New Miasma Malware Wave Targets Developer Workflows Through npm Packages and CICD Systems *

Amazon Q Developer Workspace Trust Vulnerability (CVE-2026-12957) Enables Arbitrary Code Execution via Malicious MCP Configurations *

Microsoft Warns of Photo ZIP Phishing Campaign Delivering Node.js Malware to Hotels *

DirtyClone Linux Kernel Flaw Enables Local Privilege Escalation *

Critical Linux Kernel Flaw Enables Root Access Through Cached Binary Poisoning *

OpenAI Reportedly Adopts Controlled GPT-5.6 Rollout Amid U.S. Security Review *

CISA Adds Cisco Unified CM Vulnerabilities to Known Exploited Vulnerabilities (KEV) Catalog *

KuinaExtractor Rust-Based Infostealer Rebrands as k0to with Advanced Stealth Capabilities *

CL-STA-1062 Deploys TinyRCT Backdoor in Southeast Asia Targeting Government and Energy Sectors *

LoaderClient Malware Campaign Exploits Malicious Minecraft Mods to Deploy WeedHack Stealer *

Advanced AWS Phishing Kit Bypasses MFA with Real-Time Credential Theft *

LokiBot Malware Uses API Hashing to Evade Detection and Steal Credentials *

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability *

Critical AD360 Authentication Flaw Enables Unauthorized Account Access *

New Gaslight macOS Malware Uses Prompt Injection to Mislead AI Analysis Tools *

Android Malware Campaign Uses Trojanized Document Reader App to Deploy Anatsa Banking Malware Payload *

Microsoft Teams Phishing Campaign Delivers Legitimately Signed Remote Access Tool *

Malicious Microsoft Edge Extension Enables Full Endpoint Compromise *

ModeloRAT and Mistic Backdoor Linked to Initial Access Broker Operations Supporting Ransomware Attacks *

Fake Document Reader App Used to Deploy SpyNote Android Malware *

Tata Electronics Confirms Cyberattack Amid Alleged Data Leak *

In-Browser Data Inspection Enhances Detection and Analysis of Phishing Attack Activity *

Bajaj Auto Confirms Ransomware Attack Impacting Internal IT Infrastructure *

Dropping Elephant Targets Organizations with China-Themed Lures and In-Memory Malware *

Eight-Year-Old Security Flaw Discovered in Samsung KNOX Framework *

Dify and Tap Flaws Expose AI Application Data and Backend Services *

LG and Samsung Smart TV Apps Exposed for Monetizing User IP Addresses Through Proxy SDKs *

WhatsApp Malware Campaign Uses Fake Documents to Install ManageEngine RMM *

Cordyceps Supply Chain Vulnerability Exposes Organizations to Widespread Risk *

OpenAI Leverages GPT-5.5-Cyber to Support Proactive Vulnerability Mitigation *

Researchers Uncover WhatsApp-Based Malware Campaign *

Critical Vulnerability in libssh2 Allows Remote Code Execution Through Malicious SSH Packets *

FBI Warns Cybercriminals Exploiting TDS Infrastructure for Phishing, Malware, Ransomware *

PixelSmash FFmpeg Vulnerability (CVE-2026-35033) Enables Remote Code Execution via Malicious Video Files *

FlutterShell Malware Uses Flutter Framework to Evade Traditional macOS Detection *

Malicious npm Package Impersonates PostCSS Utility to Deploy Multi-Stage Windows RAT via PowerShell Payload *

Klue Supply Chain Attack Impacts Cybersecurity Firms *

Windows RAT Uses Encrypted HTTP C2 Communications to Evade Detection *

OXLOADER Malware Campaign Exploits Search Engine Ads to Infect Users *

Threat Actors Deploy FortigateSniffer Malware to Harvest Credentials from Compromised FortiGate Firewalls *

Critical Squidbleed Vulnerability in Squid Proxy Enables Sensitive Data Exposure *

Malicious GST Debit Note Phishing Campaign Deploying Remcos RAT *

Attackers Exploit Outlook Groups and Calendar Reminders to Increase Phishing Success Rates *

ClawHub Scope Squatting Campaign Distributes Malicious npm Packages *

Microsoft 365 Sensitivity Labels Prevent AI Content Analysis in Office Applications *

Steganographic Loader Deploys Remcos RAT Through Hidden Malware Delivery *

QNAP Patches 14 Critical Vulnerabilities Across NAS and Surveillance Platforms *

Malicious GitHub Repository Network Delivers Trojanized Files Through 10,000 Fake Projects *

SQL Injection Security Vulnerability Discovered in Apache Doris *

North Korean Sapphire Sleet Targets Developers Through Malicious npm Supply Chain Attack *

Prinz Eugen Ransomware Prioritizes Recently Modified Files to Maximize Business Disruption *

Canada’s First Court-Approved CSIS Botnet Takedown Against Foreign IoT Router Networks *

Thousands of D-Link Routers Worldwide Infected by AryStinger Botnet *

Beats Studio Buds Vulnerability Could Expose Audio During Bluetooth Pairing *

GentleKiller Ransomware Employs BYOVD to Neutralize Endpoint Security Solutions *

FortiBleed Attack Exploits Fortinet Devices for Large-Scale Credential Harvesting *

Critical Chrome Extension Vulnerabilities Expose Millions of Users *

Security Analysis of AutoJack in Microsoft AutoGen Studio *

CISA Adds Actively Exploited LiteSpeed cPanel Plugin Vulnerability to KEV Catalog *

Over 1 Million WordPress Sites at Risk Due to Critical Avada Builder File Deletion Vulnerability *

New Crypto Clipper Malware Exploits Windows Script Host and ActiveXObject for Remote Code Execution *

Gentlemen Ransomware Uses EDR-Killer Tools to Disable Security Defenses *

Nintendo Confirms Employee Data Exposure Following TinyPulse Cyberattack *

Attackers Could Abuse SQL Server 2025 AI Features for Data Exfiltration *

UEFI Secure Boot Trust Model Weakness Exposes Systems to Pre-Boot Compromise *

SmartApeSG Abuses Okendo Component in Large-Scale E-Commerce Attack *

Node.js Patches Dozen Security Flaws Including DoS and Authentication Bypass Issues *

IBM X-Force Maps the Shared Ecosystem Behind Interlock and Rhysida *

HazyBeacon Malware Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations *

Showboat malware Linux framework evades detection using Pastebin code targeting telecoms *

Attackers Exploit Fake Software Updates to Compromise macOS Systems *

F5 Patches Critical NGINX Vulnerability Enabling Remote Code Execution and Denial-of-Service Attacks *

Cisco Warns of Severe ISE Vulnerabilities Affecting Network Access Control Systems *

Klue Integration Abused to Exfiltrate Salesforce Data *

New usbliter8 Exploit Targets Apple SoCs, Allowing Hardware Level Security Bypass *

Windows Systems Targeted Through Microsoft Fondue.exe Side-Loading Technique *

Crypto-Stealing Rust Malware Spreads Through Fraudulent GitHub Projects and Fake Trust Signals *

Mozilla Addresses Multiple Critical Vulnerabilities in Firefox 152 *

Brazilian Banking Users Targeted in New SmartRAT Malware Attack Using ClickFix Tactics *

China-Themed Loader Chain Delivers Multi-Stage Malware Through Decoy Documents *

Microsoft Uncovers Windows Clipper Malware Campaign Leveraging USB LNK Worm and Tor-Based C2 *

WordPress POST SMTP Plugin Vulnerability (CVE-2023-6875) Exposes 300,000+ Websites to Account Takeover Risks *

Splunk Patches Critical AI Toolkit Vulnerability Leading to Arbitrary Command Execution *

FortiBleed Campaign Exposes Fortinet VPN Credentials *

AI-Generated YouTube Narrators Spread Rust-Based Crypto Clipboard Hijacker *

Critical OpenBSD Vulnerability Enables Complete PAP Authentication Bypass After 27 Years *

GitBait Campaign Abuses GitHub Pages for Financial Sector Phishing Attacks *

ClickFix Attack Deploys Potemkin Loader, RMMProject RAT, and EtherRAT Across 11 Hosts *

Google Cloud Vertex AI Double Agent Vulnerability Enables Sensitive Data Access *

Kodak confirms data breach claimed by ShinyHunters extortion gang *

Sapphire Sleet Deploys Multi-Stage macOS Malware via curl-to-osascript Execution Chain *

Malicious JetBrains Marketplace Plugins Steal AI API Keys from Developers *

Ghostwriter Threat Actors Target Users with Gmail Admin Phishing Emails *

Critical NVIDIA NeMo Vulnerability Enables Unauthorized Command Execution *

Critical Fortinet FortiSandbox Vulnerabilities Under Active Exploitation *

Windows Users Targeted by Fake CAPTCHA and GULoader Malware Campaign *

Researchers Track OnionDrop Loader Delivering Multi Stage Payload Chains *

China-Linked SprySOCKS Backdoor Expands to Windows Targets, Enhancing Espionage Capabilities *

UNC3753 Targets Professional and Financial Organizations Through Social Engineering Attacks *

Novo Nordisk Confirms Cyberattack Exposing Patient Medical Data *

Rokarolla Android Malware Targets PINs, SMS Authentication Codes, and Cryptocurrency Wallets *

GhostTree Malware Campaign Uses Recursive Windows Junctions to Conceal Malicious Files *

Jenkins RCE Vulnerability Being Exploited in the Wild *

Silent Cloud-Based Attack Enables Payroll Redirection Fraud *

NarwhalRAT Delivered via Stealth LNK Execution Chain *

Attackers Exploit Copilot Enterprise Search to Steal Confidential Microsoft 365 Data *

Critical PAN-OS GlobalProtect Flaw Enables Unauthorized VPN Access *

Threat Actor Malware Platform Exposed Through Unsecured PHP Installer Page *

Salesforce Platform Compromise at Infinite Campus Leads to Data Exfiltration *

Sniper Dz Phishing Campaign Targets MENA Users Through Fake Facebook Offers and Browser Alert Scams *

Payroll Pirate Campaign Uses AiTM Phishing to Steal Employee Payroll Credentials *

Microsoft 365 Copilot Vulnerability Enables Potential Exposure of Emails, Files, and MFA Codes *

Chinese Hackers Breach REDCap Servers, Exfiltrate Sensitive Medical Research Data *

Critical Jenkins Vulnerability (CVE-2024-23897) Under Active Exploitation *

DPAPISnoop Enables Extraction and Processing of Windows CredHist Data *

Nintendo Investigating Alleged Data Breach Claim Linked to Third-Party Platform *

Wazuh Vulnerability Enables Alert Manipulation and Security Log Deletion *

SearchJack Adware Campaign Hijacks Browser Searches *

WordPress Plugin Supply Chain Attack Exposes Websites to Malware *

AI Coding Assistants Exploited in New Agentjacking Attack *

152 Chrome Extensions Found Generating Fake Google Search Traffic and Harvesting Data Campaign *

ShinyHunters Exploits Oracle PeopleSoft Zero-Day RCE Vulnerability in Active Attacks *

Maine Suspends Data Breach Reporting Portal Following Fraudulent VRChat and Discord Submissions *

Critical Splunk Vulnerability Enables Unauthenticated Remote Code Execution *

AI Coding Agents Hijacked Through Malicious Error Injection Attack *

Europol Disrupts Audia6 Crypto Investment Fraud Network in International Operation *

GRU-Linked APT28 Uses Moobot Botnet to Target Routers and IoT Devices *

AI Coding Agents Vulnerable to New Agentjacking Arbitrary Code Execution Attack *

Threat Actors Exploit NinjaOne RMM Agent to Obtain Remote Access to Brazilian Organizations *

Kyushu Electric Power Reports Missing SSD Affecting 10.9 Million Customers *

Tchap Messaging Platform Breach Impacts More Than 73,000 French Government Users *

OceanLotus APT Executes Supply Chain Attack Through Compromised FireAnt MetaKit Targeting Stock Investors *

GreatXML Attack Demonstrates Potential BitLocker Bypass Through Windows Recovery Workflow *

VMware-Signed Binary Abuse Enables Malware Execution and Defense Evasion *

Critical Configuration Control Vulnerability Discovered in Ivanti Endpoint Manager Mobile *

Microsoft Teams for Android Vulnerability May Expose Sensitive Information *

DMG-Based Delivery Chain Deploying macOS Infostealer Malware *

Data Breach at Nottingham University Impacts More Than 450,000 Students *

Hackers Exploit SniperDz PhaaS Platform to Launch Large-Scale Phishing Campaigns *

OpenClaw AI Agent Compromised in Phishing Scenario, Leaking Credentials *

Emerging Phishing Method Mimics Browser Windows to Harvest Microsoft 365 Credentials *

Malicious Browser Extensions Target Users of Popular AI Chatbots *

Malicious Surveillance Software Found on Devices of Russian Leadership *

Stealthy .NET Loader Spread via Malspam Using DoubleClick Redirection *

Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader *

Linux Kernel Guest-to-Host Escape Vulnerability Exposed Following Public PoC Release *

Multiple Splunk Enterprise Vulnerabilities Allow Remote Code Execution and Privilege Escalation *

Microsoft Fixes Windows RDP Vulnerabilities That Could Expose Sensitive Data *

Actively Exploited Chromium Vulnerability Puts Chrome and Edge Users at Risk *

Microsoft Discloses Windows CTFMON Zero-Day Enabling Local Privilege Escalation Attacks *

Proto6 Vulnerabilities in protobuf.js Enable RCE and DoS Attacks in Node.js Environments *

Hackers Use Fake Utility Downloads to Deliver Malware Through Trojanized Software *

U.S. Military Networks Face Expanded Targeting From China-Linked JDY Botnet *

Tax-Themed Phishing Emails Deploy Fileless Malware on Windows Systems *

Langflow Path Traversal Vulnerability Enables Unauthenticated Remote Code Execution *

RoguePlanet Zero-Day Exploits Microsoft Defender to Gain SYSTEM Privileges *

Malicious dbmux npm Releases Exploit Developers Through Supply Chain Attack *

Unauthorized Access Incident Linked to Exploited ServiceNow Security Flaw *

OpenClaw AI Agent Credential Leakage Vulnerability Enables Sensitive Data Exposure *

