries Via New Malware Variant *

Researchers Linked North Korean Attackers to Several Credential Theft Campaigns *

Malicious Python Libraries Steal Discord Tokens and Install Reverse Shells *

PHP Deserialize Bug in CloudLinux Imunity360 May Lead to Remote Code Execution *

"RedCurl," A Corporate Cyber Espionage Threat Group Strikes With New Hacking Tools *

Cisco Patches a High Severity Bug in its Cisco ASA and FTD Firewalls *

MediaTek Chips Bugs Affect 37% of All Smartphones and IoT Globally *

VMware Patches Multiple Vulnerabilities in its vCenter Server and Cloud Foundation *

Over 6 Million Sky Routers Vulnerable to Takeover Attacks for 17 months *

New Android Banking Malware ‘SharkBot’ Hitting Targets in U.S., UK and Italy *

North American Wind Turbine Giant "Vestas" Suffers a Data Breach *

Iran Airlines "Mahan Air" Hit By Cyber Attack *

Threat Actors Actively Exploiting New Windows Installer Zero-day Flaw *

US SEC Alerts Investors About Ongoing Impersonation Attacks *

Utah Medical Center Suffers Data Breach; 582k Patients Info Stolen *

Threat Actors Hacking Vulnerable Microsoft Exchange Servers to Hijack Internal Email Chains *

GoDaddy Suffers Data Breach Affecting 1.2 million Customers *

Android Malware BrazKing Back with New Stealthy Techniques *

Threat Actors Abusing Glitch Cloud Service to Host Short-lived Phishing Websites *

APT Group Exploiting FatPipe VPN Zero-Day Bug Since May 2021 *

Vulnerable eCommerce Sites Allow Hackers to Deploy a New Linux Backdoor *

Attackers Employing Domain Fronting Technique to Evade Malicious Traffic *

Attackers Distributing Emotet Malware in New Spam Campaigns *

Netgear Fixes Pre-Authentication Buffer Overflow Bug which Affects various Products *

New TikTok Phishing Attack Targeting Influencers’ Accounts *

Emotet Botnet Returns Using TrickBot Malware *

Microsoft Released Emergency Updates to Fix Windows Server Authentication Issues *

NPM Patched Private Package Names Leak and Serious Authorization Flaw *

New Release Google Chrome 96 Shatters Twitter and Discord Web Apps *

WordPress Sites are Targeted to Display Fake Ransomware Notes *

High Severity Flaws Discovered in BIOS Firmware Affects Various Intel Processors *

Hackers Actively Targeting Alibaba ECS Instances to Deploy Cryptojacking Malware *

Lazarus Attackers Targeting Security Researchers with Trojanized IDA Pro Application *

Attackers Hacked FBI Email Servers to Distribute Spam Campaign *

American Retail Giant 'Costco' Reveals Data Breach After Identifying Credit Card Skimmer *

A Zero-Day Flaw in the Windows User Profile Service Gets Free Unofficial Patch *

BotenaGo Malware Targeting Millions of Routers and IoT Devices with 33 Exploits *

TrickBot Hackers Abused Microsoft's App Installer in Spam Campaigns *

WP Reset PRO Plugin Enables Attackers to Hijack Websites *

Netflix, Instagram, and Twitter Users are Targeted by New Android Malware *

TeamTNT Cybercrime Group Actively Targeting Vulnerable Docker Servers *

German Medical Software Company Medatixx Hit by Ransomware Attack *

Palo Alto Addresses Multiple Vulnerabilities in PAN-OS *

Clop Ransomware Gang is now Exploiting SolarWinds Serv-U flaw in Attacks *

Zombie-themed Phishing Emails Infecting Users with MirCop Ransomware *

A New Variant of Mekotio Banking Trojan Spotted in the Wild *

Microsoft Patch Tuesday Security Advisory - November 2021 *

Microsoft Warned Admins to Patch Exchange Server Vulnerability *

Cisco Patches Hard Coded Credentials and Default SSH Key Issues in its Catalyst PON Switches *

Researchers Disclose a Critical RCE Vulnerability in Linux Kernel's TIPC Module *

Scammers Harvesting Microsoft O365, Google Logins Via Fake Proofpoint Emails *

Researchers Disclose Two Critical SQL Injection Flaws in Philips Healthcare Informatics Solution *

Prominent Stock Trading Platform "Robinhood" Suffers a Data Breach *

Electronics Giant "MediaMarkt" Hit by Hive Ransomware Attack *

Threat Actors Actively Targeting Patched Sitecore XP RCE Flaw *

Central Depository Services (India) Limited Discloses a Data Breach *

Babuk Ransomware Deployed via Microsoft Exchange ProxyShell Vulnerabilities *

New Android Rooting Malware "AbstractEmu" Takes Over Mobile Phones Via Root Access *

CISA Discloses a Catalog of Known Exploited Vulnerabilities for Multiple Products *

UK Labour Party Discloses a Data Breach Post Ransomware Attack *

Critical Flaw in Cisco Policy Suite's Hardcoded SSH Key Lets Remote Hackers Gain Root Access *

US Defense Contractor Electronic Warfare Associates (EWA) Suffers Data Breach *

Google Patches Actively Exploited Kernel Bugs in its Android November Patch *

Microsoft Suffers Outage, Blocks Access to Onedrive and Sharepoint Files *

Over 30,000 Unpatched GitLab Servers Vulnerable to Already Patched Critical RCE Flaw *

Over 1.6 Million Devices in China Infected by Pink Botnet *

Researchers Uncovered Multiple Critical Flaws in Pentaho Business Analytics Software *

Threat Actors Used Kaspersky's Stolen Amazon SES Token in Office 365 Phishing Campaigns *

Threat Actors Distributing Chaos Ransomware via Fake Minecraft 'alt list' Text Files *

Threat Actors Deploying Snake Infostealer Malware Via Phishing Emails *

Iranian Hackers Breach Israeli Web Hosting Provider"Cyberserve" *

Canadian Province Health Care System Hit by Cyberattack *

Researchers Disclose New Spook Ransomware Built on Prometheus Code Exposing All Victims *

Pirated Sports Streamer Hacked Major American Sports Leagues and Tried to Extort MLB for $150,000 *

Hive Ransomware Group Launches New Variants Capable of Encrypting Linux and FreeBSD Devices *

Israeli Internet Firm Hit By Ransomware Attack Led By Iranian Hackers *

UMass Memorial Health Care Center Suffers Data Breach *

Google Fixes the Flaw Causing Chromebooks Failing to Enroll Devices *

Google Patches Two Zero-Day Bugs in Chrome Browser *

macOS Flaw Allow Hackers to Deploy Rootkits *

WordPress's OptinMonster Plugin Flaw Allow to Hijack Sites *

Threat Actors Targeting YouTubers’ in Phishing Campaigns *

Cybercriminals Delivering Ransomware via Malicious NPM Packages *

Apple Fixed 22 Security Flaws in iOS and iPadOS Devices *

Iranian Gas Station Hit by a Cyberattack *

Hackers Employing a New Squirrelwaffle Malware In Spam Email Campaigns *

Attackers Used a New Yanluowang Ransomware in Targeted Attacks *

Russian Attackers Delivering Malicious Documents in Phishing Campaign *

WordPress Plugin Flaw can Lead to Complete Takeover of Vulnerable Sites *

South Korea's Telecommunications Firm 'KT Corporation' Suffers Nationwide Outage *

CISA Advised to Fix Critical Flaw in Discourse Software *

Attacker Hijacked NPM Library to Compromise Windows and Linux Devices *

macOS Malware Utilizes New Evasion Techniques *

New PurpleFox Backdoor Uses WebSockets for C2 Communication *

SCUF Gaming International Suffers Data Breach: 32,000 Customers Affected *

Attackers Distributing Malware Through Korean Webhard and Torrent Websites *

New Threat Group Targeting South Asian Organizations Using Custom Malware *

Chinese Attackers Exploited Windows Zero-Day Vulnerability in Cyberattacks *

FBI Alerts on Fake Govt Sites Used to Steal Sensitive Information *

Telecommunications Company 'Sinclair Broadcast Group' Hit by Ransomware Attack *

The University of Sunderland Hit by Cyberattack *

Olympus US Systems Hit by Cyberattack *

Ecuador's Largest Bank 'Banco Pichincha' Hit by Cyberattack *

Microsoft Fixed Compatibility Issues in Windows 11 KB5006674 Cumulative Update *

Attackers Using Math Symbols in Phishing Campaigns *

Microsoft Azure's Customer Hit by Largest DDoS Attack *

Microsoft Patch Tuesday Security Advisory - October 2021 *

Apple Fixes a Zero-day Flaw in an Emergency iOS 15.0.2 Update *

Google Fixes Four High-Severity Flaws in its Chrome Browser *

American Pacific City Bank Hit by AvosLocker Ransomware Attack *

Threat Actors Targeting Linux Devices Using New FontOnLake Rootkit *

Ransomware Group FIN12 Aggressively Attacking Healthcare Sectors *

Cox Media Group Discloses a Data Breach Post Ransomware Attack *

Threat Actors Impersonating "QuickBooks" in Ongoing Phishing Campaigns *

Global Brewery Firm BrewDog Exposes 200,000 Customers Sensitive Information *

Researchers Disclose New Android Malware Infecting Android Mobiles *

Telecommunication Firm 'Syniverse' Discloses a Database Breach *

Microsoft Patched Flaw Prevent Security Updates for Azure Virtual Desktops *

Apache Emergency Update Patched Incomplete Fix for Actively Exploited Bug *

Researchers Disclose UEFI Bootkit Exploiting Windows Systems Since 2012 *

Live Streaming Platform 'Twitch' Suffers Massive Data Leak *

APT Group "ChamelGang" Targeting Fuel, Energy, and Aviation Industries *

Researchers Disclose Multiple Critical Flaws in Honeywell Experion PKS and ACE Controllers *

Apache Patches a Zero-Day Vulnerability in its Web Server *

The Telegraph Suffers Massive Data Breach;10 TB Database Leaked *

Researchers Link Disparate Malware Attacks to Chinese Cyber-espionage Group *

Unknown Ransomware Gang Encrypting VMware ESXi Servers Using Python Script *

Industry Publication Giant Sandhills Global Hit by a Ransomware Attack *

Misconfigured Apache Airflow Servers Leak Credentials *

New Atom Silo Ransomware Group Targeting Unpatched Confluence Servers *

An Unpatched Flaw Enables Contactless Payments From Locked iPhones *

Threat Actors Targeting Commerzbank Customers Via New Malware Campaign *

Hackers Steal Cryptocurrency from Coinbase Customers Using MFA Flaw *

Threat Actor Group "GhostEmperor" Backdooring Windows 10 Systems Using a Rootkit *

WhatsApp, Instagram and Facebook Suffers Massive Outage Due to a Configuration Error *

Google Fixes Two Zero-Day Flaws in its Chrome Browser *

Hackers Spreading Flubot Android malware Via Fake Security Updates *

QNAP Patches 3 High-severity Stored Cross-site Scripting (XSS) Flaws Affecting NAS Devices *

MoneyLion Discloses a Data Breach Post Credential Stuffing Attacks *

Neiman Marcus Discloses a Massive Data Breach; 4.3 million Users Affected *

Fake Amnesty International Pegasus Antivirus Affects Windows Systems *

JVCKenwood Hit by CONTI Ransomware Attack *

Threat Actors Hijack Windows Boot Manager With UEFI Bootkit *

Microsoft Warns of Cyber Attacks Targeting Active Directory FS Servers *

Hackers Draining Brazil's PIX Payment System Users' Bank Accounts *

Researchers Linked New Tomiris Backdoor to Hackers Behind SolarWinds Cyberattack *

Giant Trucking Company "Forward Air" Suffers Data Breach *

Microsoft Suffers MFA Outage; Access to Microsoft 365 Services Blocked *

Threat Actors Distributing a New Jupyter Malware Version Via MSI Installers *

Threat Actors Stealing Financial Data from 378 Banking and Wallet Apps Via "ERMAC" Malware *

Multiple Cyberattack Campaigns Abusing Atlassian Confluence RCE Flaw *

Colossus Ransomware Hits Prominent Automobile Company in the USA *

Twitter Web Client Suffers Worldwide Outage *

Threat Actor Targets Indian Government With Commercial RATs Via Operation Armor Piercer Campaign *

QNAP Patches Two Critical Flaws in its QVR Software *

Prominent Communications Provider "Bandwidth.com" Hit By a DDoS Attack *

New Malware 'BloodyStealer' Targeting Popular Gaming Platforms *

Google Fixes High-Severity Zero-Day Flaw in its Chrome Browser *

Researcher Discloses Exploit Codes for 4 iOS Zero-Day Flaws on GitHub *

Microsoft Warns Organizations About a Wide-Scale Phishing-as-a-Service Operation *

Colombian Real Estate Firm "Coninsa Ramon" Suffers Data Breach *

Scammers Targeting US, Canada Users Via New Android Malware *

SonicWall Patches a Critical Vulnerability in its SMA 100 Series Products *

Threat Actors Deploying Web Shells Via Nagios RCE Vulnerabilities *

Researchers Disclose a Remote Code Execution Flaw in AWS WorkSpaces *

Netgear Patches a Remote Code Execution Vulnerability in its Routers *

Threat Actors Employing BitRAT to Target South American Organizations via Spam Campaigns *

Cisco Patches Three Critical Flaws in its IOS XR Software *

Apple Patches a Zero-day Flaw Used to Hack iPhones and Macs *

Threat actor Group "FamousSparrow" Breaching Hotels Worldwide Via ProxyLogon Exploits *

Cyber Criminals Deploying Rootkit Via a New Bug in Microsoft Windows *

Threat Actors Targeting Organizations in Latin America Via a New Banking Trojan *

Threat Actors Employing New Malware Campaigns to Mine Cryptocurrency *

Cring Ransomware Group Actively Exploiting Decade-Old Patched ColdFusion Vulnerabilities *

Microsoft Exchange's Autodiscover Flaw Leaks 100K Windows Credentials *

Russian Threat Actors Deploying TinyTurla Malware as Secondary Stage Backdoor *

VMware Fixed Critical Arbitrary File Upload Vulnerability in its vCenter Server *

Researchers Disclosed a New Zero-Day Vulnerability in macOS Finder *

Republican Governors Association's Server Breached Via Microsoft Exchange Cyberattack *

US Farmer Cooperative Suffered a BlackMatter Ransomware Attack *

Over 1.4 Million COVID-19 Test Results From Multiple Hospitals Exposed in Paris *

Scammers Sending Spam Emails to Promote Elon Musk-themed Cryptocurrency Scam *

VoIP.ms Hit By a DDoS Attack; Multiple Services Impacted *

AMD Patches An Information Disclosure Flaw in its Chipset Driver *

Prominent Integration Service Provider, Travis CI Patches a Critical Security Flaw *

Researchers Uncovered Phishing Campaign "Operation Layover" Targeting Aviation Industry *

Threat Actors Deploying New Malware to Compromise Windows Subsystem for Linux Environment *

Tamil Nadu Public Department Hit by Ransomware Attack *

Netgear Patches Third Critical Bug in its Smart Switches *

Microsoft Patches a Critical Flaw in Open Management Infrastructure Affecting Azure Cloud Services *

Adobe Patches 36 Critical Vulnerabilities in its Products *

Threat Actors Impersonate US Department of Transportation to Steal Microsoft Credentials *

South Africa's Justice Ministry Suffers Ransomware Attack *

Microsoft Warns of Information Leakage Vulnerability in Azure Container Instances *

Cyber Criminals Deploying New Linux Cobalt Strike Beacons in Ongoing Cyber Attacks *

Nitro Software Patches a Remote Code Execution Flaw in its Nitro Pro PDF *

Threat Actors Spreading New ZLoader Malware Through Fake TeamViewer Installer *

Millions of Computers Affected by HP Omen's Privilege Escalation Bug *

Microsoft Patch Tuesday Security Advisory - September 2021 *

Telecommunications Provider "MyRepublic" Suffers Data Breach *

New Android Banking Trojan Dubbed "S.O.V.A" Emerges With Growing Capabilities *

TeamTNT Hacking Group Stealing Credentials Using New Open-Source Tools *

Apple Patches Zero-click iPhone Exploit Deploying Pegasus Spyware *

Google Patches 2 Zero-day Flaws in its Chrome Browser *

“FudCo” Spam Empire Linked to Pakistan-based Software Firm *

Howard University Suffers Ransomware Attack Leading to Network Shutdown *

Threat Actors Targeting Kurdish Ethnic Group Via Mobile Spyware Attacks *

New Windows 0-Day Attack Targeting Users Via Weaponized Office Documents *

Meris Botnet Launches a 22 Million RPS DDoS Attack *

Cisco Patches Multiple High-Severity Flaws in its IOS XR Software *

Threat Actors Leaked 500,000 Fortinet VPN Credentials On Hacking Forum *

Zoho Patches Critical Vulnerability in its ManageEngine ADSelfService Plus Solution *

Critical Flaw in HAProxy Result in HTTP Request Smuggling Attack *

FIN7 Group Deploying Backdoor Via Windows 11 Alpha-themed Word Documents *

Ribbonsoft’s dxflib Library Flaw Allow Attackers to Remotely Execute Commands *

New Malware Family Leverages CLFS Log Files to Evade Detection *

Threat Actors Hacked Jenkins Project's Confluence Server to Install Monero Miners *

NPM, Package Manager Patches a Critical Bug in the Package Pac-Resolver *

Microsoft Links SolarWinds Serv-U SSH Zero-Day Attack to Chinese Hackers *

Netgear Patches High Severity Bugs in its Smart Switches *

Threat Actors Exploiting Confluence Bug to Install Cryptocurrency Miners *

Billions of Bluetooth Devices From Multiple Vendors Remain Highly Vulnerable to BrakTooth Flaws *

Dallas Public School Suffers Data Breach *

Canada Immigration Accepts Additional 7,300 Applications in TR to PR Program Due to a Technical Bug *

Cisco Patches Critical Authentication Bypass Flaw in NFV Infrastructure Software (NFVIS) *

Over 60,000 Parked Domains Were Vulnerable to Domain Hijacking Attacks *

Autodesk Targeted By SolarWinds Hackers Via Sunburst Backdoor *

LockFile Ransomware Bypassing Protection Via Intermittent File Encryption *

Microsoft Exchange ProxyToken Flaw Allow Attackers to Access User Email Messages *

Multiple Vulnerabilities Identified in Fortress S03 Wi-Fi Home Security Systems *

Threat Actors Selling a GPU Based Malware Via Hacker Forums *

Annke Patches a Stack-based Buffer Overflow Flaw in its Video Surveillance Product *

Synology Discloses Open SSL Vulnerabilities Impacting its NAS Devices *

Attackers Abusing Proxyware Applications to Monetize Malware Campaigns *

QNAP Discloses OpenSSL Flaws Impacting its NAS Devices *

New York Credit Union Discloses An Insider Threat; 21GB of Sensitive Data Destroyed *

Google App Bug Restrict Users To Make & Receive Calls *

Attackers Distributing Phishing Mails Using Open Redirect Links *

Researchers Warn Users About Four Emerging Ransomware Groups *

FIN8 Threat Group Targeting Financial Institutions Using Sardonic Backdoor *

U.S. Based Computer Retail Company Targeted by New SideWalk Backdoor *

Critical F5 BIG-IP Vulnerability Affects Customers in Sensitive Sectors *

VMware Fixes Four High Severity Flaws in vRealize Operations Manager API *

Microsoft Power App Leaks 38 Million Sensitive Data Records Via Misconfigured Tables *

Threat Actors Actively Exploiting 15 Vulnerabilities to Hack Linux Systems *

Microsoft Warns Customers of Azure Critical Cosmos DB Vulnerability *

Cisco Patched a Critical Flaw in its APIC Software *

Boston Public Library Suffers System Wide Outage *

Cyber Criminals Deploying BazaLoader Malware via Fake DDoS Notifications *

Emsisoft Releases Free Decryptor for SynAck Ransomware Victims *

Compromised WhatsApp Mod Distributing Malicious Payloads Via Supply Chain Attack *

Threat Actors Discreetly Marketing ShadowPad Malware Among Chinese Espionage Groups *

NSO Group Deploying Pegasus Spyware Via New Zero-click iPhone Exploit *

OpenSSL Vulnerabilities May Be Exploited For Multiple Cyber Attacks *

ACROS Security Releases a Micro Patch to Address PetitPotam Flaw *

Mozi, an IoT Botnet Targets Network Gateways and IoT Devices *

Threat Actors Actively Exploiting Newly Disclosed Realtek SDK Vulnerabilities in the Wild *

AT&T Denies Data Breach Post Attacker Auctions 70 Million User Database *

Google Discloses Information of Unpatched Windows AppContainer Vulnerability *

Cloudflare Thwarts the Largest DDOS Attack Ever Recorded *

Microsoft Exchange Servers Under Attack By New LockFile Ransomware *

SAC Wireless, A Nokia Subsidiary Discloses Data Breach Post Conti Ransomware Attack *

Phishing Campaign Used a XSS Flaw in UPS Website to Distribute Malware *

Vulnerable Microsoft Exchange Servers Under Attack Via ProxyShell Vulnerabilities *

Attackers Hacked US Census Bureau Servers Using Citrix Vulnerability *

Critical Vulnerability Discovered in the Universal Plug-and-Play (UPnP) Service of Multiple Cisco Routers *

BadAlloc Flaw Affects BlackBerry's QNX Real-Time Operating System (RTOS) *

Chase Bank Suffers Data Leak Via Technical Glitch *

Data Exfiltration Attacks Can Bypass Cisco Safety Products *

Ransomware Attacks Hit Maine's Rural Sewage Treatment Plants *

Memorial Health System, Florida Suffers Ransomware Attack *

Attackers Targeting Multiple Users in Mexico via Neurevt Trojan *

Adobe Patches Critical Photoshop Security Flaws *

Critical Flaw in ThroughTek's Point-to-Point (P2P) SDKs Impacting Million IoT Devices *