Android.MagicAd Malware Evades Security Measures to Deliver Persistent Background Ads *

Critical Vulnerability in Veeam Backup Servers Allows Authenticated Remote Code Execution *

Apple Introduces AI-Powered Feature to Automatically Replace Compromised Passwords *

The Hidden Security Risk in Modern Enterprise Browsers: AI Browser Extensions *

Microsoft Patch Tuesday Security Advisory – June 2026 *

Account Hijacking Attack Compromises French Government Messaging Platform *

NFCShare Android Malware Distributed via Fake Banking App Updates *

SAP June 2026 Security Updates Address Multiple Critical Vulnerabilities Across Enterprise Products *

LiteLLM Command Injection Vulnerability (CVE-2026-42271) Actively Exploited, Can Lead to Unauthenticated Remote Code Execution *

Critical Linux Kernel Flaw Enables Root Access Across Systems *

Google Releases Emergency Fix for Actively Exploited Chrome Zero-Day Vulnerability *

Fake Parsimonious Python Package Used to Distribute Malware *

Cybercriminals Use Fake Security Tool Websites to Distribute Malware *

Cisco SD-WAN Flaw Under Active Exploitation *

New Analysis Reveals VECT 2.0 Ransomware Causes Permanent Data Damage *

Critical Microsoft Edge Vulnerabilities Could Lead to Remote Code Execution *

UniFi OS Server Authentication Bypass and Command Injection Chain Enables Unauthenticated RCE to Root *

Fortinet Flaws, AI Tools, and Custom C2 Framework Exploited in Large-Scale Intrusion Campaign *

Pink Hacking Group (CL-CRI-1147) Targets Enterprises to Steal Cloud Credentials and Conduct Data Extortion *

VerdantBamboo BSD Variant of BRICKSTORM Targets Linux Appliances *

New Lucid Stealer Malware Targets 18 Browsers, Crypto Wallets, and Discord Tokens with Hidden Remote Access Capability *

Critical Vulnerability in Check Point VPN Products Enables Unauthorized Remote Access *

VMware NSX Vulnerabilities Expose Administrators to Stored XSS Attacks *

Lucid Stealer Expands Capabilities with Integrated Remote Access and Credential Theft *

Dell RecoverPoint for Virtual Machines Zero-Day Vulnerability (CVE-2026-22769) Exploited for Root-Level Persistence *

Vishing and Physical Intrusions Drive UNC3753s Latest Extortion Campaign *

Meta AI Support Hack Leads to 20,000+ Instagram Account Takeovers *

Threat Actors Exploiting Linux Kernel cgroups Vulnerability to Gain Root Access *

CISA Alerts Organizations to Actively Exploited SolarWinds Serv-U Vulnerability *

Hugging Face Transformers Flaw Enables Remote Code Execution *

ActiveMQ Security Gaps Allow Exploitation via Malformed JMS Properties and Overly Permissive Management APIs *

OP-512 Threat Cluster Targets Microsoft IIS Servers with Custom Web Shell Framework *

Fortinet Flaws, AI Tools, and Custom C2 Framework Exploited in Large-Scale Intrusion Campaign *

Android Spyware Asin Targets Arabic-Speaking Users Through Fake News, PDF, and War Map Apps *

Critical Claude Code Flaw Allows Complete GitHub Repository Takeover *

KMW CCTV Authentication Bypass Vulnerability (CVE-2026-5386) Enables Unauthorized Access to Surveillance Feeds *

Critical StrongDM Vulnerability Enables Authentication Token Theft and Session Reuse *

Mustang Panda Uses Multi-Stage LNK and PowerShell Chain to Deliver PlugX RAT *

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm *

Foreign Spyware Campaign Targets Phones of Senior Russian Officials *

Operation XENOFISCAL: SideCopy Targets Afghan Government with Xeno RAT *

Critical Oracle WebLogic Flaw Added to CISA KEV Catalog Amid Active Exploitation *

Brute-Force Attack Targets Dashlane Users, Encrypted Vaults Accessed *

Android Zero-Day Vulnerability Actively Exploited in the Wild *

Severe Magento Cache Plugin Vulnerability Allows RCE Attacks *

Analysis of the June 2026 npm Supply Chain Compromise *

IBM WebSphere RCE Vulnerability Allows Code Execution Through Crafted Requests *

Critical MCP Toolbox Flaw Exposes Enterprise Database Systems to Attack Risk *

Spear-Phishing ZIP Files Serve as Initial Vector for Complex Rust-Based Malware Execution Chain *

Magento Cache Plugin Vulnerability Enables Arbitrary File Read and Information Disclosure *

Attackers Leverage Docker and Kubernetes Misconfigurations to Compromise Host Systems *

Critical Plesk Vulnerability (CVE-2025-66430) Allows Root-Level Privilege Escalation *

Malicious npm Package Targets OpenAI Codex Users by Stealing Authentication Tokens *

Iranian Threat Actors Exploit AppDomainManager Hijacking to Bypass EDR Defenses *

Windows 11 KB5089573 Released With Performance Enhancements and Critical Reliability Fixes *

AI-Powered Cyber Threat: GREYVIBE Uses ChatGPT and Gemini to Fuel Cyberattacks *

Microsoft Clarifies “Nightmare-Eclipse” Zero-Day Disclosure Controversy *

PHP Developers Targeted in New Famous Chollima Malware Operation *

Hackers Exploit WP Maps Pro Bug to Gain Full Admin Access on WordPress Sites *

Iran-Linked Hackers Deploy Destructive Wiper Malware Against Critical Infrastructure *

Security Vulnerability in Instagram Meta AI Reportedly Enables Account Password Resets *

Critical Patch Alert Windows Netlogon RCE CVE-2026-41089 Actively Exploited in Wild *

SideCopy Uses Fileless Malware Chain to Compromise Afghan Finance Officials *

Palo Alto Networks Warns of Active Exploitation of CVE-2026-0257 *

JINX 0164 Leverages LinkedIn Based Social Engineering to Deliver macOS Infostealer and CICD Supply Chain Malware *

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks *

Ransomware Abuses Scheduled System Tasks to Evade Detection and Encrypt Systems *

Dutch Authorities Disrupt Massive Malware Botnet with 17 million infected devices *

Malicious Sicoob NuGet Package Steals Banking Credentials from Developer Environments *

Charter Communications Breach Leaks Data of 4.9 Million Customers in ShinyHunters Attack *

Samba RCE Vulnerability Allows Remote Code Execution on Linux Servers *

Seedworm Hackers Leverage Signed Security Binaries in DLL Sideloading Campaign *

Zapocalypse Exploit Chain Risks Complete Zapier Account Compromise *

Fortinet Researchers Uncover Evasive PureLogs Infostealer Targeting Browsers, Crypto Wallets, and VPN Credentials *

World Cup Fans Targeted by GHOST STADIUM Through Fraudulent FIFA Ticketing Platforms *

VaultJacking Attack Puts Google Users at Risk *

Carnival Corporation Detects Unauthorized Activity Leading to Mass Data Breach Disclosure *

How SIEM Helps MSPs Reduce Alert Noise and Respond to Threats Faster *

New Zero-Day Vulnerability in Gogs Allows Remote Code Execution *

Romanian Hacker Sentenced for Breaching Oregon Government Network *

VIP Keylogger Malware Campaign Targets Windows Users Through Phishing Attacks *

ClearFake Campaign Abuses BSC Testnet Smart Contracts to Conceal Malware Infrastructure *

Roundcube Webmail Security Update Fixes Critical Pre-Authentication SQL Injection Flaw *

Veeam Backup & Replication Critical Vulnerabilities Allow Remote Code Execution *

GitHub Releases Enterprise Server 3.20.3 to Patch Severe Flaws *

Grandoreiro Banking Malware and BTMOB Android RAT Intensify Global Attacks *

Iran-Linked MuddyWater Launches Global Cyber Espionage Campaign *

Microsoft Patches Critical Windows Kernel Flaw CVE-2026-40369 Enabling SYSTEM Privilege Escalation *

Gitea Vulnerability Exposes Private Repository Data Through Authorization Bypass *

BTMOB Malware Targets Android Phones with Remote Access Capabilities *

BadHost Vulnerability Exposes Sensitive AI Agent Server Infrastructure *

AI Chatbot Suggestions Found Redirecting Users to Cryptojacking Malware Platforms *

Stealer Backdoor Found in Malicious npm Packages Targeting Developer Systems *

New Windows Security Flaws Expose Systems to SYSTEM-Level Access *

Zero-Click Exploit Chain Hijacks WhatsApp Accounts on Vulnerable iOS 16 Devices *

Glassworm Malware Campaign Targets Developers Through npm, PyPI, GitHub, and VS Code Extensions *

Microsoft Defender for Endpoint Automatic Device Isolation (Preview) Strengthens Enterprise Threat Containment *

Quasar Linux RAT Targets Developers With Stealthy Fileless Supply Chain Attacks *

Security Weakness in Apache CXF May Lead to LDAP Injection *

Silent Supply Chain Attack Through Malicious Go Module Typosquat *

New Vulnerability in Microsoft SharePoint Server Exposes Systems to RCE Attacks *

Memcached SASL Authentication Vulnerability (CVE-2025-46818) Enables Remote Code Execution *

Hackers Use SEO Poisoning to Impersonate Gemini CLI and Deliver Malware *

Critical Flaws in Angular Language Service Extension Could Enable Remote Code Execution *

NightSpire Ransomware Exploits RDP Access to Target Global Organizations *

Payload Ransomware Uses Advanced Encryption to Disrupt Enterprise Networks *

Phishing-as-a-Service Campaigns Abuse RCS and iMessage for Real-Time MFA Bypass *

Critical 7-Zip Memory Corruption Flaws Allow Remote Code Execution and Data Exposure *

PuTTY 0.84 Security Update Fixes SSH Key Exchange Crash and Telnet Prompt Spoofing Issues *

Cisco Fixes Critical CVSS 10.0 Secure Workload REST API Vulnerability Allowing Unauthorized Data Access *

InvisibleFerret Malware Uses .pyd and .so Modules to Bypass Script-Based Detection Mechanisms *

Supply Chain Attack Conceals Linux Malware Under Fake SSH Process *

Telegram-Facilitated MaaS Ecosystems Power Cross-Border Money Mule Laundering Operations *

Laravel Language Packages Hijacked to Deploy Credential-Stealing Malware *

Dutch Authorities Seize 800 Hosting Servers Allegedly Used to Facilitate Cyberattacks *

Iranian APT Uses SEO Poisoning and Fake VPN Installers to Deploy Malware *

Local Persistence of WhatsApp Conversations in Unencrypted Storage on macOS and iOS *

SonicWall Firewall Management Interface Scanning Surge Raises Exploitation Concerns *

Threat Actors Impersonate Gemini CLI and Claude Code to Deliver Fileless PowerShell Infostealer *

Ghost CMS SQL Injection Flaw Exploited in ClickFix Campaign *

Iran-Linked MiniUpdate RAT Campaign Targets Critical Industries *

Underminr Technique Abuses Shared CDNs to Bypass Security Defenses *

Hackers Exploit Azure RBAC Misconfigurations to Escalate Privileges and Access Critical Cloud Resources *

Stealthy npm Lifecycle Malware Targets PHP Composer Ecosystem *

Packagist Supply Chain Attack Targets PHP Development Ecosystem *

Hackers Target npm, PyPI, and Crates with 34 Compromised Packages *

Cybercriminals Exploit F5 BIG IP Weaknesses to Target Enterprise Infrastructure Networks *

Ubiquiti Releases Emergency Patches for Critical UniFi OS Vulnerabilities *

Active Exploitation of CVE-2026-48172 Threatens Shared Hosting Servers *

PyrsistenceSniper Detects 117 Malware Persistence Techniques Across Windows, Linux, and macOS *

Apple App Store fraud prevention systems stop $11B in malicious transactions over six years *

Trend Micro Apex One Zero-Day (CVE-2026-34926) Exploited in Active Attacks *

Drupal Critical SQL Injection Vulnerability (CVE-2026-9082) Under Active Exploitation *

Megalodon Attack Abuses CI-CD Pipelines Across 5,561 GitHub Repositories *

Android Malware Campaign Exploits Carrier Billing to Enroll Users in Premium Services *

KimWolf DDoS Botnet Operator Arrested Following Global Investigation *

Kali365 Targets Microsoft 365 Users Through Advanced Phishing Campaign *

Splunk Fixes Multiple Vulnerabilities Enabling DoS and Data Exposure *

New NGINX RCE Vulnerability “nginx-poolslip” Raises Global Security Concerns *

Critical Apache OFBiz Vulnerabilities Allow Password-Change Bypass and Remote Code Execution Exploit *

Thousands of GitHub Projects Targeted in Fast-Moving CI CD Backdoor Attack *

AI-Assisted Phishing Campaign Targets U.S. Organizations Through Fake Event Invitations *

Critical Chrome Vulnerabilities Enable Remote Code Execution *

TamperedChef Campaign Uses Trojanized Productivity Apps for Malware Distribution *

Linux Kernel Vulnerability Enables Container Escape and Privilege Escalation *

Security Advisory | ShowBoAT Linux Malware Targets Middle Eastern Government and Critical Infrastructure Sectors *

Telcos Targeted by Chinese Hackers Using New Linux and Windows Malware *

Drupal Core Security Vulnerability Enables Denial-of-Service Attacks Through Comment Module *

Microsoft Defender Flaws Under Active Zero-Day Exploitation *

GitHub Internal Repositories Breached via Poisoned VS Code Extension *

Fake Microsoft Teams Downloads Deliver ValleyRAT Malware *

Cyber Attacks Force Nucor to Halt Steel Production *

ExifTool CVE-2026-3102 Exposes macOS Systems to Command Injection Attacks *

Dark Web Data Brokers Mislead Organizations Using Fabricated Corporate Breach Claims *

WantToCry Ransomware Abuses SMB for Remote Encryption *

TeamPCP Supply Chain Attack Compromises Microsoft DurableTask Python Client *

Single-Character Go Package Typosquat Exploited to Deliver DNS-Based Backdoor Malware *

Gremlin Stealer Uses Telegram Dead Drop Resolver to Conceal C2 Infrastructure *

FreePBX Vulnerability Allows Unauthorized Access to User Portals *

Webworm Malware Campaign Leveraging Discord and Microsoft Graph API for Covert C2 Operations *

Trapdoor Malvertising Campaign Exploits 455 Android Apps for Massive Ad Fraud Operations *

Microsoft Exchange Server Spoofing Vulnerability (CVE-2026-42897) Exploited via Crafted Emails *

Critical NGINX Rift Vulnerability Exposes Servers to RCE and DoS Attacks *

Pardus Linux Vulnerability Chain (CVE-2026-5140) Enables Full Root Privilege Escalation *

The Gentlemen Ransomware Emerges as a Major Cross-Platform Cyber Threat *

New macOS Malware Uses Fake Google Update Mechanism for Persistence *

INTERPOL Dismantles Major Scam and Malware Networks *

GitHub Investigates Claimed Source Code Theft by TeamPCP *

UAC-0184 Uses BITSAdmin and Multi-Stage Loaders to Deliver Remcos RAT *

Fake Google Update Campaign Delivers Malware Through Compromised Websites *

Microsoft Edge Password Handling Flaw Exposes Stored Credentials in System Memory *

Exploit Released for Newly Discovered DirtyDecrypt Linux Privilege Escalation Vulnerability *

53 Malware and Phishing Servers Seized by INTERPOL’s Operation Ramz *

PostgreSQL Security Updates Patch Multiple High-Severity Vulnerabilities Across Versions 14–18 *

Four-Faith Router Flaw Actively Exploited for Global Botnet Recruitment *

Critical Entra ID Flaw Enabled Service Principal Hijacking *

JavaScript Malware Campaign Drops Crypto Clipper via PowerShell *

Critical Marimo Vulnerability Enables Remote Code Execution *

Attackers Abuse VS Code Marketplace to Spread Backdoor via Nx Console Extension *

Multiple Critical Vulnerabilities in n8n Lead to Full RCE Risk *

FunnelKit Flaw Puts WooCommerce Stores at Risk *

Mythos Introduces Automated PoC Exploit Creation for Vulnerability Research *

OtterCookie Malware Steals Developer Secrets, SSH Keys, Cloud Credentials, and API Tokens *

Hackers Exploit Cloudflare Storage Services to Steal Network Files *

Paper Werewolf APT Campaign Uses Fake Adobe Installer to Deploy EchoGather RAT *

New Gremlin Stealer Iteration Uses In-Memory Decryption of .NET Resource Payloads for Evasion *

Gamaredon Deploying GammaDrop and GammaLoad Through Phishing Attacks *

Four Malicious npm Packages Deliver Credential-Stealing Malware Across Developer Environments *

Critical macOS M5 Vulnerability Chain Enables Full Root Access *

WordPress Plugin Vulnerability Exposes Websites *

PureLogs Infostealer Campaign Using PNG Steganography *

Fast16 Malware Used for Nuclear Weapons Simulation Sabotage Prior to Stuxnet *

Critical n8n Security Flaws Enable Remote Code Execution and Credential Exposure *

Avada Builder Vulnerabilities (CVE-2026-4782 & CVE-2026-4798) Expose Over One Million WordPress Sites *

Tycoon 2FA Exploits OAuth Device Code Flow *

Apple M5 Security Breach Demonstrates AI’s Growing Role in Cyber Exploitation *

VPN Bypass Issue in Android 16 Can Leak Users’ Actual IP Addresses *

Malicious JPEG Files Exploit Critical PHP Memory Safety Vulnerabilities *

Grafana Labs GitHub breach caused by CI and CD misconfiguration enabling token theft *

JDownloader Website Breach Distributes Malicious Installers to Windows and Linux Users *

OpenClaw Vulnerabilities Permit Sandbox Bypass and Credential Exfiltration *

TanStack Supply Chain Attack Impacts OpenAI Employee Devices and Triggers macOS Certificate Rotation *

Gunra Ransomware’s Double-Extortion Campaign Targets Global Enterprises *

Developer Secrets Targeted by Stealer Backdoor in 3 Node-IPC Versions *

High-Severity SQL Injection Vulnerabilities Affect Amazon Redshift Database Drivers *

Pwn2Own Berlin 2026 Exposes Critical Zero-Day Flaws in Microsoft, NVIDIA, and AI Platforms *

Multiple Security Flaws in cPanel Put Hosting Environments at Risk *

Microsoft Exchange Server XSS Vulnerability Under Active Exploitation *

NGINX Vulnerability Allows Remote Code Execution *

TencShell Malware Exploits Screen Control and UAC Bypass in Advanced Cyberattack *

Microsoft Enhances Vulnerability Detection with MDASH AI System *

Critical Cisco SD-WAN Vulnerability Allows Remote Attackers Administrative Access, Threatens Network Security *

WordPress Plugin Flaw Puts 200,000+ Sites at Risk *

Malicious npm Package Versions Target AWS, Azure, GitHub, and SSH Secrets *

Fragnesia CVE-2026-46300 Linux Kernel LPE Exploits Page Cache Corruption for Root Access *

Sandworm Shifts from IT Breaches to Misconfigured Edge Devices in Critical Infrastructure Attacks *

PraisonAI Authentication Bypass Vulnerability (CVE-2026-44338) Enables Unauthorized Access to AI Agent Platform *

Critical Vulnerability in Windows DNS Client Enables Remote Code Execution *

New Exim Security Flaw Risks Remote Code Execution on Email Servers *

Chinese APT Exploits Microsoft Exchange Server Vulnerabilities for Large-Scale Cyber Espionage *

Attackers Can Exploit MongoDB Vulnerability for Unauthorized Code Execution *

Composer Vulnerability Leaks GitHub Actions Tokens Through CI Logs in PHP Projects *

Fortinet and Cisco Edge Devices Under Active Exploitation *

Android 17 AI-Powered Security Protects Smartphones Against Fraud, Malware, And Evolving Cyber Threats *

Signal Rolls Out New Warnings Against Social Engineering Threats *

Fortinet Releases Urgent Security Updates for Critical RCE Flaws *

UK Slaps $1.3M Fine on Water Supplier Over Massive Data Breach *

GemStuffer Campaign Abuses RubyGems Packages to Exfiltrate U.K. Council Portal Data *

Android Intrusion Logging Feature Enhances Spyware Forensics on Android Devices *

Foxconn North American Factory Cyberattack Linked to Nitrogen Ransomware Group *

Repeated Exploitation of Microsoft Exchange Impacts Azerbaijani Energy Firm *

Microsoft Patch Tuesday Security Advisory – May 2026 *

Infostealer Malware Increasingly Linked to Enterprise Credential Compromise *

Global Enterprises Targeted in BYOVD-Based Ransomware Attacks *

Microsoft Teams Spoofing Vulnerability Impacts Android Enterprise Communications *

Cybercriminals Abuse Fake FinalShell and Xshell Downloads for Malware Delivery *

Microsoft Windows 11 Cumulative Security Updates Address Multiple Vulnerabilities Across Supported Versions *

Cushman & Wakefield Reports Data Breach Impacting Over 310,000 Accounts *

Instructure Pays Ransom Following Threat of Massive Canvas Data Exposure *

Critical Claude Chrome Extension Flaw Enables Silent Data Theft from Google Services *

RubyGems Under Active Attack as Harmful Packages Flood Repository *

Zoom Workplace and Zoom Rooms Vulnerabilities Enable Privilege Escalation Attacks *

iOS 26.5 Introduces End-to-End Encrypted RCS Messaging for iPhone and Android *

Attackers Abuse Vercel AI Platform for Mass Phishing Site Generation *

SAP S4 HANA SQL Injection Vulnerability Enables Unauthorized Database Access *

Mini Shai-Hulud Attack Targets CI/CD Pipelines Across Major Dev Ecosystem *

Fake TronLink Chrome Extension Steals TRON Wallet Credentials Through Dynamic Phishing *

Magecart Campaign Exploits Google Tag Manager for Stealth Credit Card Theft *

Cline AI Agent Vulnerability Enables Remote Code Execution Attacks *

OpenAI Daybreak Uses GPT-5.5 Cyber Models to Strengthen Enterprise Vulnerability Management *

Nexcorium DDoS Malware Leveraging TBK DVR Flaw (CVE-2024-3721) *

Fake JPEG Launches Fileless Intrusion Chain Using Trojanized ScreenConnect *

PureRAT Conceals PE Payloads Inside PNG Files for Fileless Attacks *

Critical RCE Flaw in Weaver E-cology Puts Enterprise Systems at Risk *

NVIDIA Reports GeForce User Data Exposure Incident *

Google Detects First AI-Generated Zero-Day Cyber Exploit *

Windows SMB File Shares Vulnerable to Encryptionless GhostLock Attacks *

Critical PHP SOAP Extension Vulnerability Enables Remote Code Execution *

Microsoft 365 Copilot Vulnerabilities Could Expose Sensitive Organizational Data *

GhostLock Attack Exploits Windows SMB Exclusive File Handles to Execute File-Locking DoS Disruption Without Encryption *

Ollama Out-of-Bounds Read Vulnerability (CVE-2026-7482) Enables Remote Process Memory Leak *

Sandboxie Escape Vulnerability Leads to SYSTEM-Level Privilege Escalation *

ODINI Malware Uses CPU-Generated Magnetic Signals to Exfiltrate Data from Air-Gapped Systems *

TrickMo Android Banking Malware Uses TON Blockchain for Stealthy Communications *

Malicious Hugging Face Repository Distributes Rust-Based Info Stealer via Fake OpenAI Model *

macOS Malware Campaign Uses Google Ads and Claude Shared Chats for Payload Delivery *

ODINI Malware Uses Magnetic Fields to Steal Data from Isolated Systems *

Cybercriminals Use AI to Intensify Attacks Across African Sectors *

OpenClaw Malware Campaign Distributes Fake Installers and Infostealer Payloads *

Stealthy Vidar Infostealer Infection Chain Targets Credentials Using Fake Activation Tools *

Germany Shuts Down Rebooted Crimenetwork Dark Web Marketplace *

Hackers Weaponize JDownloader Downloads With RAT Malware *

TCLBANKER Malware Spreads via WhatsApp and Outlook Worms *

Zara breach exposes support tickets and order metadata after BigQuery cloud compromise *

Trellix Source Code Repository Breach Linked to RansomHouse Hackers *

Fake Call History Apps Scam Campaign Targets Android Users Through Fraudulent Google Play Apps *

React Server Components Next.js Vulnerabilities Expose Applications to RCE and DoS Attacks *

Attackers Abuse Signed Logitech Installer to Deploy TCLBANKER Malware *

Dirty Frag Linux Kernel Vulnerability Enables Root Privilege Escalation Across Major Distributions *

Grok and Bankrbot Exploited Through AI Prompt Injection Leading to Crypto Theft *

Rancher Fleet Vulnerability Exposes Kubernetes Clusters to Full Admin Takeover *

New Banking Trojan TCLBanker Uses WhatsApp and Outlook for Automated Spread *

ACSC Alerts Organizations to ClickFix Malware Campaign Delivering Vidar Stealer *

Critical Spring Cloud vulnerabilities expose enterprise systems to severe cyberattack and data breaches *

Day Zero Readiness: Closing the Gaps That Cripple Incident Response *

VoIP Infrastructure Becomes Key Tool in Modern TOAD Scam Operations *

Ollama Vulnerability Exposes Servers to Unauthorized Access and Model Abuse *

Android Spyware Campaign Abuses Fake Call Log Apps to Harvest Payment Data from Millions *

MuddyWater Chaos Campaign Exploits Microsoft Teams for Credential Theft and Data Exfiltration *

Ivanti Endpoint Manager Mobile Zero-Day Vulnerability Exploited in Active Attacks *

Multiple Critical vm2 Vulnerabilities Enable Remote Code Execution Attacks *

Malicious Google Ads Used to Hijack GoDaddy ManageWP Credentials *

Multiple Redis Flaws Raise Serious Remote Exploitation Concerns *

Google Chrome 148 Security Update Fixes 127 Vulnerabilities Including Critical Memory Corruption Flaws *

Malicious NuGet Packages Target .NET Cryptocurrency Developers *

Cisco Network Flaw Exposes Devices to Denial-of-Service Attacks *

Palo Alto Networks Warns of Actively Exploited PAN-OS Remote Code Execution Flaw *

MuddyWater Chaos Campaign Exploits Microsoft Teams for Credential Theft and Data Exfiltration *

China-Linked UAT-8302 Expands Global Cyber-Espionage Campaign Using Shared APT Toolsets *

Google Expands Android Binary Transparency to Prevent Supply Chain Attacks *

Chaos RaaS Emerges After BlackSuit Takedown, Continuing Double Extortion OperationsChaos ransomware has surfaced shortly after the takedown of the BlackSuit operation, indicating a rapid regrouping of threat actors. The new ransomware-as-a-service (R *

Stealthy C2 Communications via QUIC and WebSockets in Salat Malware *

Calendar Phishing Campaign Abuses Event Invites for Credential Theft *

Critical Fanwei E-cology10 Flaw Enables Session Hijacking and Credential Theft *

Argo CD Vulnerability (CVE-2026-42880) Exposes Kubernetes Secrets from etcd Clusters *

Severe Zero-Auth Issue Allows Unauthorized Cross-Tenant Access at DoD Contractor *

Ransomware Affiliate Convicted for Coordinating Double-Extortion Attacks *

Email Data of 119K Users Exposed in Vimeo Third-Party Breach *

OpenClaw Malicious Skills Campaign Targets Agentic AI Ecosystem *

Salesforce Marketing Cloud Vulnerabilities Enable Cross-Tenant Email Data Exposure *

Developers Targeted by QLNX Malware in Credential Theft Operations *

Multi-Stage AiTM Phishing Attack Targets 35,000 Users with Code-of-Conduct Lures *

Cerberus Anti-theft Identified as Stalkerware Leveraging Google Firebase for Remote Control *