Fortinet Delays Patching a Zero-day Bug in its Web Application Firewall (WAF) *

Multiple Realtek Related Flaws Affecting its Wi-Fi SDKs; Impacting Nearly a Million IoT Devices *

Tokio Marine's Singapore Branch Suffers Ransomware Attack *

Threat Actors Selling Ficker Info Stealer Malware as a Malware-as-a-Service (MaaS) *

Iranian Government-linked Hacker Groups Conducting Cyber Espionage Activities in Israel *

Attackers Use 'CAPTCHA' Images to Trick Users into Bypassing Browser Warnings *

Brazilian National Treasury Suffers Ransomware Attack *

Threat Actors may use Middleboxes Related Flaws for TCP Reflected Amplification *

Threat Actors Distributing WarzoneRAT via Compromised WordPress Sites *

TA505 Threat Group Installing ServHelper RAT Using New Techniques *

Multiple STARTTLS Related Bugs Found in Popular Email Clients *

Trend Micro Addresses Wild Zero-Day Vulnerabilities *

T-Mobile Suffers Massive Data Breach; 100 Million Customers Data Stolen *

The Infamous AlphaBay Darknet Market Has Reopened for Business *

Microsoft Spotted Hackers Using Morse Code in Phishing Campaigns to Evade Detection *

Threat Actors Employing CAPTCHA Protected Phishing Campaigns *

Scammers Impersonating FINRA in an Ongoing Phishing Campaign *

Multiple Flaws in Wodify Fitness Platform Allow Hackers to Take Control *

New AdLoad Malware Variant Escapes through Apple's XProtect Defence *

Ford Flaw Exposed Sensitive Information from Internal Systems *

Attackers Can Now Spy On DNS Traffic via Bugs in Managed DNS Services *

Intel Releases Patches for High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers *

Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising *

One Million Stolen Credit Cards Data Leaked on Carding Marketplace *

Gigabyte Suffers RansomEXX Ransomware Attack *

Microsoft Confirms another Zero-Day Bug in Windows Print Spooler *

Accenture Hit by LockBit Ransomware Attack *

Attackers Stole Cryptocurrency worth of $600 Million *

Researchers Revealed eCh0raix Ransomware Targeting Both NAP and Synology NAS Devices *

Microsoft Patch Tuesday Security Advisory - August 2021 *

Adobe Patched Several Critical Vulnerabilities in its Products *

Russian Federal Executive Authorities Targeted by Chinese Threat Actors *

Chinese Threat Actors Targeting Prominent Southeast Asian Telecom Firms *

Joplin City Suffers from Ransomware Attack *

FatalRAT Trojan Exploiting Telegram *

New FlyTrap Malware Compromises Thousands of Facebook Accounts *

New Chinese Spyware Used in Widespread of Cyber Espionage Attacks *

VMware Patches Security Vulnerabilities in Workspace ONE Access and Identity Manager *

INFRA:HALT Flaws Affect Embedded TCP/IP Stack Widely Used in OT Devices *

Cisco: Firewall Manager RCE Flaw is a Zero-day, Patch Incoming *

Go & Rust Languages Affected by Critical IP Address Validation Flaw in "net" Library *

New York City Public School's Info Leaked; Officials Confirm *

Threat Actors are Actively Exploiting Vulnerable Home Routers *

Solarmarker Malware Targeting Healthcare and Education Sectors *

Attacker Scanning Microsoft Exchange Servers for ProxyShell Vulnerability *

New APT Threat Group Targeting Microsoft IIS Servers *

Google Fixed Several High-Severity Security Flaws in Android OS *

Linux Variant of BlackMatter Ransomware Encrypting VMware ESXi Machines *

New Android Malware Vultur Abuses Accessibility Services *

Energy Group ERG Reports Minor Interruptions Post Ransomware Attack *

Google Patches Several Chrome Vulnerabilities *

New Cobalt Strike DoS Vulnerability Allows Takedown of Attackers’ Servers *

Advanced Technology Ventures Discloses a Data Breach Attack *

Cisco Patches Pre-Auth Security Flaws in its VPN Routers *

Romania Cryptojacking Attackers Targeting Linux Devices *

Multiple TransLogic Firmware Vulnerabilities Discovered; Major Impact on North America Hospitals *

Italy's Lazio Region Suffers Ransomware Attack *

New Meteor Malware Used in Iranian Railway Attack *

Multiple Vulnerabilities Patched in WordPress Download Manager *

Node.js Patched Severe HTTP Vulnerability *

Russians Attackers Compromised Federal Prosecutors Email Accounts *

New Vulnerabilities could let Attackers to Compromise Zimbra Server via Email *

Researchers Discovered New Haron Ransomware Gang *

A New .Stolen Ransomware Deleting Disc Shadow Copies Post Encrypting Disc Drives *

LockBit 2.0 Ransomware Uses Group Policies to Encrypt Windows Domains *

Attackers Compromised Chipotle’s Marketing Account to Deliver Phishing Emails *

Multiple Flaws Discovered in 3 Open-Source Software *

DarkSide Ransomware Gang Returns as New BlackMatter Ransomware *

Attackers Installing PlugX Malware Variant on Compromised MS Exchange Servers *

Northern Ireland Suspends COVID Certificate Service Post Data Breach *

Attackers Posed as Aerobics Instructors to Target Employees *

APT Attackers Distributed Android Trojan via Syrian E-Government Portal *

UC San Diego Health Suffers Data Breach Post Phishing Attack *

Oracle Fixes Critical Flaws in its Products *

LemonDuck Malware Targeting Windows and Linux Systems *

Signal Patches a Critical Flaw in its Android Versions *

Apple Patches a Zero-day Flaw Exploited in the Wild *

XCSSET MacOS Malware Targets Telegram Accounts and Google Chrome Data *

Researchers Disclose 3 Zero-day Flaws in Kaseya Unitrends Backup Solution *

Kaseya Gets Universal Decryptor Tool to Help Victims *

Critical Security Flaws Reported in Etherpad *

Law Firm Campbell Conroy & O'Neil Suffered Ransomware Attack *

Malicious NPM Package Steals Chrome Passwords on Windows via Recovery Tool *

Federal Agencies Say China Breached Dozens of Pipeline Companies between 2011 and 2013 *

Akamai Suffers DNS Outage; Prominent Websites and Online Services Across the Globe Impacted *

Dell Patches 3 Critical Vulnerabilities in OpenManage Enterprise Service *

Atlassian Patches Critical Vulnerability in its Jira Data Center and Jira Service Management Data Center Products *

Ecuador's State-run CNT Telco Suffers Ransomware Attack *

Juniper Fixed Multiple Flaws in its Products *

Attackers Distributing Remcos RAT via Visual Basic *

Microsoft Seizes Homoglyph Domains used in BEC Campaign *

Saudi Aramco Suffers Data Breach; 1 TB Stolen Data for Sale *

16-Year-Old Bug Impacts Millions of HP, Samsung, Xerox Printers *

Bug discovered in Fortinet lets Attackers to run Code as Root *

WIFIDemon Leading to Remote Code Execution Attacks on iOS Devices *

Magecart Attackers Using Unique Techniques to Avoid Detection *

Cisco Patches High Severity Flaw in its ASA & FTD Software Versions *

Pegasus Spyware Infecting Prominent Personnel's Mobile Devices Across the Globe *

WildPressure APT Targeting Windows and macOS Systems via New Malware Variant *

Google Patches Zero-Day Vulnerability in its Chrome Browser *

D-Link Fixes Multiple Security Bugs in its DIR-3040 Router Version v1.13B03 *

Scammers Target Comparis Group Users Post Ransomware Attack *

Multiple Vulnerabilities in NuGet Packages Affect .NET Platform *

Microsoft Patched Windows Hello Authentication Bypass Vulnerability *

Recent ZLoader Malware Attacks Adopt New Macro-Related Delivery Method *

Sage X3 Patched Multiple Security Flaws in its Enterprise Resource Planning (ERP) Product *

Attackers Spreading BazarBackdoor Malware via Nested RAR and ZIP Archives *

SonicWall Warns of Imminent Ransomware Attacks Targeting SMA 100 & SRA VPN Appliances *

VMware Fixed Flaws In ESXi and ThinApp Applications *

Chinese Hackers Utilizing SolarWinds Zero-Day to Target US Defense Companies *

New BIOPASS RAT Live Stream Victim's Computer Screen *

Kaspersky Password Manager Generated Passwords used in Brute Force Attacks *

Adobe Patch Tuesday Security Advisory - July 2021 *

Microsoft Patch Tuesday Security Advisory - July 2021 *

Kaseya Fixed Multiple VSA Bugs Exploited in REvil Ransomware Attack *

Flaws in Cisco BPA and WSA could lead to Privilege Escalation Attacks *

Mitsubishi Electric Fixed Bugs in Air Conditioner Control Systems *

Fashion Retailer Guess Suffers Data Breach Post Ransomware Attack *

SolarWinds Patches a Zero-day Flaw Exploited in the Wild *

Insurance Firm CNA Suffers Data Breach After Ransomware Attack *

Mint Mobile Suffers Data Breach; Hackers Port Victims Phone Numbers *

Morgan Stanley Reports Data Breach After Vendor Reports Accellion Hack *

Nobelium Hacking Group Reportedly Accessed Microsoft's Customers Support Tools *

Crypto Mining Scams Targeting Victims via Fraudulent Android Apps *

Malspam Campaign Deploying Cobalt Strike Payloads Posing as Kaseya VSA Security Update *

Microsoft Addresses Critical Edge Bug Leading to UXSS Attacks *

CISA Discloses 15 Vulnerabilities Affecting Philips Vue Healthcare Products *

Pro-Trump Social Media Site "GETTR" Suffers Data Breach *

QNAP Patches Critical Flaw in NAS Backup and Disaster Recovery Solution *

Insurance Giant AJG Reports Data Breach post a Ransomware Attack *

Threat Actor Group Wizard Spider Linked to a New Ransomware 'Diavol' *

NETGEAR Patches 3 Critical Bugs in DGN-2200v1 Series Routers *

Microsoft Urges Azure Users to Update their PowerShell Tool *

Threat Actors Hacked Mongolian Certificate Authority to Deploy Backdoors *

Threat Actors Targeting Unpatched Cisco ASA Devices Aggressively Post the PoC Release *

Kaseya Suffers Massive Ransomware Attack; Hundreds of Companies around the Globe Affected *

Retail Giant Coop Shuts Down 500 Stores Post Kaseya Ransomware Attack *

Microsoft Releases Emergency Patch for Windows Zero-day PrintNightmare Vulnerability *

Attackers Target Microsoft's Halo Development Servers via Dependency Hijacking *

Law Enforcement Officials Seize DoubleVPN Service's Servers *

WD Storage Devices Vulnerable to Ongoing Cyber-Attacks *

LinkedIn Suffers Data Breach, 700 Million Users Data Exposed *

DarkRadiation Ransomware Gang Targeting Linux & Docker Instances *

Threat Actors using WIM Files to Bypass Security Solutions via Phishing Emails *

Microsoft Signs a Rootkit Malware Disguised as Windows Driver *

Unpatched Flaws in PlingStore Apps may Lead to Supply-Chain Attacks *

Scammers Impersonating FINRA Support in a New Phishing Campaign *

Fortinet Patches 2 Vulnerabilities in its Web Application Firewall (WAF) *

High Severity Flaws Found in Vulnerable NVIDIA Jetson Chipsets *

Spam Campaign Hides "handwritten" Links in Tinder Profile Images *

Pakistan Hackers are Targeting Indian Power Company with ReverseRat *

Mercedes-Benz Suffers Data Breach *

Multiple Bugs in Dell SupportAssist; Impacts 30 Million PCs *

Researchers Discovered Security Vulnerability in 2G Mobile Data Encryption Standard *

Conti Ransomware Gang Leaked Tulsa City's Police Citation Documents *

Covid-19 tracking app ‘MassNotify’ Auto-installed on Massachusetts Android Phones *

VMware Fixed Critical Vulnerability in Carbon Black App Control *

A Partially Fixed Bug in SonicWall Affecting 800K Firewalls *

Vulnerabilities in Open Design Alliance's SDK Impacting Multiple Vendors *

Nuclear Research Agency of South Korea was Hacked Using VPN Flaw *

Multiple Vulnerabilities Discovered in Schneider PowerLogic Devices *

Zephyr RTOS Patched Multiple Bugs in its Bluetooth LE Stack *

Healthcare Giant Grupo Fleury Suffers Ransomware Attack *

Palo Alto Networks Fixed Critical Vulnerability in Cortex XSOAR *

Microsoft Patched High-Pitched Noise Bug in Windows 10 *

Threat Actors are Sending Fake Extortion Emails by Impersonating DarkSide Gang *

Supermarket Chain Wegmans Suffers Data Breach *

Andariel Hacking Group Targeted South Korean Industries with New Malware Campaign *

Poland Officials Targeted in Russian Cyber Attacks *

Russian Consumer Watchdog Bans VyprVPN & Opera VPN Services *

Gelsemium Hackers Target NoxPlayer with Supply Chain Attack *

Reproductive Biology Associates Clinic Suffers Ransomware Attack *

Critical Flaw in ThroughTek Allows Millions of Cameras to Spy *

Newly Discovered iPhone Bug can Disable iPhone's Wi-Fi Functionality *

Researchers Warn of SolarMarker Malware Deployed via SEO Poisoning *

Attackers Bypass Office 365 MFA in BEC Attacks *

Attackers can Access Victim Information via Vulnerability found in Microsoft Power Apps *

Instagram Bug Allows Attacker to View Private Accounts Details of the User *

Propane Service Provider AmeriGas Discloses Data Breach *

Cake Box Suffers Data Breach; Credit Card Numbers of Customers Exposed *

Clop Ransomware Gang Suspects are Arrested in Ukraine *

Google Patched Zero-Day Bug in Chrome Web Browser *

Scammers are Sending Fake Ledger Devices to Steal Cryptocurrency *

Thousands of VMWare vCenter Servers are Still Vulnerable to Remote Code Execution Attacks *

Apple has Fixed 2 Zero-Day Flaws in iOS Devices *

Hackers can Spy on Samsung Mobile Users using Pre-installed Applications *

Interpol Removed Multiple Fake Online Pharmaceutical Websites *

Spain's Ministry of Labor and Social Economy Suffers Cyberattack *

Avaddon Ransomware Group Shuts Down *

Food Supply Giant Edward Don Shuts Down Temporarily Due to Ransomware Attack *

7-Year-Old Privilege Escalation Polkit Flaw Affecting Linux Devices *

McDonald's Discloses Data Breach; Customers and Employee Information Exposed *

Audi and Volkswagen Suffers Data Breach; 3.3 Million Customers Affected *

Food Giant JBS Pays $11 million to REvil Ransomware Group *

Famous Video Game Company Electronic Arts Suffers Data Breach *

WAGO Controller Flaws Could Lead to Industrial Process Disruptions *

Stolen Login Credential Marketplace Slilpp is Seized by Law Enforcement *

Fastly CDN Outage Impacted Multiple Websites *

Latest Necro Python Malware has New Exploits and Crypto Mining Capabilities *

Phishing Campaign Targets U.S. Financial Industry Regulatory Authority (FINRA) *

Memory & Storage Manufacturing Giant ADATA Suffers Ransomware Attack *

Microsoft Patched Vulnerability In MSGraph Component *

PuzzleMaker Threat Actors Targeting Windows 10 Systems using Chrome Zero-days *

STUN Servers Abused for DDoS Attacks *

New Siloscape Malware Targets Windows Containers to Access Vulnerable Kubernetes Clusters *

Attackers are Actively Targeting Vulnerable VMware vCenter Servers *

Google Fixed Multiple Critical Bugs In Latest Android Security Updates *

Adobe Patches 41 Vulnerabilities in 10 Products *

Intel Fixes 73 Security Vulnerabilities *

Microsoft Patch Tuesday Security Advisory - June 2021 *

EvilCorp Cybercrime Gang Mimics PayloadBIN to Evade US Sanctions *

US Truck Manufacturer Navistar Discloses Data Breach *

Cisco Patches High-Risk Security Flaws in its Multiple Products *

Open Source Application "Have I Been Pwned" Used to Expose Stolen Credentials *

Nantucket Steamship Authority Suffers Ransomware Attack *

Researchers Disclosed Critical Bug In Realtek Wi-Fi Module *

Threat Actors Deploying SkinnyBoy Malware using Malicious MS Word Documents *

Threat Actors Bypassing Ransomware Defense in Antivirus Solutions via Whitelisted Applications *

Huawei Fixed Privilege Escalation Bug in its USB LTE Dongle *

FUJIFILM Suffers Ransomware Attack *

North Korean Hacking Operation Targeting South Korea Government Units *

Multiple Products from Cisco, Akamai & Linux affected by Vulnerability in Lasso Library *

Multiple Vulnerabilities Reported in Industrial Switches from Several Vendors *

Swedish Health Agency Shuts Down SmiNet's Database after Multiple Intrusion Attempts *

Attackers Exploiting Critical Zero-day Flaw in WordPress Plugin *

Researchers Disclosed Two New Attack Techniques which Modifies Certified PDF Document Content *

New Phishing Campaign Targeting Walmart Users Discovered *

Two Domains Used In Nobelium Phishing Campaign Seized *

Food Giant JBS Shuts down Temporarily due to Cyberattack *

BazaLoader Campaign Spreading Phishing Emails to Compromise Users Windows System *

FBI Reports Attackers are Exploiting Unpatched Fortinet Devices *

Researchers Warn of Facefish Backdoor Infecting Linux Devices *

New VSCode Extensions Bugs may Lead To Supply Chain Attacks *

Siemens Patches a High-severity Memory Protection Bypass in its PLCs *

Canada Post Reports Data Breach Post Supplier Ransomware Attack *

Threat Actors Distributing Trojanized AnyDesk Installer via Malvertising Campaign *

SolarWinds Hackers Deploying New 'NativeZone' Backdoor via a New Supply Chain Attack *

Klarna Mobile Application's Technical Bug Leaking Users Data *

New Epsilon Red Ransomware Abusing Unpatched Microsoft Exchange Servers *

Threat Actors Actively Exploiting a Command Injection Flaw in SonicWall's NSM On-Premises Products *

TPG Shutdown the Legacy TrustedCloud Service Post Data Breach *

Threat Actors Deploying Data Wiper Malware Disguised as Ransomware *

Checkbox Survey Patches Arbitrary Code Execution Flaw Being Exploited in the Wild *

Attackers Impersonating Devices via Newly Disclosed Bluetooth Bugs *

HPE Patches Critical Zero-day Flaw in Systems Insight Manager (SIM) *

Office 365 Bug Sending Exchange Online, Outlook Emails to Junk Folder *

Malware Attack Knocks out Siegfried Group’s Network *

Multiple Japanese Agencies Suffer Data Breaches in a Supply Chain Attack *

Hackers Sent Racist Registration Emails Pretending to be from Walmart *

Zeppelin Ransomware Back in Operation with an Updated Malware *

Apple Patches a Zero-day Flaw in TCC Framework *

Japan’s Omiai Dating App Data Breach; Over 2 Million Users Data Exposed *

VMware Patches Critical Remote Code Execution Flaw in vCenter *

CryptoCore Campaign Hacking Cryptocurrency Exchanges Globally *

Scheme Flooding Vulnerability Enables Hackers in Identifying Users *

Florida Water Treatment Plant Suffered a Cyber Incident Prior to the Poisoning Attack *

Ivanti Addresses a High-Severity Vulnerability in Pulse Connect Secure VPN *

Electronic Giant Bose Reports Data Breach Post Ransomware Attack *

Trend Micro Patches 3 Vulnerabilities in Home Network Security Devices *

Threat Actor Behind Infamous UPMC Breach Gets Verdict; Faces 7 Years in Prison *

Apple Patches 3 Zero-days Affecting macOS & tvOS Devices *

Microsoft Releases a Simulated Tool for Attack Scenarios *

23 Misconfigured Android Applications Leaking Users Personal Data *

Google Fixes Chrome Browser Crash on Windows 10 and Linux Platforms *

Google Patches Heap-based Buffer Overflow Vulnerability in Chrome *

CNA Financial Paid $40 Million Ransom to Evil Corporation *

FBI Warns Organizations about Conti Ransomware *

E-commerce Giant Mercari Suffers Massive Data Breach in Codecov Incident *

QNAP Warns Organizations about Qlocker Ransomware Impacting Vulnerable HBS Devices *

Stolen Dominos India Data Up for Sale on Dark Web *

Air India Hacked; 4.5 Million Passengers Information Leaked *

Android Releases Patches for 4 New Zero-day Vulnerabilities *

New Malware Campaign Delivers Fake Ransomware *

Slack Messaging Application Suffers Massive Outage *

Over 600,000 WordPress Sites Impacted by a Vulnerability in WP Statistics Plugin *

Magecart Hackers Deploying PHP-based Backdoor via Website Favicons *

New Banking Trojan Bizzaro Targeting European and South American Banks *

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks *

FBI Warns of a Spear Phishing Campaign Delivering Advanced Malware *

Student Insurance Provider Guard[.]me Suffers a Data Breach *

Insurance Giant AXA Hit by Ransomware Attack *

Threat Actors Deploying Lizar Malware under the Disguise of Ethical Hacking Tool *