WhatsApp Vulnerability Allows Malicious URL Execution via Instagram Reels *

Trojanized DAEMON Tools Updates Used to Deploy Advanced Multi-Stage Cyberespionage Malware *

ScarCruft Campaign Delivers BirdCall Android Malware via Fake Game Platforms *

CloudZ Malware Exploits Microsoft Phone Link to Intercept SMS and One-Time Passwords *

Personal information of 119,000 users exposed in Vimeo data breach *

Code-of-Conduct Phishing Campaign Uses AiTM to Bypass MFA and Compromise Accounts *

Fake Notepad++ for macOS Campaign Exploits Brand Trust to Deliver Malware *

Compromised Gaming Site Used to Distribute BirdCall Spyware on Android Devices *

Zero-Click Android Vulnerability in adbd Grants Remote Command Execution *

Apache HTTP Server Remote Code Execution Vulnerability *

Severe Security Issues in Qualcomm Chipsets Enable Remote Code Execution *

Authorities Shut Down 9 Crypto Fraud Hubs in Massive International Crackdown *

Cisco Strengthens AI Supply Chain Security with Model Provenance Kit *

Amazon SES Exploited by Phishing Campaigns to Bypass Detection Mechanisms *

Mass Facebook Account Hijacking Campaign Uncovered *

AI Hackers Now Discover 0-Days Faster Than Humans Can Respond *

Critical RCE Vulnerability in Weaver E-cology Exploited Before Public Disclosure *

Unauthorized Repository Access Leads to Source Code Exposure at Trellix *

Silver Fox Leverages RustSL Loader to Deliver ValleyRAT and ABCDoor via Tax-Themed Phishing Campaigns *

Canvas LMS Data Breach Confirmed Following ShinyHunters Claim *

Bluekit Phishing Kit Streamlines End-to-End Attacks with Automation and MFA Bypass *

Critical Vulnerabilities in Apache MINA Allow Remote Code Execution Attacks *

Microsoft Defender Misidentifies DigiCert Certificates as Trojan:Win32/Cerdigent.A!dha *

FreeBSD DHCP Client Vulnerability Enables Remote Code Execution *

Email Bombing and Fake IT Support Phishing Attack Targets Enterprises Globally *

Trellix Source Code Breach Raises Supply Chain Security Concerns *

MOVEit Transfer and Cloud Vulnerability Allows Authentication Bypass Attacks *

Hackers Inject Malware into SAP npm Packages to Exfiltrate Secrets *

Artificial Intelligence Accelerates Zero-Day Discovery and Threat Execution *

Telegram Mini Apps Exploited for Crypto Scams and Malware Delivery *

ConsentFix v3 automated OAuth phishing attack targeting Microsoft Azure environments *

Instructure Confirms Data Breach Following Claimed Attack by ShinyHunters *

Windows 11 Update Gives Admins Full Control Over Default App Removal *

Cybercriminals Can Now Rebrand and Resell Android Spyware with Ease *

Enhancing Threat Intelligence Workflows with Criminal IP and Securonix Integration *

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines to Steal Credentials *

Multiple Vulnerabilities in Exim mail server Enable Crashes Through Malicious DNS Data *

PyTorch Lightning Supply Chain Attack via PyPI Package Compromise *

China-Linked Cyber Espionage Campaign Targets Asian Governments and NATO Entity *

ShadowPad Malware Campaign via WSUS Exploit *

DeepDoor RAT Exploits Windows Systems to Steal Credentials and Maintain Persistent Access *

Wireshark Vulnerabilities Causing Denial-of-Service Risks *

AI-Powered Ransomware Surge Hits 7,831 Victims Worldwide *

SMS Pumping Scam Hidden Behind Fake CAPTCHA Tricks Users *

Wireshark Update Fixes Critical Code Execution and DoS Vulnerabilities *

The First 24 Hours of Exposure How Attackers Find and Exploit New Assets *

Stealth Python Backdoor Abuses Tunneling Service to Steal Browser and Cloud Credentials *

Critical zero-day vulnerability in cPanel & WHM actively exploited, PoC released *

Python-Based Fileless Backdoor Uses Public Tunneling Service for Stealthy Credential Exfiltration and Remote Access *

Phoenix PhaaS Platform Enables Large-Scale Smishing Campaigns *

Critical “Copy Fail” Vulnerability in Linux Enables Full Root Access on Widely Used Systems *

ProFTPD SQL Injection Vulnerability (CVE-2026-42167) *

Multiple SonicOS Vulnerabilities Threaten Firewall Integrity and Availability *

ASUSTOR ADM Vulnerability (CVE-2026-6644) Enables Root Command Execution via PPTP VPN Feature *

Compromised WordPress Plugin Delivers Silent Payloads Through Update Checker *

Jenkins Patches Multiple Vulnerabilities Allowing Denial-of-Service and Information Disclosure Attacks *

Attackers Abuse Qinglong Task Scheduler RCE Vulnerabilities for Cryptomining *

Lazarus Group Targets macOS with Mach O Man Malware *

Supply-Chain Attack Targets SAP npm Ecosystem to Exfiltrate Secrets *

Arbitrary Code Execution via AI Agent Interaction with Malicious Git Repositories in Cursor IDE *

Lazarus macOS Malware Campaign (“Mach-O Man”) Targets High-Value Users *

CISA Alerts on Active Exploitation of ConnectWise ScreenConnect Vulnerability *

NVIDIA FLARE SDK Critical Vulnerability Enables Authentication Bypass and Potential Full System Compromise *

Spring AI Vector Stores Impacted by Injection Vulnerabilities (CVE-2026-40967 & CVE-2026-40978) *

Cursor AI Vulnerability (CVE-2026-26268) Enables Silent Remote Code Execution via Malicious Repositories *

BlueNoroff Fileless PowerShell Campaign Targets Organizations with Stealthy Malware Execution *

SlotAgent Malware Campaign Hides API Calls to Evade Detection and Steal Credentials *

Emerging BlobPhish Threat Uses Blob URLs to Deliver Fileless Phishing Pages *

Chrome Update Fixes Critical Vulnerabilities Leading to RCE Exploitation *

Urgent cPanel Update Addresses Critical Access Control Flaw *

Vimeo Confirms User Data Exposure Following Anodot Security Breach *

LofyGang Returns with Minecraft ‘Slinky’ Hack to Spread LofyStealer Malware *

Critical GitHub Flaw (CVE-2026-3854) Enables Remote Code Execution via Single Git Push *

Checkmarx Verifies GitHub Data Breach Linked to LAPSUS$ Hackers *

Zero-Window Reality: Building Resilience After Mythos *

Teen Hacker Linked to Scattered Spider Arrested in Global Cybercrime Case *

Silver Fox Malware Campaign Targets Users via Trojanized Installers and Phishing Lures *

Windows Shell Vulnerability (CVE-2026-32202) Actively Exploited in the Wild *

Critical Flaw in Hugging Face LeRobot Exposes Systems to Remote Code Execution *

Multiple RCE Vulnerabilities in Apache Camel Threaten Critical Integration Systems *

VECT 2.0 Ransomware Acts as a Data Wiper, Causing Irreversible File Destruction *

Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally *

Critical Flaw in Notepad++ Find Feature Can Crash Application, Leak Memory Data *

Fake Banking KYC Android Malware Campaign Exploits WhatsApp to Hijack Accounts *

PyPI Package Compromise Distributes Malware to Steal Environment Variables and Credentials *

Sandworm Campaign Leverages SSH-over-Tor for Covert Persistent Access *

Windows RDP Bitmap Cache Exposes Sensitive Session Data to Attackers *

Serious LiteLLM Bug Enables Unauthorized Database Access via SQL Injection *

Security Experts Reveal Early ‘fast16’ Malware Attacks on Engineering Software *

Chinese Hacker Extradited to U.S. for Silk Typhoon Cyberespionage Attacks *

European Commission Proposes New Rules to Make Google Share Search Data With Competitors Under Digital Markets Act *

Microsoft Gives Enterprises Power to Disable Copilot in Windows 11 *

Surge in Social Media Scams Drives Billions in Losses, FTC Warns *

Medtronic Confirms Data Breach Following Hackers’ Claim of 9 Million Records Stolen *

Linux ELF Malware Generator Evades Machine Learning Detection Using Semantic-Preserving Transformations *

Multi-Stage Malware Campaign Uses Obfuscation and Trusted Services for Evasion *

Bitwarden CLI Compromise Incident Raises Supply Chain Security Concerns *

Malware Spread Through Fake Income Tax Notices *

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks *

73 Malicious VS Code Extensions Discovered Spreading GlassWorm v2 Malware *

ClickFix Variant Uses Native Windows Tools for Stealth Malware Execution *

Vidar Malware Hides Second-Stage Payloads in JPEG and TXT Files to Avoid Detection *

Microsoft Store App Under Fire for Silent Data Exfiltration Activities *

Nessus Agent Vulnerability on Windows Enables Privilege Escalation *

Malware-Laced Excel Attacks Target Pharma Sector *

Cybersecurity Alert Vibing Malware Like Behavior in Productivity App *

Carlson VASCO-B GNSS Vulnerability (CVE-2026-3893) Allows Unauthorized Remote Control of Critical Functions *

Microsoft Confirms Outlook.com Disruption Impacting Email Services *

Attackers Exploit Multiple Bugs to Compromise CODESYS Applications *

Pentest AI Agents Toolkit Enhances Offensive Security Workflows *

Metabase Enterprise RCE Vulnerability Exploited with Publicly Available Proof-of-Concept *

Critical Privilege Escalation Flaw in Microsoft Entra ID Agent Identity Platform *

CISA Flags Four Actively Exploited Vulnerabilities, Orders Federal Action by May 2026 *

Itron Inc. Reveals Cyber Intrusion Affecting Internal IT Network *

Deceptive CAPTCHA Scheme Exploits Users for Premium SMS Fraud *

Attackers Exploit File Upload Vulnerability in Breeze Cache WordPress Plugin *

UNC6692 IT Helpdesk Impersonation via Microsoft Teams Enables Enterprise Malware Deployment *

FIRESTARTER Backdoor Breaches Cisco Firepower, Persists Beyond Security Patches *

UK reports Chinese cyber groups using distributed proxy networks to avoid detection *

NGate Android Malware Variant Exploits NFC via Trojanized Payment App *

Claude Mythos Uncovers 271 Zero-Day Vulnerabilities in Firefox *

Void Dokkaebi Campaign Uses Fraudulent Job Interviews for Malware Delivery *

Python Asyncio Vulnerability (CVE-2026-3298) Enables Out-of-Bounds Write on Windows *

Social Engineering Campaign Exploits Microsoft Teams to Deploy SNOW Malware *

Rituals Confirms Data Breach Impacting Customer Information *

Trigona Ransomware Campaign Leveraging Custom Exfiltration Tool for Data Theft *

GopherWhisper APT Campaign Using SaaS Platforms for Covert C2 *

Microsoft Confirms Microsoft Edge Update Bug Blocking Microsoft Teams Meeting Access *

Bitwarden CLI NPM Package Compromised to Steal Developer Credentials *

Kyber Ransomware Targets Windows and ESXi Systems *

Mirai Operators Abuse D-Link Router Flaw for Botnet Infections *

Caller as a Service Fraud Expands Organized Scam Operations *

New Compromises Surface in Vercel Systems Linked to Context.ai Breach *

GopherWhisper Cyber Espionage Campaign Targets Mongolian Government Systems *

Rituals Reports Data Breach Impacting Customer Information *

Fake TradingView AI Agent Portal is Delivering Needle Stealer Malware through Malicious TradingClaw Site *

Npm Supply Chain Attack Turns Hugging Face into Malware Delivery and Data Exfiltration Hub *

Severe Vulnerability in Pack2TheRoot Leads to Full System Compromise *

Malicious Xinference PyPI Packages Deliver Infostealer Targeting Developer Credentials *

Checkmarx KICS Docker Repository Compromised in Supply Chain Attack *

LMDeploy SSRF Vulnerability (CVE-2026-33626) Actively Exploited to Access Internal Services *

Mozilla Firefox 150 Fixes Critical Use-After-Free Vulnerabilities Enabling RCE *

SmartLoader and StealC Malware Distributed Through 109 Fraudulent GitHub Repositories *

Inside the Rise of Fintech Based Money Mule Operations in France *

Critical Spring Authorization Server Vulnerability (CVE-2026-22752) *

SIM Farm-as-a-Service Operation Spanning 87 Panels Across 17 Countries Exposed *

Severe Bamboo Security Bug Enables Unauthorized Command Execution *

Amazon–Anthropic AI Compute Expansion *

Auraboros RAT: Open C2 Panel Exposes Powerful Spy Toolkit *

Malicious Google Ads Campaign Targets Crypto Users with Wallet Drainers *

CrowdStrike LogScale Vulnerability Exposes Servers to Arbitrary File Read Attacks *

Emergency .NET 10.0.7 Patch Issued by Microsoft for Critical Elevation of Privilege Vulnerability *

Harvester Uses Microsoft Graph API to Deploy GoGra Backdoor on Linux Systems in South Asia *

Namastex Supply Chain Breach Enables CanisterWorm Propagation Across npm and PyPI *

BlueHammer Windows Zero-Day Vulnerability Enables SYSTEM Privilege *

Cyberattack on ANTS Raises Concerns Over Citizen Data Exposure *

CISA Warns of Active Threats Exploiting Cisco Catalyst SD-WAN Manager Vulnerabilities *

Lotus Data Wiper Attack on Venezuelan Energy Sector *

Apache Syncope RCE Vulnerability Enables Unauthorized Remote Code Execution *

Ofcom Investigates Telegram and Other Platforms Over Online Safety Violations *

BlackCat Ransomware Insider Incident *

Microsoft Detects Sapphire Sleet Targeting macOS Through AppleScript and Social Engineering Attacks *

Attackers Exploit GitHub Issue Notifications for OAuth Phishing Targeting Developers *

Reducing Fraud at Every Customer Touchpoint Without Disruption *

Prompt Injection via GitHub Comments Affects Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent *

JanaWare Ransomware Targets Turkish Users Using Customized Adwind RAT *

Windows Snipping Tool Vulnerability Exposes NTLM Hashes via Malicious URI Exploitation *