APT36 Group Mimicking Legitimate Indian Military and Defense Organizations *

Monday[.]com Source Code Accessed by Codecov Hackers *

Toshiba's Subsidiary Unit Struck by DarkSide Ransomware Group *

Cisco Patches a Zero-day Bug in Cisco AnyConnect Client *

Rapid7 Source Code Accessed in Codecov Supply-chain Attack *

AMD Patches Two Flaws Bypassing AMD's SEV Protection System *

Snip3 Crypter Service Deploying Multiple RAT Variants *

Hackers Delivering Malware via Microsoft Build Engine Files *

Citrix Patches Vulnerability in Workspace Application for Windows *

New Cryptocurrency Phishing Scam Stealing Recovery Phrases via Twitter *

Colonial’s Pipeline Hack; $5 Million Ransom Paid *

QNAP warns of Zero-day Bug in Roon Servers *

Herff Jones Suffers Data Breach *

New Lorenz Ransomware Affecting Multiple Organizations Globally *

Brenntag Hack; $4.4 Million Ransom Paid *

DarkSide Ransomware Servers Seized Post-Colonial Pipeline Attack *

Lemon Duck Cryptominer Strikes Again *

Ireland’s Health Services Reports Ransomware Attack; $20 million Ransom Demanded *

Threat Actor Leaks Stolen Data Post D.C. Police Columbia Hack *

FBI and ACSC Warns of Avaddon Ransomware Attacks *

VideoLan Patches Auto-updater Bug in VLC Media Player *

Ransomware Attack on the City of Tulsa, USA *

All Wi-Fi Devices are Vulnerable to FragAttacks *

A New Qualcomm Vulnerability Impacting Android-based Mobile Devices *

Over 25% of Tor Exit Relays Spied on Users Dark Web Activities *

Google Patches 19 Bugs in Chrome 90.0.4430.212 *

Twitter's New Feature Tip Jar Exposing Sensitive Information *

Cuba Ransomware Partners With Hancitor for Spam-Fueled Attacks *

Law Firm Jones Day Hit by Data Breach *

Attackers are Exploiting Authoritative DNS Servers via TsuNAME DNS Bug *

NatWest Bank Scheduled Payments Bug May Cost Customers Money *

Russian Hackers Are Allegedly Exploiting 12 Vulnerabilities in the Wild *

New Stealthy Rootkit Targeting High-Profile Organizations *

Twilio & HashiCorp Reports Cyber Attacks Post Codecov Supply Chain Hack *

UNC2529 Threat Group Delivers Three New Malware Strains via Phishing Emails *

Six Unpatched Critical Flaws Detected in Remote Mouse Application *

Foxit Patches Remote Code Execution (RCE) Vulnerability in Foxit Reader *

Colonial Pipeline Suffers from Alleged Ransomware Attack *

Microsoft Edge Crashes while Playing YouTube *

Scammers Impersonate "SNL in Elon Musk" Show in a Cryptocurrency Scam *

VMware Patches Critical Flaw in vRealize Business for Cloud Virtual Appliance *

HP Enterprise Fixes Critical Bug In Edge Platform Tool *

New Windows Malware 'Pingback' Using ICMP for C2 Operations *

N3TW0RM Ransomware Targeting Israel-based Companies *

Alaska Court System Went Offline Amid Cyber Attack *

Critical 21Nails Exim bugs Affecting Vulnerable Linux Servers *

Network Solution and Register.com Reports DNS Outage *

Tesla Car Hacked Remotely using Drones *

Dell Fixes a 12-year-old Bug in DBUtil BIOS Driver *

Insight Global's Insider Threat Leaks COVID-19 Information *

Complexcodes is Selling Subscription based Commodity Malware "WeSteal" *

Chinese Attackers Hacked Russia's Largest Nuclear Submarine Designer *

A New Malspam Campaign Distributing Rust-based Buer Malware Variant *

Intel and AMD Chips are Vulnerable to Spectre Side-Channel Attacks *

Pulse Secure Addresses VPN Zero-Day Vulnerability *

LuckyMouse Targets Multiple Organizations via Sys-update Toolkit *

Critical IP Address Validation Vulnerability found in Python *

Mount Locker Ransomware Uses New Tricks to Evade Detection *

ISC Patches Several BIND Vulnerabilities in DNS Servers *

Researchers Expose a New Iranian State-Sponsored Ransomware Campaign *

SolarMarket RAT Uses Google SEO Tactics to Lure Victims *

First Horizon Bank Hacked; $1 Million Stolen *

2 iOS Zero-day Vulnerabilities fixed by Apple *

Chinese Hackers Attacking Military Organizations in South-East Asia *

Stealthy Backdoor Infecting Linux Systems *

FBI Shares 4 Million Emotet Botnet Stolen Email Addresses *

PHP Composer Bug Ends Up in a Widespread Supply-Chain Attacks *

Hotbit Cryptocurrency Exchange Down Post Cyberattack *

ParkMobile Stolen Customers Data Exposed Online *

Whistler Resort Municipality Suffers Ransomware Attack *

Microsoft Uncovered Critical Code Execution Bugs In IoT, OT Devices *

DigitalOcean Data Breach Exposes Customer Billing Information *

Brazil's Rio Grande Do Sul Court System Suffers Ransomware Attack *

Attackers are exploiting SonicWall Zero-day for Ransomware Attacks *

F5 Discloses KDC Spoofing Vulnerability in BIG-IP Consoles *

UnitingCare, Queensland Systems Taken Down *

UK Rail Network Merseyrail Hit by Lockbit Ransomware *

Google Patches Critical RCE Vulnerability in Chrome *

MangaDex Stolen Database Leaked Online *

NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability *

Guilderland Central Schools Hit With Malware Attack *

Apple iCloud Mail Server Outage *

Fake Microsoft DirectX 12 Deploying Crypto-Stealing Malware *

D.C. Police Columbia Hacked; Ransom Demanded *

Oilfield Services Giant Gyrodata Discloses Data Breach *

Microsoft Teams Suffers Outage *

Attackers Spreading FluBot Malware via Android Devices *

Prometei Botnet Operators Exploiting Obscure Microsoft Exchange Servers *

New Cryptomining Malware Turning Vulnerable Windows, Linux Devices into Bots *

Hacker Leaks 20 million BigBasket's Data for Free *

Critical RCE Bug Reported in Homebrew Package Manager *

Hackers Exploiting PulseSecure to Deploy SUPERNOVA Malware *

Qlocker Malware Encrypting QNAP Devices Using 7zip *

Twitter Mistakenly Sends Spam Emails *

ToxicEye Trojan Abusing Telegram to Steal Data *

PasswordState is Latest Victim of Supply Chain Attack *

WhatsApp Pink Malware Auto Replies to Skype, Signal and other Messengers *

Exchange Online Down; Microsoft 365 Outage Affects Email Delivery *

Pareto Android Botnet Attacks Smart TV Ads *

1.3 Million Windows RDP Servers Login Credentials found in Hacker Forum *

Multiple Vulnerabilities in Google Chrome Patched *

Microsoft Partially Fixes Windows 7 and Server 2008 R2 Vulnerability *

Attackers Infecting Google Play Store via Fake Applications *

Eversource Energy Reported Data Breach *

Attackers Actively Exploiting 4 Pulse Secure Vulnerabilities *

Attackers Target Multiple Networks in a Supply Chain Attack Post Codecov's Data Breach *

Revil Gang Attempted to Extort Apple via Alleged Quanta Hack *

Zero-day Vulnerabilities Patched in SonicWall Email Security *

Remote Code Execution Vulnerabilities Discovered in Cosori Smart Air Fryer *

Malvertising Campaign "Tag Barnakle" Compromised 120 Ad Servers *

Attackers Hacking Android Devices Remotely via WhatsApp Flaws *

Lazarus APT Using BMP Images to Distribute Trojan *

Geico Suffers Data Breach; Policyholders' Driver's License Numbers Stolen *

Researchers Found Campaign Mimicking Microsoft Store, Spotify Sites, and Chess Application *

WordPress Patches XXE Flaw in PHP 8 *

Domino's India Database Hacked; 10 Lakh Credit Card Details Leaked *

Critical Remote Code Execution Vulnerability in Juniper Devices Discovered *

Attackers Exploiting Critical Flaw in Facebook's Live Videos Feature *

Multiple Vulnerabilities Reported in EtherNet/IP Stack for Industrial Systems *

Malware Spreading via Xcode Projects; Infecting Apple's M1-based Macs *

Attackers Stealing Credentials via Operation "Overtrap" *

Fortinet Discloses a New FormBook Variant *

Hackers Gained Access via Vulnerable VPN Device in Capcom Ransomware Attack *

Critical Zero-day Vulnerability Found in Desktop Window Manager (DWM) *

Swinburne University, Australia Suffers Data Breach *

Twitter Suffering Worldwide Outage *

Google Released Chrome 90 *

Cyberattack on The University of Hertfordshire, UK *

Tata Communications Data Breached via Route Mobile *

Over 100 Million Devices Vulnerable to DNS Vulnerabilities *

Attackers Tampering Popular App Stores to Distribute Malicious Apps *

Researchers Disclosing Second Chrome Zero-day Exploit *

SAP Fixes Critical Flaws in SAP Commerce, NetWeaver & Business Client *

Spying Android RAT "BRATA" Strikes Back *

New Phishing Campaign Delivering Fake Antivirus Billing Notices *

Malware hidden in Fake Browserify NPM package *

Adobe Fixes 10 Vulnerabilities in Multiple Products *

QBot Operators Using QBot & IcedID Malware as Final Payload *

Malicious Facebook Ads Dropping Malware on Systems *

Bakker Logistiek Suffers Ransomware Attack *

Microsoft Office 365 Phishing Campaign Evades Detection with Malicious Javascript Code *

10 Malicious Applications in App Gallery Infected with Joker Malware *

Microsoft Patch Tuesday Security Advisory - April 2021 *

New Malware "Saint Bot" Snatching User Passwords *

IcedID Malware Delivered via Contact Forms *

Swarmshop Hacked; Over 600,000 Stolen Records Exposed *

Pharmaceutical Giant "Pierre Fabre" Suffers REvil Ransomware Attack *

Multiple Gigaset Android Smartphones are Infected with Malware *

New Android Malware Auto-spreads to Devices using WhatsApp Auto-replies *

Lazarus Hacking Group Strikes Back with Vyveva Backdoor *

Rockwell Automation Addresses 9 Critical Vulnerabilities in FactoryTalk AssetCentre *

VISA Warns of Increasing Web Skimming Attacks *

LinkedIn Data Breach; 500 Million Users Data Posted On Dark Web *

Unpatched Fortinet VPN devices are exploited by Cring Ransomware *

Cisco Patches Cisco SD-WAN vManage Software Vulnerabilities *

Chinese Hackers Attacks Government & Military of Vietnam *

A New Spear-Phishing Campaign Deploying Malware Using Voice Changing Software *

Attackers Targeting Firms Using new Banking Trojan "Janeleiro" *

Hackers Deploying 'more_eggs' Malware via Fake LinkedIn Job Offers *

European Commission and EU Organizations Suffer Cyber Attack *

Booking.com Fined $560,000 by DPA *

VMware Fixes Critical RCE Flaw in Carbon Black Cloud Workload *

Data of Over 279 "Only Fans" Accounts Posted Online *

TU Dublin and National College of Ireland Suffers from Ransomware Attack *

Attackers Actively Exploiting Unpatched SAP Applications *

Hackers Exploiting Windows OS "BITS" Component *

$38M Worth of Gift Cards Sold by Cybercriminal on Russian Hacking Forum *

Outlook "Cannot send this item" Error Patched by Microsoft *

Clop Ransomware Gang Leaks Multiple Universities Sensitive Data Online *

Attackers are targeting Japan Industries with Multiple Backdoors *

Fake jQuery Plugin Deploying Malware on Systems *

Electronics Manufacturer "Asteelflash" Suffers REvil Ransomware Attack *

Brown University Suffers Cyberattack *

US DOJ Warns of Fake Covid-19 Vaccine Survey Phishing Campaign *

FBI and CISA Warns of Exploits Against Unpatched Fortinet FortiOS Servers *

Threat Actors Attempt to Extort Ubiquiti Post Data Breach *

Researchers Report Spike in Ransom DDoS Attacks *

Bogus Pen-Test Company "SecuriElite" Targeting Security Professionals *

Facebook Data Breach; 533 Million Users Data Exposed *

Citrix Addresses Multiple Vulnerabilities in Hypervisor *

SolarWinds Patches Four Vulnerabilities in Orion Platform *

Attackers Hacked PHP's Git Server to add Backdoors *

Malicious “System Update” Android Malware is Compromising Devices *

German Parliament Members Targeted by Spear-Phishing Attack *

BazarCall Malware Infecting Systems via Malicious Phone Calls *

New 5G Security Flaw allows Denial-of Service Attacks & Data Access *

Campaigns Spotted Targeting Gamers via Malware hidden in Game Cheats and Mods *

Fat Face Discloses Data Breach; Pays $2 Million Ransom *

VMware Fixes Two Critical Flaws in vRealize Operations Manager *

Harris Federation Hit by Ransomware Attack *

Slack Disables New Feature Amid Security Related Concerns *

npm Fixes a Critical Networking Vulnerability in "netmask" Library *

OpenSSL fixes Two High Severity Vulnerabilities *

Microsoft Patches Windows 10 Secure Boot Vulnerability *

Weintek Patches Remote Code Execution Flaws in its Product Range *

Evil Corporation Employs Hades Ransomware to Evade Detection *

Two Critical Vulnerabilities Patched in a WordPress Plugin *

FBI Warns of Mamba Ransomware *

Mobikwik Data Breach; Over 5 Million Users Data Exposed *

Threat Actors Exploiting Critical Flaws in GE's Universal Relay Products *

Apple Patches Webkit Browser Engine's Zero-day Vulnerability *

Backblaze Reports Data Breach; 9,245 Users' Metadata Exposed *

New Cloudflare's Page Shield Feature notifies Malicious JavaScript Dependencies *

Purple Fox Operators are Targeting Vulnerable Windows Systems *

Two Dozen Malicious Chrome Extensions are distributing Malware Globally *

Microsoft Patches Privilege Elevation Flaw in PSExec *

Multiple Security Vulnerabilities discovered in Cisco Jabber *

Adobe Fixes Critical Vulnerability in ColdFusion *

CISA and FBI warn about Phishing Attack spreading TrickBot Malware *

Colorado & Miami Universities Suffers Data Breach due to Vulnerable Accellion FTA Servers *

High Availability Server Manufacturer Stratus Suffers Ransomware Attack *

Shell Suffers Data Breach due to usage of Vulnerable Accellion FTA Servers *

Attackers Exploiting Vulnerable Qualcomm Graphic Components on Android Devices *

CNA Insurance Firm Suffers Ransomware Attack; New Malware Family Used *

IoT maker "Sierra Wireless" Reports Ransomware Attack; Site Taken Offline *

Attackers are taking Control of Vulnerable Apache OFBiz ERP via RCE Vulnerability *

Phishing Campaigns Bypassing Secure Email Gateways *

Phishing Mails containing fake COVID-19 Relief Checks downloads Dridex Trojan *

Threat Actors Hacked Windows, iOS, Android Users via Zero-day Attacks *

Mirai Botnet Exploiting Critical Flaws in Network Security Devices *

MangaDex Taken Offline Post Cyberattack *

Black Kingdom Ransomware Exploits Zero-day Flaws in Microsoft Exchange Servers *

Road Ministry warns Multiple Indian Government Organizations post Cyber-Attack Threats *

Fake Telegram Desktop Application downloads AZORult Malware *

CISA releases CHIRP Tool for SolarWinds Malicious Activity Detection *

CopperStealer Malware is Hijacking Social Media Accounts *

DDoS-as-a-Service exploits Citrix Devices *

New Malware XcodeSpy Targets iOS & macOS Developers *

Acer Suffers Ransomware Attack; $50 million Ransom Demanded *

Zoom Screen-sharing Bug is exposing Sensitive Data to Unauthorized Users *

Post Microsoft Outage files are missing from SharePoint *

Phishing Campaign Targets US Taxpayers *

Pysa Ransomware is Targeting US & UK Educational Institutions *

Twitter Image can be abused to hide Malicious Files *

Hackers Exfiltrating Stolen Data via JPG Files *

Mimecast Says SolarWinds Hackers Accessed Some Source Code *

Ransomware Attack on Pune District Smart City Costs Project Operators 50 Million Dollars *

RTM & Quoter Ransomware are Targeting Russian Finance and Transport Organizations *

A Time Zone Bug Crashing iOS Clock Application *

Microsoft Releases Mitigation Tool for Exchange Servers Affected in ProxyLogon Hack *

WeLeakInfo Hacker Site Hacked *

Phishing Domains can now Detect Virtual Machines using JavaScript *

Blender Software Developer Reports Cyber Attack *

Researchers Discovered Nim based Malware Exploiting Devices *

Microsoft Suffers Outage; Multiple Services Affected *

Metamorfo Banking Trojan abuses AutoHotKey to steal User Information *

Threat Actors Exploiting Avira Antivirus to Deliver Banking Trojans via DLL Side Loading Attack *

New ZHtrap Botnet Malware is turning Infected Targets to Honeypots *

Three Privilege Escalation Vulnerabilities fixed in Linux Kernel *

Threat Actors Exploiting Linux based Systems with new RedXOR Malware *

A New Zero-day WordPress Vulnerability enables Site Takeover *

Google Patches Zero-day Vulnerability in Chrome *

Mozilla Addresses Linux Crashes, Apple Silicon Hangs in Firefox 86.0.1 *

Molson Coors Reports an Outage *

Windows 10 Emergency Updates fixes Printing Crashes *

Researchers Disclose New and Powerful Version of BADHATCH PoS Malware *

Spanish Government Labor Agency Suffers Ransomware Attack *

New DEARCRY Ransomware Exploiting Vulnerable Microsoft Exchange Servers *

OVH Data Center Reported Massive Outage *

Second Cyber Attack on Norway's Parliament *

Maryland Attorney Seizes 5th Domain Used in COVID-19 Vaccine Phishing Attacks *

Hackers Accessed Verkada's Live Surveillance Cameras *

iPhone Call Recorder App Exposes People's Conversations *

F5 BIG-IP issued patches for Critical Remote Code Execution Vulnerabilities *

Microsoft Discloses 3 New Malware Strains in SolarWinds Hack *

Microsoft Patch Tuesday Security Advisory - March 2021 *

GitHub Users were forcibly Signed out to patch a Security Bug *

9 Android Application on Google Play Store found to be distributing Malware Dropper *

Researchers Disclose Side-Channel Attacks on Vulnerable Intel CPUs *

Global Aviation Industry Tech Supplier "SITA" Suffers Massive Data Breach *

Apple Addresses Remote Code Execution Vulnerability in WebKit *

Adobe Patches Flaws in Creative Cloud, Connect & Frame-maker *

Researchers Disclose New Tor based Malware "gafgyt" *

New Sarbloh Ransomware Encrypting Victim Files through Political Agenda *

Flagster Bank Suffers Data Breach due to usage of Vulnerable Accellion FTA Servers *

Google Chrome Blocks Port 554 as a Counter to NAT Slipstreaming Attacks *

European Banking Authorities Exchange Servers Hacked *

Microsoft Themed Phishing Attack Stealing User Credentials *

Over 15 Schools in UK Suffered Cyberattack *

Multiple Cisco Products Exposed to DoS Attack due to Snort Vulnerability *

Microsoft Releases a Tool for ProxyLogon Security Verification on Exchange Servers *

Microsoft Outlook Breached; Over 20,000 Organisations Affected Globally *

Supermicro, Pulse Secure Patches Vulnerabilities in BIOS & UEFI Products *

Attackers Hiding ObliqueRAT Trojan in Image Files via Steganography *

GRUB2 Patches Multiple High Severity Vulnerabilities in Boot Loader *

Over 6,700 VMware Servers Exposed post Exploit Code Release *

Hackers Deploying Malware on Compromised Websites via SEO Techniques *

Over 100 Italian Banks Targeted via Ursnif Trojan *

VMware Patches Remote Code Execution Vulnerability in View Planner *

Attackers Targeting Investors via BEC Campaigns *

CompuCom Suffers Malware Attack Leading to Service Outage *

Botnet Campaigns Abusing Bitcoin Blockchains & Deploying Skidmap Malware *

AOL Phishing Campaign Reported Stealing User Credentials *

Researchers Disocvered DoS Vulnerability in Eclipse Jetty *

Qualys Suffered Data Breach due to Zero-day Vulnerability in Accellion FTA Server *

PrismHR Suffers Massive Outage *

Malaysia Airlines Discloses a Data Breach *

Chinese Cybercriminals Exploiting 4 Zero-day Vulnerabilities in Microsoft Exchange *

Universal Health Services lost $67 Million by Ryuk Ransomware Attack *

Google Patches Zero-day Vulnerability in Chrome *

Dependency Confusion Vulnerability Exploited to steal Linux/Unix Password Files *

Ransomware Attack on Aviation Giant Bombardier *

Dutch e-Ticketing Platform Ticketcounter Suffers Data Breach *

Chinese Hackers Targeting Indian Power Grids & Seaports *

World's Leading Dairy Products Group Lactalis Hit by Cyber Attack *

Drive Corruption Vulnerability in Windows 10 *

LazyScripter Actors Target Airlines with Remote Access Trojans *

New Variant of Ryuk Ransomware Observed Self-propagating in Local Network *

Cisco Patches Critical Severity Authentication Bypass Vulnerability in Cisco ACI MSO *

Sequoia Capital Suffers Data Breach post a Failed BEC Attack *

FriarFox Browser Extension Targeting Tibetan Organizations *

Windows 10 BSOD Issues Resolved via Intel Wireless Driver Updates *

Online Dating Application Gaper Vulnerable to Multiple Critical Zero-day Flaws *

US Federal Reserve Suffers Massive Outage Nationwide *

Researchers Discloses Potential Code Injection Flaw in NodeJS Library "systeminformation" *