OAuth Phishing Campaign Exploits Legitimate Authentication Flows to Hijack Accounts *

Gh0st RAT and CloverPlus Deployed in Coordinated Dual-Malware Attack Campaign *

SGLang Remote Code Execution Vulnerability (CVE-2026-5760) via Malicious GGUF Models *

iTerm2 Bug Turns Simple File Viewing into Code Execution Risk *

North Korea-Linked UNC1069 Targets Crypto Professionals via Fake Meetings *

Intel Utility Hijacked via AppDomain to Deploy Stealth Malware *

Android Banking Malware Campaign Targeting Financial Data *

Coordinated Cyber Operations by Iran’s MOIS Hidden Behind Multiple Personas *

Abuse of Microsoft Teams and Quick Assist Enables Enterprise Compromise *

Iranian State Actor Operates Coordinated Cyber Campaign Leveraging Rebranded Threat Clusters *

British Cybercriminal Admits Role in SIM Swap Crypto Theft Attacks *

Reported API Vulnerability in Lovable AI App Builder Exposes Thousands of Projects *

Malware Using Microsoft-Signed Binaries Achieves Persistence and Command-and-Control *

Hackers Using FUD Crypter to Evade Detection and Deploy Malware *

MiningDropper Malware Targets Android Devices with Multi-Stage Payload Delivery *

Claude Opus-Assisted Chrome Exploit Chain Demonstration (CVE-2026-5873) *

Critical Vulnerability in Protobuf Library Allows Arbitrary JavaScript Code Execution *

New Nexcorium Botnet Targets TBK DVR Vulnerability for IoT Attacks *

Trusted Security Organizations Worldwide Gain Access to GPT-5.4-Cyber *

NIST Prioritizes High-Risk Vulnerabilities in Major NVD Policy Shift *

Vercel Security Breach Linked to Third-Party AI Tool and Data Sale Claims *

TP-Link Routers Targeted by Mirai Malware Exploiting CVE-2023-33538 *

Apple Account Alert Abuse Used for Phishing Attacks *

Google Expands Gemini AI to Combat Malicious Ads at Scale *

AI SOC Limitations Highlight Need for Deeper Security Automation *

Email-Borne Worm Threat Wave Targets Industrial Systems via Phishing Campaigns *

Phishing-Delivered Backdoor Worms Drive Elevated ICS Infection Rates Globally *

FortiSandbox Security Flaw Allows Arbitrary Command Execution Following PoC Release *

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Attacks *

Attackers Exploit SEO Poisoning to Install RMM Tool via Trusted Microsoft Executable *

CISA Warns of Active Exploitation of Apache ActiveMQ Vulnerability *

Cisco Webex Flaw Enables User Impersonation Attacks *

JanelaRAT Banking Trojan Targets Latin American Users with Advanced Session Hijacking Techniques *

Malicious Zoom SDK Update Powers Sapphire Sleet Advanced macOS Intrusion Chain *

Critical Flowise Vulnerability Allows Remote Command Execution via MCP Adapters *

Critical Vulnerabilities Exposed in EU Age Verification App *

Cyber-Enabled Cargo Theft Targeting Trucking Industry *

UAC-0247 Attackers Target Hospitals and Governments for Credential and WhatsApp Data Harvesting *

Censys Warns of 6 Million Public-Facing FTP Servers Exposed to Security Risks *

Two U.S. Nationals Sentenced in $5 Million DPRK IT Worker Fraud Scheme *

Banking Malware JanelaRAT Intensifies Attacks Across Latin America *

New ZionSiphon Malware Aims to Disrupt Water Infrastructure Operations *

Operation PowerOFF Uncovers 75K DDoS Users and Dismantles 53 Malicious Domains *

Critical wolfSSL Vulnerability Enables Forged Certificate Acceptance via Weak Signature Validation *

FBI Takedown of W3LL Phishing Network *

AgingFly Malware Targets Ukraine Critical Sectors *

Deterministic Agentic AI Architecture Enhances Reliability and Control *

Malicious Chrome Extensions Target User Accounts and Data *

PHP Composer Perforce VCS Driver Command Injection Vulnerabilities Enable Arbitrary Code Execution *

Rockstar Games Analytics Data Leaked Following Third-Party Security Incident *

Microsoft Patch Tuesday Security Advisory – April 2026 *

PlugX USB Worm Activity Spreads Globally Through DLL Sideloading and USB Propagation *

PowMix Botnet Targets Czech Employees with Stealthy Randomized C2 Communication *

Critical nginx-ui Vulnerability (CVE-2026-33032) Allows Complete Nginx Server Compromise *

Critical Cisco ISE Vulnerabilities Enable Remote Code Execution *

Hackers Exploit n8n Workflow Automation Platform via Malicious npm Package *

Microsoft Defender Vulnerability Exploited via Newly Published PoC Code *

Google Cloud Storage Abuse for Malware Delivery *

Critical Splunk RCE Vulnerability (CVE-2026-20204) Exposes Enterprise and Cloud Systems *

MuddyWater-Style Reconnaissance Campaign Targets 12,000+ Systems Across Middle East *

Block the Prompt, Not the Work: The End of “Doctor No” *

Transportation Security in the Age of Connected Vehicles *

AI-Powered Pushpaganda Campaign Abuses Google Discover for Scareware and Ad Fraud *

n8n Webhook Abuse Campaign Enables Malware Delivery via Phishing Emails *

Command Injection Vulnerabilities in Composer (PHP Package Manager) *

Basic-Fit Hit by Massive Data Breach Impacting Users Worldwide *

Major WordPress Supply Chain Attack: Trusted Plugins Used to Deploy Hidden Backdoors *

RokRAT Malware Delivered Through Facebook Social Engineering by APT37 *

BitLocker Security Flaws (CVE-2025-55333, CVE-2025-55338) Allow Unauthorized Access to Encrypted Drives *

Okta Under Attack: Credential-Based Intrusions Target Identity Infrastructure *

Agentic AI Browsers Introduce Critical Security Risks Enabling Prompt Injection Attacks *

Mirax Android RAT Abuses Meta Ads to Deploy Proxy Enabled Malware at Scale *

Extortion Attempt Follows Confirmed Data Breach at McGraw-Hill *

Chrome Introduces DBSC to Prevent Session Hijacking *

Strengthening Identity Security Through a Practical Zero Trust Approach *

Critical Security Flaws Addressed in New Nginx 1.29.8 and FreeNginx Releases *

ShinyHunters Leak Rockstar Games Data Following Cyberattack *

Critical wolfSSL Vulnerability Enables Forged Certificate Acceptance via Weak Signature Validation *

Advanced Storm Infostealer Steals Sessions Without Local Detection *

Booking.com Data Breach Exposes User Reservation Details, Triggers Security Alerts *

Phishing Campaigns Leverage GitHub and Jira Notification Systems to Evade Detection *

Analyzing the Trade-off Between Processing Power and Memory Availability *

EncryptInterceptor Bypass Vulnerability Impacts Apache Tomcat Systems *

Social Engineering Campaign by APT37 Distributes RokRAT via Fake Profiles *

EDR Killers Become Core Tool in Modern Ransomware Attacks *

Hackers Abuse MSBuild LOLBin to Bypass Detection in Fileless Windows Attacks *

Axios Flaw Exposes Applications to RCE and Cloud Credential Theft *

Iranian APT Campaign Targets Critical Infrastructure and Government Entities *

Marimo Pre-Auth RCE Vulnerability (CVE-2026-39987) Under Active Exploitation *

Claude and ChatGPT Exploited Through Prompt Injection to Leak Sensitive Data *

Fraudulent BTS Tour Ticket Scams Target Fans Globally *

Adobe Acrobat Reader Zero-Day Vulnerability (CVE-2026-34621) *

Global Crypto Fraud Crackdown: Operation Atlantic *

Attackers Use CPUID Breach to Deliver STX RAT via Altered Downloads *

Storm-2755 AiTM Campaign Hijacks Microsoft 365 Sessions to Redirect Payroll Funds *

Chrome Device-Bound Sessions to Prevent Cookie Theft *

Diagnosing High CPU and Memory Utilization in Google Chrome Using Built-in Task Manager *

GlassWorm Campaign Uses Malicious VS Code Extension to Infect Developer IDEs *

Critical EngageSDK Vulnerability Impacts Millions of Crypto Wallets *

Hack-for-Hire Campaign Linked to Bitter Targets Journalists in MENA *

ChainShell Attack: MuddyWater Leverages Russian MaaS Tools *

MuddyWater Adopts Russian MaaS Tools for Advanced Cyber Espionage Campaigns *

HPE Aruba Private 5G Security Vulnerability Exposes Systems to Credential Theft *

Critical Flaws in TP-Link Archer AX53 Router Allow Full System Takeover *

Critical GitLab Vulnerabilities Enable DoS and Unauthorized Server-Side Actions *

STX RAT Evades Detection with Hidden Remote Access and Data Theft Capabilities *

Stolen Credentials Turn MFA into Another Target for Attackers *

Massive Data Breach at Tianjin Supercomputing Center Exposes Sensitive Information *

EngageLab SDK Vulnerability Exposes 50M+ Android Users to Data Access Risk *

UAT-10362 Targets Taiwanese NGOs with Spear-Phishing and Malware Campaign *

Automated Pentesting Tools Facing Modern Security Limitations *

Cybercriminals Use VENOM Toolkit to Bypass MFA and Capture Microsoft Logins *

ChipSoft Ransomware Attack Disrupts Dutch Healthcare Systems *

Hackers Use Pixel-Large SVG Trick to Hide Credit Card Stealer in Websites *

Critical GitLab Vulnerabilities Enable DoS and Unauthorized Server-Side Actions *

Magento Under Attack as SVG-Based Skimmer Steals Payment Data *

Cross-Platform Phishing Campaign Targets High-Profile Journalists and Government Critics *

Hackers Exploit Smart Slider 3 Pro Update Mechanism to Push Malicious WordPress and Joomla Versions *

LucidRook Malware Spread Through Spear-Phishing Attacks on Taiwanese NGOs *

Eurail Data Breach Impacts 300,000 Individuals, Exposes Sensitive Traveler Data *

Chrome WebML Flaws Expose Systems to Arbitrary Code Execution Attacks *

Hackers Impersonate Linux Foundation Leaders to Target Open-Source Developers via Slack *

CISA Flags Actively Exploited Ivanti EPMM Vulnerabilities as High Risk to Enterprises *

GitLab Vulnerabilities Allow Cross-Site Scripting and Denial-of-Service Attacks (Multiple CVEs) *

SonicWall Vulnerabilities Allow SQL Injection and Privilege Escalation Attacks *

Undetected ActiveMQ Flaw Allows Hackers to Execute Commands Remotely *

Hackers Target Adobe Reader Zero-Day Vulnerability Enabling Data Theft and RCE *

Windows 11 Update Causes BitLocker Recovery Issue *

All-in-One AI Platform Emerges as a Cost-Saving Alternative to Multiple Subscriptions for $100 *

Cyber Attacks by Iran-Backed Hackers Hit U.S. Critical Systems *

Multiple Critical Security Vulnerabilities Found in IBM Verify Access and Identity Systems *

EvilTokens Phishing Campaign Exploiting Microsoft 365 OAuth Tokens *

New Chaos Malware Variant Expands to Cloud Attacks with SOCKS Proxy Capability *

APT28 PRISMEX Malware Campaign Targets Ukraine and NATO Allies *

Snowflake Customers Impacted by Data Theft Following SaaS Integrator Breach *

Anthropic Introduces Claude Mythos Preview for AI-Powered Zero-Day Vulnerability Detection *

Masjesu Botnet Exploits IoT Devices to Launch High Volume DDoS Attacks *

Docker Registry Authorization Bypass Vulnerability (CVE-2025-4095) Allows Unauthorized Image Access on macOS *

OpenSSL Releases Patches for Multiple Cryptographic and Parsing Flaws *

BPFDoor Malware Evolves with Stealthy Stateless C2 and ICMP Relay Techniques *

Russian State-Linked Hackers Exploit Routers for Global Espionage and AiTM Attacks *

Critical CUPS Vulnerabilities Enable Remote Code Execution and Root Privilege Escalation *

Windmill Vulnerabilities Expose Systems to Remote Code Execution Attacks *

Attackers Use Fake Gemini Package to Extract AI Tokens *

Recurring Credential Incidents and Their Hidden Impact *

GPUBreach GPU Attack Leads to Full System Compromise *

Mass Exploitation of ComfyUI Instances Fuels Cryptomining Botnet Campaign *

Phishing Campaigns Leverage LogMeIn Resolve and ScreenConnect for Remote Access Exploitation *

Fake TradingView Premium Malware Campaign Targets Crypto Users *

Windows Targeted by Tor-Enabled ClickFix Attack Delivering Node.js RAT *

Critical Android Zero-Click DoS and Hardware Security Flaws Impact Framework and StrongBox Components Worldwide *

Storm-1175 Targeting Cloud Identity Systems *

Serious ShareFile Security Flaws Risk Unauthorized Server Access *

Critical Flowise Vulnerability (CVE-2025-59528) Enables Remote Code Execution and Active Exploitation *

Windows Defender Zero-Day Exploit Enables Security Bypass *

GroupOffice Vulnerability CVE-2026-34838 Allows Arbitrary Code Execution *

WordPress Plugin Vulnerability Allows Arbitrary File Upload and Server Takeover *

Malicious PyPI Package Abuses AI Proxy Layer to Capture Claude Prompts and Leak Telemetry *

South Korea Targeted by LNK Malware Campaign Using GitHub Infrastructure *

Critical Dgraph Database Authentication Bypass Vulnerability *

North Korea Uses Modular Malware to Frustrate Attribution and Takedowns *

Fake ChatGPT Ad Blocker Extension Found Harvesting Private Chats *

Hackers Compromise ILSpy WordPress Site to Spread Malware *

Critical Flaws in Apache Traffic Server Could Disrupt Enterprise Networks *

CISA Lists TrueConf Vulnerability in KEV Due to Active Exploitation *

Trojanized Strapi Plugins on npm Enable Silent Data Theft and Persistent Access *