TD Bank Recovering from Systemwide Banking Outage *

XBOX Live Suffers Global Outage *

Accellion Vulnerability Exposes Pharmacy & Employee Data in Kroger Data Breach *

Keybase Patches a Bug that Exposes Deleted Sensitive Media to Attackers *

Threat Actors Deploying New Variants of MINEBRIDGE RAT via Word Documents *

Powerhouse Management Suffers from Large Scale DDoS Attacks *

WACUP Patches Several Bugs in Winamp Media Player *

Over 8 Million COVID-19 Test Results Leaked *

TietoEVRY IT Services Suffers Ransomware Attack *

Microsoft Begins Windows 10 21H1 Beta Testing *

VMware Patches Critical RCE Bug in vCenter *

Python Software Foundation Addresses Two Vulnerabilities *

US Shares Information on AppleJeus Malware *

LinkedIn Suffers Global Outage for Two Hours *

Fake Adobe Flashplayer Update Installs Adware Bundle *

Brave Browser's "Tor Mode" Leaks Onion Queries in DNS Traffic *

Certification Giant Underwriters Laboratories (UL) Suffers from Ransomware Attack *

Magecart Hackers Stealing Credit Card Information via Google Apps Script *

Attackers Targeting Apple's M1 Chip via Malicious Adware Extension *

Cuba Ransomware Triggers Data Breaches In US Cities & Agencies *

Dutch Research Council (NWO) Suffered Cyberattack *

RIPE NCC Suffers Credential Stuffing Attack *

OpenSSL Project Releases A New Patch For Three New Vulnerabilities *

VMware Patches Vulnerability in vSphere Replication Software *

Windows 10 Secure Boot Patch Exposes BitLocker Recovery Key *

Kia Motors USA Suffers Massive IT Outage *

EMSISOFT Exposes Internal Log Data Generated by their Test Products *

EXMO Cryptocurrency Exchange Suffers DDoS Attack *

Researchers Discloses Unpatched Vulnerabilities in SHAREit for Android OS *

Yandex Insider Threat Compromises 4887 Customer Accounts *

Telegram's "Super-Secret" Feature Exposes Self-Destructing Media Files to Attackers *

Siemens Patches Multiple Vulnerabilities in Virtualization Software *

PayPal Patches XSS Vulnerability in Currency Converter Feature *

Over 30 Mobile Health Apps Exposing Records of Millions of Users *

Fortinet Patches Multiple Vulnerabilities In SSL, VPN & Web Firewall Products *

Critical XSS Vulnerabilities Fixed In WordPress Plugin "NextGen Gallery" *

Windows Kernel Escalation of Privilege Zero Day Bug is Fixed in Microsoft Patch Tuesday *

CISA Warns of High-Severity Vulnerabilities in Fuji Electric Products *

Researchers Discloses Multiple Vulnerabilities in YouPHPTube and AVideo *

Dairy Farm Suffers REvil Ransomware Attack *

C-Level Executives Targeted via Phishing Attack *

Over 3 Million Cook County Court's Sensitive Data Records Exposed *

Mozilla Enhances Firefox Security Against Super Cookies & Disables Adobe Flash Support *

Microsoft Azure Function Vulnerable to Privileges Escalation & Docker Escape *

Apple Patched iOS, iPadOS & tvOS Multiple Vulnerabilities *

Law Enforcement Agencies around the Globe takes Down Emotet Ransomware Gang *

Oscorp - Credential Stealing Android Malware *

Lebanese Cedar APT Targeted Telecoms, Hosting, ISPs Worldwide *

North Korean Hackers Attacking Security Researchers *

Cisco Discloses Multiple Vulnerabilities in Small Business Routers *

Researchers Discloses Critical Vulnerabilities in F5 BIG-IP Products *

Well-known Religious Services "The Temple" Suffers a DoS Attack *

Linux Systems Under Attack via FreakOut Malware *

QNAP Warns Users of Dovecat Crypto Miner Malware *

Microsoft Discloses Methods used by SolarWinds Hacker Group to Avoid Detection *

1.9 Million Pixlr Users Stolen Data Available on Free Forums *

Adult Social Media Platform Fleek Leaking Users Explicit Data *

4.1 Million AnyVan Users Data Compromised via Data Breach *

VLC Media Player Patches Several Remote Code Execution Vulnerabilities *

Cisco Fixes PreAuth Remote Code Execution Vulnerabilities *

Crypto Exchange LiveCoin Shutting Down Post Cyber Attack *

Microsoft Enabling Full Automation Support for Microsoft Defender AV *

Cisco Fixes Windows DLL Injection Vulnerability in Cisco AnyConnect Secure Mobility Client *

Raindrop Malware Observed in SolarWinds Hack *

FireEye Releases Tool to Detect SolarWinds Hack Techniques *

SolarWinds Malware "Raindrop" Hiding in Modified 7Zip Source Code *

Oracle Releases Quarterly Critical Patches *

Multiple Twitter Accounts Hacked in "Elon Musk" Crypto Scam *

Malwarebytes Breached by SolarWinds Threat Actors *

Apple Removes Vulnerable MacOS Features in MacOS 11.2 Beta 2 *

Cybercriminals Blunder Exposes Stolen Credentials in Plain Sight *

Threat Actors Bypassing Two-Factor Authentication for Several Cloud Services Accounts *

Microsoft Patches Zero Day Vulnerability in Defender Antivirus *

Google Bans 164 Offending Android Applications from Play Store *

Mozilla Releases Security Updates for Thunderbird *

Scammers Blackmailing Coinmama Users via Porn Backlinks *

Windows 10 Bug Corrupts Hard Drive via Single Line Command *

NSA Urges Organizations Not to Use Third Party DNS Resolvers *

Bitdefender Releasing Free Decryptor for DarkSide Ransomware Victims *

Scottish Environment Protection Agency (SEPA) Suffering Conti Ransomware Attack *

Microsoft Announces Windows Zerologon Flaw ‘Enforcement Mode’ *

Threat Actors Compromising Mimecast's SSL Certificates *

Researchers Exposes United Nations Data Breach *

Linux Mint OS Patches ScreenSaver Bypass Vulnerability *

UK's Nohow International Cloud Data Breached *

Threat Actors Exploiting Windows "Finger Command" via Phishing Campaign *

Large Scale Data Breaches Targeting Russian Federation in Year 2020 *

Over 390,000 Users Data Compromised in Capcom Data Breach *

DoS Vulnerability in RockWell Automation RSLinx Classic Software *

Breached COVID-19 Vaccine Data Leaked Online via Hacker Forums *

Fake Trump Scandal Video Distributing QNode Malware *

SolarWinds Threat Actors Accessing Department of Justice's Email Servers *

FBI Warns Organizations on Egregor Ransomware *

Pysa Ransomware Hits Hackney Council & Leaked Data Up for Sale *

FIN7 Hacking Group Leveraging JSSLoader Malware *

Indian Government Websites Leaking COVID-19 Patient's Test Results *

Earth Wendigo Campaign Exfiltrating Emails via JavaScript Backdoor *

British Airways Plans £3bn Breach Settlement *

North Korean Hacking Group Supply Chain Attack Targeting Stock Investors *

Multiple Vulnerabilities in Fortinet FortiWeb WAF Leading to Arbitrary Code Execution *

Phone and Email Scammers Impersonating as ACSC *

Ransomware Attack Knocks Out Funke Media Group *

ElectroRAT Malware Drains Funds from 6,500 Digital Wallets *

Lake Regional Healthcare Suffers Ransomware Attack *

NameSouth's Data Breached by NetWalker Ransomware Group *

Sabre Corporation's 2017 Data Breach LawSuit Verdict *

Microsoft’s Windows Core Polaris Leaked Online *

10,000 American Express Credit Card Holder's Data Breached *

Vodafone's ho. Mobile Suffers Data Breach Impacting 2.5m User Records *

Hackers Launch Swatting Attacks by Exploiting Smart Home Devices *

SolarWinds Supply Chain Attack Led Hackers Access to Microsoft Source Code *

Secret Backdoor Account Detected in Several Zyxel Firewall & VPN Products *

CISA Releases Sparrow.ps1 Tool for Azure/M365 *

Japanese Aerospace Firm Kawasaki Warns of Data Breach *

Japanese Game Developer Koei Tecmo Suffers Data Breach *

FreePBX Developer Sangoma Technologies Hit by Conti Ransomware *

Authentication Bypass Vulnerability in SolarWinds Orion API *

Whirlpool Hit by Nefilim Ransomware Attack *

Adobe Flash Player Reaches End-Of-Life (EOL) *

Phishing Campaign Using Chase Banking Security Notice Emails *

Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability *

Smart Doorbell Devices Easily targeted by Hackers *

Cybercriminal's Bulletproof VPN Service Shuts Down *

Authentication Bypass Vulnerability in Bouncy Castle *

Chinese APT Group Operation StealthyTrident *

Critical Security Vulnerabilities Reported in Dell Wyse Thin Clients *

Ransomware Threat Actors Using 'SystemBC' Malware as Backdoor *

QNAP Fixes High Severity Vulnerabilities in NAS Devices *

CrowdStrike Launches Reporting Tool to Audit Azure AD Permissions *

Chinese Mobile Giant Xiaomi Recording Millions of Users Private Web & Phone Usage *

Al Jazeera Journalists Targeted via Pegasus Spyware *

VMware Vulnerability Exploited in SolarWinds Supply Chain Attack *

Credential Stealer Malware Targeting Financial Institutions *

Clop Ransomware Attack Detected on Symrise *

Microsoft Defender Blocking Known Malicious SolarWinds Binaries *

Mozilla Releases Security Fixes for Multiple Security Vulnerabilities *

Sextortion Campaign Targeting iOS, Android Users via Goontact Spyware *

New Windows Trojan Steals Browser Credentials, Outlook Files *

5G Network Architecture Multiple Vulnerabilities Discovered *

Contact Form 7 WordPress Plugin Emergency Patch Released *

MoleRats APT Variant Stealing Sensitive Data *

Unauthenticated Command Injection Flaw Exposes D-Link VPN Routers to Attacks *

Iranian Rana Android Malware Snooping on Instant Messenging Platforms *

Samsung Fixes Critical Android Bugs *

Adobe Releases Security Updates *

COVID-19 Vaccine Data Leaked *

Ransomware Attack on Netgain Technologies *

70 Lakh Indian Cardholders Data Leaked on Dark Web *

FireEye's Red Team Security Testing and Assessment Tools Stolen by State-Sponsored Hackers *