Claude Access Limited as Anthropic Disables Third-Party Integrations Including OpenClaw *

Hidden LinkedIn Code Allegedly Detects Installed Software on User Systems *

Hims & Hers Data Breach Linked to Zendesk Support Ticket System Exposure *

Top Privileged Access Management (PAM) Solutions and Security Strategies for 2026 *

Top IAM Companies Driving Identity Security in 2026 *

New QR Code Phishing Scam Targets Drivers with Fake Court Notices *

Emergency Update Released for Actively Attacked FortiClient EMS Flaw *

New SparkCat Malware Variant Targets iOS and Android Apps, Steals Crypto Wallet Recovery Phrase Images *

TeamPCP Attack on European Commission Cloud Results in Cross Entity Data Leak *

Microsoft Initiates Forced Upgrade Cycle for Windows 11 24H2 Systems to Windows 11 25H2 for Unmanaged Devices *

NoVoice Malware Campaign on Google Play *

RFQ Themed Multi Stage Malware Campaign Delivers Fileless Cobalt Strike Payload *

Apple iOS 18.7.7 Update Fixes Critical DarkSword Web Exploit and Multiple Security Flaws *

Handala Hackers Allege Compromise of Israeli Defense Firm *

Akira-Style Ransomware Campaign Targets Windows Users Across South America *

RFQ-Themed Malware Campaign Uses HTML Attachments to Steal Credentials *

Critical Progress ShareFile Vulnerabilities Chained for Pre-Authentication Remote Code Execution Attacks *

FBI Issues Alert on Potential Data Exposure via Chinese Mobile Apps *

Critical F5 BIG-IP Flaw Leaves Thousands of APM Instances at Risk *

Critical Vulnerability in Cisco Smart Software Manager On-Prem Enables Unauthenticated Root Command Execution *

Cybercriminals Use Vacant Homes to Intercept Mail in Hybrid Attacks *

Critical PX4 Autopilot Vulnerability Enables Full Drone Takeover via MAVLink Exploitation *

Reservation Hijack Scam Exploiting Hotel Booking Systems for Payment Fraud *

Public Exploit Code Targets nginx-ui Backup Restore Flaw *

Casbaneiro Banking Trojan Spread Through Sophisticated Phishing Operations *

Suspected Data Breach at Cisco Linked to ShinyHunters Threat Group *

Vim Modeline Vulnerability Enables Arbitrary OS Command Execution *

Ethereum Powered EtherRAT Malware Uses EtherHiding for Stealthy Blockchain Based C2 *

Microsoft Teams EXIF Data Removal Feature Enhances Privacy *

CERT-UA Impersonation Campaign Delivers AGEWHEEZE Malware to One Million Emails *

Critical nginx-ui Backup Vulnerability Demonstrated Through PoC Code *

WhatsApp-Based Malware Attack Uses UAC Bypass to Compromise Windows Devices *

Privilege Escalation Flaw in Google Vertex AI Exposes Critical Cloud Resources *

Critical CrewAI Vulnerabilities Enable Prompt Injection, RCE, and Sandbox Escape Risks *

Critical Unauthenticated RCE in Oracle WebLogic Server Actively Exploited in the Wild Alongside Legacy Vulnerabilities *

Attackers Use Telegram-Based ResokerRAT for Stealthy Access and Data Capture *

Vertex AI Data Exposure Vulnerability *

Attackers Abuse Windows Utilities to Bypass AV and Launch Ransomware *

XLoader Malware Enhances Obfuscation Techniques and Conceals C2 Communications Using Decoy Servers *

Apple Introduces macOS Terminal Alert to Prevent ClickFix Attacks *

Operation TrueChaos: TrueConf Zero-Day Exploited in Targeted Government Attacks *

Critical Vulnerability in Vertex AI Risks Exposure of Google Cloud Data and Artifacts *

PNG File Vulnerabilities Enable Sensitive Data Leakage via Embedded Data Channels *

Tax Filing Scams Used to Deliver Malware in 2026 Campaigns *

New EvilTokens Phishing Kit Exploits Microsoft Authentication Mechanisms *

Axios npm Supply Chain Attack Delivers RAT via Malicious Dependency Injection *

ClickFix Variant Using Rundll32 and WebDAV for Defense Evasion *

India Enforces Ban on Chinese CCTV Devices to Strengthen Cybersecurity and Data Sovereignty *

North Korean Actor Exploits Stolen Identity and AI Tools in Employment Scam *

Notepad++ v8.9.3 Released with Security Fixes and Stability Improvements *

Grafana Vulnerabilities Expose Systems to Remote Code Execution Attacks *

Exposure of TheGentlemen Ransomware Toolkit Reveals Active Attack Infrastructure and Stolen Credentials *

Security Flaws in ChatGPT and Codex Fixed by OpenAI *

CareCloud Data Breach Exposes Patient Information *

CrySome RAT Upgrade Advanced .NET Malware with AV Evasion and Hidden VNC Functionality *

WordPress Plugin Flaw Exposes Sensitive Files *

Personal Emails of FBI Director Compromised in Iran?Linked Cyberattack *

Russian CTRL Toolkit Spread Through Malicious LNK Files Hijacks RDP via FRP Tunnels *

New Homoglyph Techniques Enable Advanced Domain Spoofing Attacks *

Telnyx Python SDK Supply Chain Attack Delivers Malware via WAV Steganography *

Critical Stored XSS Flaw Found in Jira Work Management *

DeepLoad Malware Leveraging ClickFix for Stealthy Credential Theft *

Citrix NetScaler Vulnerability (CVE-2026-3055) Targeted by Active Reconnaissance Campaigns *

VoidLink Demonstrates Real-World Impact of AI-Assisted Malware Creation *

TA446 Spear-Phishing Campaign Leverages One-Click DarkSword iOS Exploit for Covert Device Compromise *

BlankGrabber Malware Targets Windows Systems to Steal Sensitive Data *

Unauthorized Access Detected in European Commission Cloud Services *

Malicious Browser Extensions Enable “Prompt Poaching” Attacks on AI Users *

BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers *

Personal Email of FBI Director Kash Patel Compromised in Hack *

New Infinity Stealer Malware Exploits ClickFix Lures to Steal Data from macOS Systems *

Smart Slider Plugin File Read Vulnerability *

Financial Institutions Targeted by PXA Stealer Through Malicious ZIP Files *

Trivy Supply Chain Compromise (CVE-2026-33634) Enables CI/CD Secret Exfiltration *

Threat Actors Deploy BRUSHWORM and BRUSHLOGGER Against Financial Firm in South Asia *

TeamPCP Targets Telnyx Python Library to Expand Supply Chain Intrusions *

Silver Fox Spear-Phishing Campaign Delivers ValleyRAT via Tax-Themed HR and Finance Lures in Japan *

Threatsday Bulletin Highlights PQC Transition and Rising AI Security Vulnerabilities *

Red Hat Alerts Users to Malware Hidden in Widely Used Linux Tool, Enabling Unauthorized Access *

VoidLink Rootkit: A New Hidden Threat in Linux Systems *

Leak Bazaar Platform Enables Sale of Stolen Data from Global Breaches *

Stealthy Telecom Espionage Campaign Exploiting Exposed VPN and Edge Devices *

Ajax football club Data Breach Exposes Fan Information and Enables Ticket Hijacking *

Claude Extension Zero-Click XSS Prompt Injection Vulnerability *

Coruna iOS Kit Revives Operation Triangulation Exploits, Expands into Widespread Threat Campaigns *

Critical Privilege Escalation Vulnerability Discovered in IDrive Windows Client *

GoHarbor Addresses Critical Harbor Flaw Allowing Full Registry Compromise *

High-Severity Ivanti EPMM Vulnerabilities Exploited for Rapid Database Extraction *

Critical NVIDIA Flaws Enable Remote Code Execution and DoS Attacks *

New Synology DSM Vulnerability Enables Remote File Access Without Authentication *

GhostClaw Malware Campaign Targets macOS via Malicious GitHub Repositories *

New Attack Campaign Leveraging Kiss Loader with Early Bird APC Injection *

Fake Screenshot Lures Drive New Wave of Social Engineering Attacks *

Malicious npm Packages Abuse Post-Install Scripts to Deliver RAT Using Deceptive Install Output *

Bubble AI App Builder Abused to Steal Microsoft Account Credentials via Phishing Campaign *

Users Advised Patching Critical TP-Link Router Vulnerability *

Paid AI Accounts Targeted in Underground Markets *

GitHub Expands Security Coverage by Introducing AI-Driven Bug Detection *

PolyShell Attacks Target 56% of Vulnerable Magento Stores with Malicious Implants *

Citrix Patches Critical NetScaler Flaws Resembling CitrixBleed Attacks *

New Torg Grabber Infostealer Exploits ClickFix to Target Crypto Wallet Users *

FCC Ban on Foreign-Made Routers Over Cybersecurity and Supply Chain Risks *

AI-Driven GitHub Campaign Uses Trojanized OpenClaw Repositories to Deliver Infostealer Malware *

Malvertising Campaign Abuses ScreenConnect and Huawei Driver for EDR Evasion *

Tycoon2FA Attackers Restart Cloud Account Phishing Operations After Infrastructure Recovery *

Supply Chain Attack Hits LiteLLM PyPI Package, Stealing Sensitive Credentials *

ICE Cloud Malware Campaign Targeting Exposed MS-SQL Servers by Larva-26002 *

CanisterWorm Kubernetes Wiper Targets Iran-Based Infrastructure *

PTC Windchill and FlexPLM Vulnerability Poses Imminent Cyber Threat *

Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution *

Critical Security Flaws Found in Dell Wyse Management Suite *

Citrix NetScaler Security Flaws Enable Data Disclosure and Session Hijacking Risks *

Critical Vulnerabilities in TP-Link Archer Routers Enable Full Device Compromise *

Critical NetScaler Vulnerabilities Allow Unauthorized Access & Memory Leak *

Crunchyroll Data Breach Exposes Alleged 100 GB of User Data *

CISA Alerts on Active Exploitation of Craft CMS Code Injection Vulnerability *

Eight Attack Vectors in AWS Bedrock AI Platform Enable Data Exfiltration and Agent Hijacking Risks *

Over 500,000 End-of-Life Microsoft IIS Servers Exposed Online, Creating Critical Global Security Risk *

CanisterWorm Turns Trusted npm Packages into Malware Distribution Channels *

CISA Warns of Actively Exploited Apple Vulnerabilities *

LAPSUS$ Alleged AstraZeneca Data Breach and Private Sale of Sensitive Data *

MioLab Infostealer Targets macOS With ClickFix Tactics and Wallet Stealing Capabilities *

Google Ads Abuse Delivers Tax Scam Malware Using BYOVD Technique for Defense Evasion *

Fake Download Sites Push AsyncRAT Through SEO Poisoning Tactics *

Prolonged Spy Campaign Targets Libya’s Critical Sectors Using AsyncRAT *

Oblivion RAT Masquerading Campaign Targets Android Devices with Fake App Updates *

Bamboo Data Center and Server Flaw Allows Remote Code Execution *

Critical Oracle RCE Vulnerability Impacts Identity Manager and Web Services Manager *

Quest KACE SMA Vulnerabilities Exploited to Compromise Systems *

CISA Warns of Actively Exploited Apple Flaws Enabling Full Device Compromise *

Critical QNAP QVR Pro Vulnerability Allows Remote Attackers to Gain System Access *

Critical UNISOC Modem Flaw Enables Remote Code Execution via Cellular Calls *

Critical Langflow Vulnerability CVE-2026-33017 Enables Unauthenticated Remote Code Execution *

Android Sideloading Security Update and Rising Malware Threats *

FBI Alerts on Large-Scale Phishing Campaign by Russian Hackers Targeting Signal and WhatsApp *

Magento PolyShell Vulnerability *

Trivy Vulnerability Scanner Compromise Raises Supply Chain Security Concerns *

Sophisticated PureLog Infostealer Spread via Phishing and Google Ads Malvertising *

CISA Alerts Active Exploitation of Cisco Secure Firewall Management Center Zero-Day in Ransomware Attacks *

Allure Security Funding Boost Strengthens AI-Based Online Brand Protection *

Navia Data Breach Exposes Personal and Health Data of Millions via Vulnerable API Access *

Iranian Open Server Exposure Uncovers 15-Node Botnet and Relay Network *

Browser Permission Phishing Campaign Targets Biometric Data *

Claude AI Vulnerabilities Enable Data Exfiltration via Prompt Injection Attacks *

Pyronut Malicious Python Package Attack Overview *

Cyber Espionage Campaign Exploits Judicial Trust to Deliver Rust Malware *

Horabot Resurfaces in Mexico with Phishing and Email Worm Campaigns *

IoT Botnet Behind 30 Tbps DDoS Attacks Disrupted by Authorities *

Cisco Firewall Vulnerability Enables Unauthenticated RCE and Ransomware Deployment *

LeakNet Enhances Ransomware Attacks Using ClickFix Lures and Stealthy Deno Loader *

Backdoored Open VSX Extension Campaign Targets Developers via GitHub Downloader *

Warlock Ransomware Exploits Vulnerable Drivers to Evade Security Defenses *

WaterPlum Targets VSCode with New ‘StoatWaffle’ Supply Chain Malware *

Major Data Breach at Aura Impacts 900,000 Contacts *

Critical ScreenConnect Vulnerability Requires Immediate Upgrade and Security Hardening *

UIDAI Launches Bug Bounty Program to Strengthen Aadhaar Ecosystem Security *

Fancy Bear Server Leak Exposes Operational Data and Malware Infrastructure *

CISA Mandates Urgent Patching of Actively Exploited Zimbra XSS Vulnerability *

FortiClient EMS SQL Injection Vulnerability (CVE-2026-21643) *

Rust-Based RAT Deployment via Multi-Stage LNK and PowerShell Attack Chain Targeting Judicial Environments *

A Critical Telnetd Vulnerability Enables Pre-Authentication Remote Code Execution with Root Privileges *