Microsoft Patch Tuesday Security Advisory - December 2020 *

Ransomware Attack on Television Production Company - Banijay Group SAS *

Maze Ransomware Attack on Canon *

DeathStalker APT Group Offers Hack For Hire Service *

Security Researchers Accidentally Discovers Windows Zero-Day *

Bandook Malware Targeting Multiple Sectors *

Windows 10 20H2 Update Fixes Broken In-Place Upgrade Feature *

Microsoft Office Products Non-Security Updates November 2020 *

Advanced Persistent Threat Attack Targeting U.S. Think Tank *

Huntsville City Schools District Shut Down by Ransomware Attack *

Ryuk Ransomware Attacks K12 Online School Platform *

Malicious npm Packages Installing Remote Access Trojans *

IoT Chip Maker Advantech Hit by Conti Ransomware *

Gootkit Malware Returns with REvil Ransomware *

New CursedGrabber Malware *

Delaware County Hit by DoppelPaymer Ransomware Attack *

Hackers Targeting COVID Vaccine Maker AstraZeneca *

Data Breach Attack on Peatix Events Management Organization Inbox *

LidarPhone Attack Converts Smart Vacuums into Microphones *

Mercy Iowa City Hospital Data Breach *

Over 300K Spotify Accounts Hacked *

Industrial Control System Vendors Warn of Critical Bugs *

Cisco Webex Ghost Flaw *

Chinese Sponsored Cyber Criminal Group Attacking Japan-Linked Organizations *

Cisco Webex Meetings API Cross-Site Scripting Vulnerability *

Mozilla Released Firefox 83 *

Unprotected Database Exposed a Scam Targeting 100K+ Facebook Accounts *

Mount Locker Ransomware Targeting TurboTax files *

Chinese APT Group FunnyDream *

Supply-Chain Attack Distributing Malware in South Korea *

APT 'Hackers For Hire' Target Financial, Entertainment Firms *

Multiple Vulnerabilities in Cisco Security Manager Software *

New Phishing Campaign Delivering Jupyter Malware *

Image Inversion Technique to Bypass Office 365 *

Critical Vulnerabilities Discovered in World's Largest Android TV Manufacturer *

E-Shops Running Vulnerable Version of Magento *

Source Code of Cobalt Strike Toolkit Shared Online *

Critical Remote Code Execution Vulnerability in Oracle WebLogic Server *

Animal Jam Kids Virtual Playground Suffered Data Breach *

Security Vulnerabilities in Unity Orchestrator SD-WAN *

High Severity Security Vulnerability in Cisco’s IOS XR Software *

Chrome Zero-day Vulnerabilities *

Australian Government Warns Healthcare Sector against Ransomware Attack *

Mozilla Releases Security Updates *

xHunt Hackers Attacking Exchange Servers *

Ransomware Attack on Blackbaud Cloud Software Provider *

Ransomware Hits E-Commerce Software Platform X-Cart *

Ubuntu GNOME Display Manager Vulnerability allows Root Access *

Ransomware Attack on Australian Media Monitoring Company *

Scammers Impersonating IRS for Payment Fraud *

Adobe Releases Security Updates *

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug *

Microsoft Teams ‘Fake Updates’ Malware Campaign *

Critical Security Updates for Multiple Intel Products *

Ghimob Banking Trojan *

Ransomware Attack on Italian Liquor Brand - Campari *

Microsoft Patch Tuesday - November 2020 *

Pay2Key Ransomware *

True Social Network App Exposed *

Critical Security Flaws in SaltStack IT Infra Management Solution *

Phishing Attacks on Russian Industrial Enterprises *

Cisco AnyConnect Arbitrary Code Execution Vulnerability *

Multiple Vulnerabilities in Google Android OS *

Multiple Vulnerabilities in Adobe *

Folksam Data Breach *

Bigbasket Suffers Data Breach - Data of 2 Crore Users Now On Sale In Dark Web *

Apple Fixes Three iOS Zero-Days *

Capcom Hit by Ragnar Locker Ransomware *

Dridex Botnet Stealing Banking Credentials *

VMware Multiple Security Updates *

Second Hand USB Drives Expose Sensitive Information of Previous Owners *

New Google Drive Phishing Campaign *

Cyberattack on Vermont Health Network *

Alibaba's Online Store RedMart Suffers Data Breach *

Bank Phone Numbers are being Spoofed to Rob Victims *

Windows Zero-Day Exploit Publicly Disclosed *

Nitro Software Massive Data Breach *

Cryptocurrency Service 'Harvest Finance' Hacked - $24 Million Stolen *

New Delivery Method of Emotet has been discovered *

Cyberattacks Hit Schools & Colleges *

Patients in Finland Blackmailed *

KashmirBlack Botnet *

Multiple Vulnerabilities in Fujitsu M12 Servers *

IT Service Provider Sopra Steria Hit by Ryuk Ransomware *

High Severity NVIDIA GeForce Experience Vulnerabilities Patched *

SQL Injection Vulnerability in Rapid7 Nexpose *

Information Disclosure Vulnerability in Linux Kernel *

Multiple Security Vulnerabilities Identified in WAGO’s Cloud Connectivity Controllers *

Browser Locker Scam Campaigns *

VMware Multiple Security Updates *

Zero-Click Vulnerabilities Identified in the Linux Bluetooth Software Stack *

Browser Address Bar Spoofing Vulnerabilities in Multiple Mobile Browsers *

Multiple Vulnerabilities in HP's Intelligent Management Center (IMC) Software *

High Severity Router Vulnerability in Cisco IOS XR Software *

Google Chrome Browser Multiple Security Updates *

GravityRAT *

Rise in QR Code Related Scams *

Latest Release of Chrome and Edge Generating Random Log Files *

Multiple Vulnerabilities in Magento CMS *

Multiple Vulnerabilities in SonicWALL Sonic OS *

Multiple Vulnerabilities in F2FS Toolset *

Juniper Networks Releases Security Updates *

Silent Librarian APT *

Clips from Exposed Home Security Cameras Posted Online *

Microsoft Disrupts TrickBot Malware Network *

Double Extortion Ransomware Attack on Software AG *

Denial-of-Service Vulnerabilities in Allen-Bradley Flex I/O System *

Adobe Flash Player Application Critical Patch Update *

Microsoft Patch Tuesday - October 2020 *

Microsoft Patches Critical Remote Code Execution Vulnerabilities *

Information Disclosure Vulnerability in Apache Tomcat *

Fitbit Spyware Watch Face *

MontysThree Malware Used In Targeted Industrial Espionage Attacks *

Critical Flaws Found In QNAP Helpdesk Leading To Device Takeover *

New Cryptojacking Variant : Black-T *

Vulnerability in Apple's T2 Mac Security Chips *

Google Releases Patches for 50 Android System's Vulnerabilities *

Trump's Health Email phishing Campaign Delivering BazarLoader Trojan *

Cisco Patches Multiple Vulnerabilities *

BAHAMUT : Hack For Hire Service *

Flaws In Top Antivirus Softwares Leading to Privilege Escalation *

Facebook Disables Chinese-Sponsored SilentFade Malware Campaign *

HEH Botnet *

APT Attack Injects Malware into Windows Error Reporting *

COVID-19 Clinical Trial Hit by Ransomware *

Multiple Vulnerabilities in Google Chrome Web Browser *

Iranian hackers are exploiting the Zerologon vulnerability *

Indian State Government Massive Data Breach *

MosaicRegressor Malware Framework UEFI Firmware Bootkit *

DDoS Attacks by Ransomware Attacker Groups *

XDSpy APT Group *

Backdoors in Microsoft 365 & Azure Active Directory using AADInternals PowerShell Module *

Raccine Ransomware Vaccine *

Microsoft Office 365 OAuth Access Token Phishing *

Egregor Ransomware *

InterPlanetary Storm Botnet Infects 13K Mac and Android Devices *

Multiple Security Vulnerabilities in Wireshark Packet Analyzer *

Palmerworm Espionage Campaign *

Swatch Shuts Down IT Systems to Stop Cyberattack *

Operation Sidecopy Launches Attack on Defense Forces in India *

Microsoft Removed 18 Azure AD Applications *

Microsoft Windows XP Source Code Leaked Online *

Multiple Vulnerabilities in Apple Products *

247K Microsoft Exchange Servers Vulnerable for RCE *

A Bug in Windows Server 2016 *

Magento Credit Card Stealing Malware *

Federal Agency Hit by Cyber Attack *

Chalubo DDoS Botnet Targeting Unsecured SSH Servers *

UHS hospitals Hit By Ransomware Attack *

Phishing Campaign stating End of Support for Windows 7 *

Microsoft Office 365 Outage Reported in USA & Australia *

Joker Trojan *

Taurus Malicious Ad Campaign *

Cisco Patches Multiple Security Bugs *

APT-C-43 Steals Military Secrets *

Microsoft Outlook Squatting Campaign *

MoDi RAT *

Heap Buffer Overflow Vulnerability in Instagram *

Mozilla Firefox 81 Released *

Automated MEOW Attack *

RansomExx Ransomware Attack on Tyler Technologies *

Phishing Campaign Targets AT&T Global Employees *

TinyCryptor Ransomware *

Multiple Security Vulnerabilities in Google Chrome Web Browser *

Mozilla Bug - Hijacking Firefox Android Browsers *

Maze Attackers adopt Ragnar Locker VM technique *

Chinese Hackers Targeting U.S. Agencies *

Multiple Vulnerabilities in Apple Safari *

ZShlayer Malware *

APT41 Chinese Hacking Group *

Phishing Scam using Security Awareness Training Emails *

MrbMiner Malware *

MFA Bypass Vulnerability in Microsoft 365 *

Prometei Multi-Modular Botnet *

Emotet Malware New Spamming Campaign *

Lemon Duck Cryptominer *

Qakbot malware *

Trojan Glupteba

Researchers Disclose Critical RCE Flaw in vm2 Sandbox Library

Publish Date: 2023-04-09

Description

The vm2 JavaScript sandbox module maintainers have released a patch to address a severe bug that affects all versions, including and prior to 3.9.14, and could be exploited to breach security boundaries and execute arbitrary shellcode. vm2 is a popular Node.js tool for running untrusted programs in an isolated environment. It is utilized in 721 packages and generates approximately four million weekly downloads. The vulnerability, CVE-2023-29017, has a CVSS score of 9.8 and does not correctly handle errors that occur in asynchronous operations. The release of the fix comes nearly six months after vm2 patched a further significant vulnerability (CVE-2022-36067, CVSS score: 10) that could have been used to perform arbitrary activities on the underlying machine.

CVE-IDs
CVE-2023-29017

Affected Platform(s) / Version(s)
vm2 version 3.9.14 and Prior

Distribution Method
NA

Attack Type
Remote Code Execution Attack

Attack Source
Vulnerable and Outdated vm2 Versions

Region
Global

Affected Business(s)
Software Sector

Recommendations
- Security administrators are recommended to apply the patched version 3.9.15 of vm2 on vulnerable devices at the earliest possible post testing.
- Security administrators are recommended to make sure that all applications, databases, servers, and network devices are periodically hardened and adequately configured.
- Organizations should conduct a periodic security assessment, hardening, and architecture review of critical assets exposed over the Internet.
- Keep AV signatures, operating systems, and third-party applications up to date on all systems, mobile devices, and servers.

References
- https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
- https://thehackernews.com/2023/04/researchers-discover-critical-remote.html

Nintendo Confirms Employee Data Exposure Following TinyPulse Cyberattack

Nintendo of America has confirmed that a recent security incident involved TinyPulse, a third party employee feedback platform used for internal workplace surveys. The company stat...

Published Date: 2026-06-19

Attackers Could Abuse SQL Server 2025 AI Features for Data Exfiltration

Researchers have highlighted a security concern involving AI-enabled capabilities in Microsoft SQL Server 2025. The issue is not a traditional software flaw but a potential abuse o...

Published Date: 2026-06-19

UEFI Secure Boot Trust Model Weakness Exposes Systems to Pre-Boot Compromise

A recently disclosed firmware security concern has drawn attention to a lesser-known weakness in modern Secure Boot ecosystems. The issue affects several trusted UEFI components di...

Published Date: 2026-06-19

Back

Home