Ubuntu Desktop Flaw Allows Local Users to Escalate Privileges to Root Access *

Critical Flaw in Kubernetes NFS CSI Driver Puts Storage Directories at Risk *

Microsoft Exchange Online Mailbox Outage Disrupts Email Access for Users *

Windows Security Alert: RegPwn Enables Full SYSTEM Access via Registry Abuse *

Payload Ransomware Threat Targets Windows and ESXi Systems with Babuk-Style Encryption *

Authlib Security Flaws Open Door to Padding Oracle and Token Forgery Attacks *

File Browser Vulnerability Exposes Systems to Privilege Escalation and RCE *

Angular XSS Flaw Puts Thousands of Web Applications at Risk *

UK Companies House Security Bug Allows Unauthorized Access to Business Records *

CISA Warns of Active Exploitation Targeting Wing FTP Server Vulnerability *

FBI Investigation into Malware-Infected Steam Games Targeting Cryptocurrency Theft *

Shadow AI Usage Exposes Organizations to Data Leakage Risks *

GlassWorm Exploits Stolen GitHub Tokens to Inject Force-Push Malware into Python Repositories *

ClickFix-Based Command Paste Attacks Facilitate MacSync Infostealer Deployment on macOS *

Android 17 Advanced Protection Mode Blocks Misuse of Accessibility Services *

Coordinated Wiper Attacks Target Organizations to Destroy Critical Data *

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage *

IBM X-Force Discovers Slopoly Malware Used in Hive0163 Ransomware Attacks *

Google Looker Studio Vulnerabilities LeakyLooker Expose Sensitive Cloud Data *

Critical RCE Vulnerability Prompts Microsoft to Block Automated Installation in Windows 11 and Server 2025 *

Fake FileZilla Downloads Used to Distribute Credential-Stealing Malware *

RondoDox Botnet Growth Fueled by Exploitation of 174 Vulnerabilities via Residential IPs *

KakaoTalk Account Takeover Campaign Targets Users Through Credential Harvesting *

FortiGate Firewalls Hacked by Automated Scripts to Steal Network Configurations *

OpenClaw AI Agents Exposed to Indirect Prompt Injection Attacks *

BetterLeaks Empowers Dev Teams to Prevent Credential Exposure Globally *

Critical LangSmith Vulnerability Enables Account Takeover and Token Theft *

Poland’s National Centre for Nuclear Research Targeted by Cyberattack *

Microsoft Releases KB5084597 Hotpatch Fixing RRAS Remote Code Execution Vulnerabilities in Windows 11 Enterprise *

Global Authorities Disable 45,000 Malicious IPs Linked to Cybercrime Campaigns *

The Claude Code Trap: Bitdefender Unmasks Fake Google Ads Hijacking Developer Terminals *

New Critical AdGuard Home Vulnerability Lets Attackers Bypass Authentication *

Perplexity Computer Token Exposure Raises Security and Billing Concerns *

Fileless Remcos RAT Campaign Uses JavaScript and PowerShell for Stealth Attacks *

Law Enforcement Dismantles SocksEscort ResidentialProx y Botnet Exploiting Compromised Routers *

Poland’s Nuclear Research Centre Targeted by Cyberattack *

Hackers Breach Loblaw IT Network, Access Customer Data *

SEO Poisoning Campaign Delivers Trojan VPN Software to Steal Credentials *

Veeam Backup & Replication Security Update Fixes Critical Vulnerabilities *

Two Chrome Zero-Day Vulnerabilities (CVE-2026-3909 & CVE-2026-3910) Actively Exploited to Execute Malicious Code *

1 Click ZITADEL XSS Vulnerability Enables Full Account Takeover *

Critical MediaTek Flaw Allows Android Lock Screen PIN Extraction in Under 45 Seconds *

CrackArmor Exploit Threatens Root Access on Millions of Linux Systems *

OpenSSH GSSAPI Key Exchange Vulnerability Causes Remote SSH Process Termination *

Starbucks Data Breach Exposes Personal Data of Customers *

Critical CVE-2025-0113 Found in Cortex XDR’s Broker VM Architecture *

TaxiSpy Android Banking Trojan Enables Remote Access and Credential Theft *

SocksEscort Residential Proxy Network Leveraged AVRecon Malware to Exploit Global Router Infrastructure *

TELUS Digital Hit by Data Breach After Hacker Group Claims Massive Theft *

High-Severity SQL Injection Flaw in Elementor Ally Plugin Exposes 250K+ WordPress Sites *

Apple Releases Security Patch for Coruna Exploit on Older iOS Devices *

Ericsson U.S. Discloses Data Breach Following Third-Party Service Provider Hack *

Six Android Malware Families Target Pix Payment System to Steal Banking Credentials *

Email and Teams Summaries in Microsoft 365 Copilot Vulnerable to Cross-Prompt Injection *

Hardware Flaw in MediaTek Chip Exposes Android Devices to PIN and Data Theft *

Veeam Backup & Replication Critical RCE and Privilege Escalation Flaws Expose Backup Servers *

Hive0163 Deploys AI-Assisted Slopoly Malware to Maintain Persistent Access in Ransomware Attacks *

Mutable Tag Vulnerability in Xygeni GitHub Action Puts CI/CD Pipelines at Risk (CVSS 9.4) *

macOS Users Targeted by ClickFix Campaign Deploying MacSync Infostealer *

CISA Warns of Critical Remote Code Execution Vulnerability in n8n *

Chrome Security Update Fixes 29 Vulnerabilities *

CastleRAT Campaign Abuses Deno Runtime for Fileless Malware Attacks *

Palo Alto Cortex XDR Broker Vulnerability Enables Privilege Escalation and Unauthorized Access *

Stryker Global Network Disruption Following Cyberattack by Iran-Linked Handala Hacktivist Group *

Critical Command Injection Flaw Discovered in Splunk Enterprise and Cloud Platforms *

Malicious npm Package “pino-sdk-v2” Harvests Developer Secrets via Discord Exfiltration *

CVE-2025-20154 Security Flaw in Cisco Network OS Can Crash Devices Remotely *

Zombie ZIP Method Helps Malware Evade Antivirus and Security Scanners *

Android Malware BeatBanker Poses as Starlink App to Steal Data and Control Devices *

BlackSanta Attack Delivers ISO Payloads Enabling DLL Sideloading and PowerShell Based Execution *

HPE Issues Warning on Critical AOS-CX Flaw Impacting Enterprise Network Devices *

Global Infrastructure Disruption Triggers Service Degradation on Instagram Platform *

UNC6426 Gains AWS Administrative Access Through Compromised NPM Package *

Microsoft Patch Tuesday Security Advisory – March 2026 *

Microsoft Active Directory Elevation of Privilege Vulnerability Enables Domain Takeover *

APT-C-23 Uses Fake Red Alert App for Mobile Espionage *

Fortinet FortiManager fgtupdates Flaw Allows Remote Attackers to Execute Arbitrary Commands *

Cloudflare Pingora Flaws Enable HTTP Request Smuggling and Cache Poisoning Attacks *

LeakyLooker Flaws in Google Looker Studio Expose Risk of Cross-Tenant SQL Queries *

Fake Claude Code Installation Pages Used to Spread Amatera Infostealer Malware *

Threat Actors Leverage Malformed ZIP Archives to Evade Detection by Antivirus and EDR Platforms *

KadNap malware hijacks routers enabling anonymous proxy infrastructure for cybercriminal operations *

Critical Security Flaw in Gogs Allows Silent Overwrite of Git LFS Objects *

Critical SAP Security Flaws Allowing RCE Patched in Latest Update *

CISA Warns of Actively Exploited Ivanti Endpoint Manager Authentication Bypass Vulnerability *

Iran-Linked Seedworm Hackers Target U.S. Critical Infrastructure with New Dindoor Backdoor *

Chinese APT Campaign Targets Qatar Using PlugX Malware *

Cyber Espionage Campaign CL-UNK-1068 Targets Asian Critical Infrastructure *

Malicious AI Browser Extensions Steal Data from Nearly 900,000 Users *

Hikvision Improper Authentication Flaw Allows Privilege Escalation in Multiple Devices *

Apache ZooKeeper Vulnerability Exposes Sensitive Data to Attackers *

macOS Infostealer SHub Delivered via Fake CleanMyMac Site Using ClickFix Terminal Trick *

Chinese Hackers Exploit Web Servers to Steal Data from Asian Critical Infrastructure *

Chrome Extension Takeover Leads to Code Injection and Data Theft *

UNC4899 Breaches Crypto Firm by AirDropping Trojanized File to Developer’s Work Device *

Abuse of .arpa DNS and IPv6 Tunnels Enables Phishing Campaigns to Evade Defenses *

ClipXDaemon Malware Hijacks Cryptocurrency Clipboard Data on Linux Systems *

Critical Authorization Flaws Discovered in Vaultwarden Password Manager *

Malicious imToken Chrome Extension Steals Crypto Wallet Seed Phrases and Private Keys *

Hackers Reportedly Selling Exploit for Windows Remote Desktop Services Zero-Day Vulnerability *

Nginx-UI Vulnerabilities Enable Remote Command Execution and Data Exposure *

Critical Command Injection Vulnerability Discovered in AVideo Platform *

Critical ExifTool Flaw Lets Malicious Images Execute Code on macOS *

Claude Opus 4.6 AI Identifies 22 Security Vulnerabilities in Mozilla Firefox *

Microsoft Detects Large Scale Data Theft via Fake AI Assistant Browser Extensions *

Termite Ransomware Intrusions Linked to ClickFix Social Engineering and CastleRAT Malware *

Stealth Linux Rootkits Exploit Kernel Features for Evasion and Persistence *

Transparent Tribe Leverages AI to Mass-Generate Malware Implants in Cyber Campaign Targeting India *

Cisco Catalyst SD-WAN Manager Vulnerabilities (CVE-2026-20128, CVE-2026-20122) Under Active Exploitation *

MacCMS Websites Compromised in Global RingH23 Malware Campaign *

China-Nexus Malware Campaign Targeting Telecommunications Providers *

Global Hacktivist Campaign Triggers 149 DDoS Attacks Amid Middle East Tensions *

Coruna iOS Exploit Kit Targets iOS 13–17.2.1 with 23 Exploits Across Five Chains *

Dust Specter APT Targets Iraqi Officials with AI-Assisted Malware Campaign *

AkzoNobel Confirms Cyberattack on U.S. Facility *

Google Patches Android Zero-Day Vulnerability (CVE-2026-21385) Actively Exploited in Targeted Attacks *

UK Warns of Potential Iranian Cyberattack Risks Amid Middle East Conflict *

Fake Google Security Page PWA Phishing Campaign *

Cloud Imperium Games Reports Cyberattack Exposing Player Account Data *

Cyberattack on UH Cancer Center Exposes Personal Data of 1.2 Million *

LexisNexis Confirms Cyberattack After Hackers Publish Stolen Data *

OpenStack Vitrage Remote Code Execution Vulnerability *

Authorities Warn: Sloppy Lemming APT Targets Government Networks *

Hackers Exploit .arpa Domain Space to Bypass Email Security Filters *

D-Shortiez Malvertising Exploits WebKit Back-Button for Forced Redirects *

India-Linked SloppyLemming Uses Rust Malware and ClickOnce Lures Against Government and Telecom Networks *

Starkiller Phishing Framework Leverages Live Login Proxies to Evade MFA Protections *

Google Services Abuse Enables Credential Harvesting via Firebase Hosting and Translate Proxy Phishing Infrastructure *

Critical UXSS Flaw in DuckDuckGo Android Autoconsent JS Bridge Allows Cross-Origin Code Execution *

OneUptime Authenticated Command Injection Flaw Could Lead to Server Compromise *

Persistent Session Tokens and Infinite Password Reset Window Vulnerabilities Discovered in Vikunja *

CVSS 10 Flaw in OneUptime Probe Allows Full System Takeover *

Angular Server-Side Rendering Flaw Lets Attackers Trigger Unauthorized Requests from Applications *

Unencrypted Direct TPMS Broadcasts Enable Persistent Vehicle Tracking Across Major Brands *

Browser Extension Attack Bypasses Security Headers for Stealth Script Execution *

ClawJacked Vulnerability Allows Malicious Websites to Hijack Local OpenClaw AI Agents via WebSocket *

Anthropic Confirms Claude AI Service Down in Worldwide Outage *

Malicious npm Packages Leveraging Pastebin Steganography and Vercel C2 to Target Developers *

Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software *

Ivanti Connect Secure Zero-Day Exploited by RESURGE Malware *

Phishing Campaign Abuses Windows WebDAV to Deploy RAT Malware *

Pixel Perfect Extension Exploited to Inject Malicious Scripts and Strip Security Headers *

OCRFix Botnet Combines ClickFix Phishing and EtherHiding to Obfuscate Blockchain C2 Infrastructure *

Mysterium VPN Warns of Massive Credential Exposure via Misconfigured .env Files Worldwide *

Interview Trap: Malicious Next.js Repos Turn Coding Tests into Developer Hacking Tools *

ManoMano Data Breach Allegedly Impacts 38 Million Users *

Critical Remote Compromise Risks Identified in Gardyn Smart Garden Systems *

Dohdoor Malware Expands Operations Against Critical U.S. Institutions *

Zyxel Multiple Command Injection Vulnerabilities Enable Remote Code Execution *

North Korean APT37 Deploys Advanced Malware to Compromise Air-Gapped Systems *

Microsoft Defender Identifies Trojanized Gaming Utility Malware Campaign *

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments *

Critical RCE Vulnerability in Juniper Networks PTX Routers Allows Full Device Compromise *

OpenClaw and the Enterprise Security Risks of Autonomous AI Agents *

Aeternum C2 Malware Exploits Polygon Blockchain for Decentralized Command Infrastructure *

Trojanized Gaming Utilities Deliver Java-Based Remote Access Trojan *

Marquis Seeks Damages from SonicWall Over Alleged Cloud Security Failure *

DoH-Based Backdoor Campaign Uses DLL Sideloading and Process Hollowing Against Education and Healthcare Networks *

Malicious NuGet Package Impersonates Stripe Library to Steal API Keys *

ResidentBat Android Malware Grants Persistent Mobile Access to Belarusian KGB *

ServiceNow Patches Critical AI Platform Vulnerability Enabling Unauthenticated RCE *

Wireshark 4.6.4 Update Fixes Multiple Security Flaws *

27-Year-Old Telnet Vulnerability Actively Exploited in Modern Attacks *

Advanced Persistent Threat Utilizing Cloud-Based Command Channels *

New FreeBSD Vulnerabilities Allow Jail Escapes and Kernel Panics *

Windows CLFS Driver Vulnerability (CVE-2026-2636) Can Trigger System Crash *

Critical Zero-Day in Cisco SD-WAN Actively Exploited Since 2023 for Root-Level Access *

SURXRAT Android RAT Enables Full Device Surveillance and Data Exfiltration *

New Steaelite RAT Enables Unified Data Theft and Ransomware Operations *

CISA Confirms Active Exploitation of FileZen Vulnerability (CVE-2026-25108) *

Chinese AI Distillation Campaign Targeting Anthropic Claude Model *

Conduent Suffers Massive Data Breach, 8TB Stolen, 25+ Million Americans Impacted *

Threat Actors Leverage WMI for Stealthy Persistence on Compromised Windows Systems *

Stealthy NuGet Malware Exploits ASP.NET Identity to Exfiltrate Login Data *

Critical VMware Aria Operations Vulnerabilities Allow Unauthenticated Remote Code Execution *

Automated AI Exploits Enable Rapid Active Directory Domination *

ShinyHunters Extortion Group Claims Data Breach at Odido Impacting Millions *

CarGurus Data Breach Exposes 12.4 Million User Accounts *

UnsolicitedBooker Cyber Espionage Campaign Targets Central Asian Telecom Sector With LuciDoor and MarsSnake Backdoors *

Medusa Ransomware Used by Lazarus Group in Healthcare Attacks Across Middle East and U.S. *

Ukrainian Government and Finance Networks Hit by Malware Intrusions and Unauthorized Access Operations *

Wynn Resorts Employee Data Breach Confirmed After Extortion Threat *

GitHub Codespaces Copilot Exploited in RoguePilot Attack to Extract Sensitive Access Tokens *

Phishing and Stealer Malware Fuel Record Ransomware Activity in Financial Networks *

Threat Actors Leverage AI Tools to Achieve Full Domain Compromise in Just 30 Minutes *

ASP.NET Developers Targeted by Credential-Stealing NuGet Packages *

AI-Driven Attacks Target FortiGate Devices Using DeepSeek and Claude *

Malicious OpenClaw Tactics Enable AMOS Infection via Social Engineering *

ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft *

Starkiller Phishing Framework Leverages Live Reverse Proxy to Bypass MFA Controls *

Critical Vulnerability in HPE Telco Service Activator Enables Access Restriction Bypass *

Critical jsPDF PDF Object Injection Flaw in addJS Enables Malicious Actions Across Enterprise Applications *

Malware Campaign Exploits Iran Protest Narrative to Deploy RAT Spyware *

Fraudulent IPTV Apps Distribute Widespread Android Malware Targeting Mobile Banking Users *

GrayCharlie Hackers Exploit WordPress Sites to Inject Malicious Code *

AI Platforms Emerging as Covert Communication Paths for Malware *

Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign *

High-Risk Vulnerability in jsPDF Allows Malicious PDF Object Injection *

Threat Actors Abuse Multiple AI Services to Compromise 600+ FortiGate Firewall Devices *

SANDWORMMODE Supply Chain Worm Infects Over 19 Npm Packages to Steal Developer and CICD Secrets *

SvelteKit Adapter Vulnerability (CVE-2026-27118) Enables Public Caching of Private Data *

MuddyWater Targets MENA Organizations with Multi-Stage Malware Campaign *

Credential Theft Exposes 1.2 Million Accounts After Registry Breach at Ministry of Economy and Finance France *

128 Million Users Exposed by Critical Flaws in Popular VS Code Extensions *

Operational Breakdown of the Arkanix MaaS Campaign *

Google Play AI Systems Stop Malicious Apps and Protect User Privacy *

PayPal Data Breach Exposes Customer Information Following Credential-Based Attack *

Predictable Password Generation in Large Language Models Exposes Systems to Credential Compromise *

Severe Security Issues in VS Code Extensions Impact Global Developers *

Critical Jenkins Flaw Leaves Build Environments Vulnerable to Cross-Site Scripting (XSS) Attacks *

Apache Tomcat Discloses HTTP Security Constraint Bypass Vulnerability *

FBI Warns of Ploutus Malware Enabling Cardless ATM Cash-Out Attacks Across the U.S *

Stealthy Monero Mining Malware Spreads via Cracked Software and USB Drives *

Hackers Exploit Critical BeyondTrust Vulnerability (CVE-2026-1731) to Deploy VShell & SparkRAT *

Massiv Android Banking Malware Disguised as IPTV Application *

Microsoft Patches Critical Notepad RCE Vulnerability (CVE-2026-20841) After PoC Disclosure *

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center *

Critical DoS Vulnerability Affects 46 Million Users of ‘fast-xml-parser *

Nearly 1 Million Accounts Exposed in Figure Technology Solutions Security Incident *

Apache Camel Releases Patches for Critical Keycloak and LevelDB Vulnerabilities *

SmarterMail Vulnerabilities Rapidly Weaponized via Telegram Channels *

WebView Enabled Implants Leverage AI Service Domains Abused for Covert C2 Relays Demand Zero Trust Monitoring and Controls *

Critical Access Control Weakness in Pterodactyl Game Server Panel *

Microsoft Defender Introduces Centralized Script Library for Security Automation *

Sophisticated Phishing Operation Abuses Fake Google Forms Infrastructure to Capture Google Account Credentials *

Unauthorized Mobile Data Extraction Identified on Activist’s Samsung Device Using Digital Forensic Tool *

PromptSpy: First-Ever Android AI Malware Leveraging Google Gemini for Autonomous Decision-Making *

Hackers Exploit nslookup to Bypass Detection in ClickFix Intrusions *

Multiple DoS Vulnerabilities Disclosed in Sante PACS Server *

Fake Google Forms Used in Global Account Takeover Phishing Scheme *

The Vibe Coding Disaster: Moltbook AI Social Network Data Exposure *

Booking I Paid Twice Phishing Campaign Targets Hospitality Sector 2026 *

Threat Actors Exploit Jira Notification System to Evade Enterprise Spam Defenses *

Chrome Styles Extensions Exploited to Hijack 500,000 VK User Accounts *

ClickFix Campaign Abuses Nslookup for DNS-Based Malware Delivery *

Emoji-Based Malware Obfuscation (Unicode Smuggling) Enables Stealthy Attack Payloads *

CISA Says Windows Video ActiveX RCE Vulnerability Under Active Exploitation in KEV Catalog *

Social Engineering Attack Impersonates MetaMask Security Alerts *

CRESCENTHARVEST RAT and Credential Stealer Campaign Using LNK Execution and DLL Sideloading Targets Iranian Protest Supporters *

Grandstream GXP1600 Series Hit by Critical RCE Vulnerability Allowing Full Device Compromise *

Keenadu Firmware Backdoor Compromises Android Tablets via Signed OTA Updates *

Critical Vulnerabilities in Popular VS Code Extensions Expose Developers to Remote Code Execution and Data Theft *

Microsoft 365 Copilot Security Issue Undermines Email Sensitivity Controls *

Exchange Online Protection URL Filtering Triggers False Positive Phish Detections *

PostgreSQL Security Update Addresses Multiple Vulnerabilities Including Critical Code Execution Risks *

Dell RecoverPoint Zero-Day (CVE-2026-22769) Exploited by UNC6201 *

NVIDIA Megatron Bridge Code Injection Vulnerabilities (CVE-2025-33239 / CVE-2025-33240) Expose AI Training Environments *

Critical CVE-2026-1670 Flaw in Honeywell CCTV Cameras Enables Remote Device Takeover *

OpenClaw Gateway Vulnerability Exposes AI Agents to Remote Log Poisoning Attacks *

Critical Admin API Vulnerability Hits India’s Largest Private Pharmacy Platform *

MCP Supply Chain Attack Delivers StealC Infostealer Through Trojanized Developer Tooling and Registry Poisoning *

Cybercriminals Abuse Atlassian Cloud to Distribute Investment Scam Spam Campaigns *

Japanese Hotel Chain Washington Hotel Reports Server Breach Following Ransomware Attack *

Alleged 0APT Victim Count Reaches 200 Amid Lack of Data Leaks *

Malicious “CL Suite” Chrome Extension Targets Meta Business Accounts *

The “Styles” Trap: 500,000 VK Accounts Hijacked by Chrome Extensions *

25 Vulnerabilities Identified in Cloud Password Managers *

Severe Vulnerability Exposes FileZen to Attackers *

LangChain Community SSRF Bypass Vulnerability (CVE-2026-26019) Exposes Internal Services *

Multi-Stage Loader Exploit Temporary Directories via Phishing and Malvertising for Stealthy Malware Execution *

Critical CVE-2026-1490 in CleanTalk Plugin Exposes 200K WordPress Sites to Remote Code Execution *

Apache NiFi Vulnerability Permits Users to Bypass Restrictions *

ClickFix Social Engineering Exploit Hijacks Crypto Transactions via Browser JavaScript *

ZeroDayRAT Targeting Android and iOS Devices in Cross-Platform Spy Campaign *

Joomla Tassos Framework Exposes Systems to SQL Injection Attacks *

CTM360 Reports Lumma Stealer and Ninja Browser Malware Campaign Exploiting Google Groups *

AI Recommendation Poisoning Threat Exploits Memory Features in AI Assistants *

Fake Crypto Recruitment Campaign Linked to Lazarus Group Spreads Malicious npm and PyPI Packages *

Employee Phishing Incident Leads to Data Breach at Fintech Firm Figure *

Airleader Master Critical Vulnerability (CVE-2026-1358) Enables Remote Code Execution *

Matryoshka Malware Uses Fake Browser Prompts to Steal macOS Credentials *

SmarterMail Breach by Storm-2603 Leads to Warlock Ransomware Attacks *

Chrome Zero-Day Vulnerability Being Actively Exploited *

OpenSea Zero-Day Exploit Chain Targets Seaport Protocol and NFT Assets *

Incransom Ransomware Attack Targets Gulf Business Machines *

Criminal IP API Integration Enables Context-Rich Threat Analysis in IBM QRadar *

OysterLoader Campaign Raises Concerns Over Advanced Malware Evasion *

Luxury Brands Louis Vuitton, Dior, and Tiffany Hit with $25 Million in Data Breach Fines *

Phishing Campaign Abuses Fake Video Meeting Invites to Deploy Remote Access Tools *

Fake CAPTCHA Attacks Used to Deliver LummaStealer Malware *

Next Mdx Remote RCE Vulnerability Impacts Server Side Rendering in Next.js Applications *

Cybercriminals Exploit AI-Themed Chrome Add-Ons for Browser Surveillance *

XWorm RAT Distributed Through Phishing Emails Using CVE-2018-0802 Excel Flaw *

New ClickFix Attack Wave Delivers StealC Stealer via Fake CAPTCHA Pages *

CISA Warns of Actively Exploited Notepad Vulnerability (CVE-2026-15556) Impacting Windows Systems *

Multi Stage SSH Worm Leveraging Credential Stuffing Observed in Active Campaign *

Over 1,000 Feiniu Storage Devices Compromised After Backdoor Exploitation and Kernel-Level Persistence in Netdragon Botnet Campaign *

Rogue VM in VMware vSphere Reveals Muddled Libra s Full Attack Playbook *

Hardware-Embedded “EvilMouse” Grants Full System Control on USB Connection *

287 Harmful Chrome Extensions Found Stealing Data from 37.4 Million Users *

Malicious ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users *

Adblock Filter Lists Can Be Abused to Expose Users’ Real IP Addresses *

Lazarus Campaign Exploits npm and PyPI Dependencies to Deploy RATs and Exfiltrate Data *

Google Warns of State-Sponsored Hackers Leveraging Gemini AI for Reconnaissance and Attack Operations *

IoT Botnets and SOHO Routers Fuel ORB Network Attack Operations *

DragonForce Ransomware Group Expands Cartel Operations Since 2023 *

Palo Alto Networks PAN-OS Vulnerability (CVE-2026-0229) Can Force Firewall Reboot Loops *

Mass Exploitation Attempts Target Ivanti EPMM Critical Vulnerabilities *

Prometei Botnet Targeting Windows Server to Gain Remote Control and Deploy Malware *

Apple Zero-Day (CVE-2026-20700) Actively Exploited in Sophisticated Attacks *

Threat Actors Weaponize Grok, ChatGPT, and Google Ads to Distribute AMOS on macOS *

SandboxJS Critical Vulnerability Could Lead to Remote System Compromise *

Compromise of Government File Automation Systems Exposes Sensitive Citizen and Immigration Records in Ransomware Attack *

Windows WER Privilege Escalation Vulnerability (CVE-2026-20817) Exploited via Public PoC *

Singapore’s Telcos Targeted by China-Linked APT in Operation CYBER GUARDIAN *

Singapore s Telcos Targeted by China Linked APT in Operation CYBER GUARDIAN *

Third-Party IT Breach at Conduent Impacts Volvo Group North America Customer Data *

Russian APT Hijacks GitHub and Trusted Sites in Major Supply Chain Attack *

Microsoft Patch Tuesday Security Advisory – February 2026 *

Null Byte Nightmare: WPvivid Backup Flaw (CVE-2026-1357) Enables Unauthenticated File Upload & Site Takeover *

New Windows Notepad RCE Vulnerability Poses Enterprise Security Risk *

Microsoft Patches 6 Actively Exploited Zero-Days in February 2026 Update *

LinkedIn Identity Hijacking Enables North Korean Employment Fraud Operations *

APT36 Expands Operations with Linux Malware Targeting Government Infrastructure *

Multi-Cloud Linux LLM-Assisted Malware VoidLink Enables Credential Harvesting and Evasive Kernel-Level Control *

ZeroDayRAT Malware Gives Attackers Complete Control Over Android and iOS Devices *

Hackers Exploit Apple and PayPal Emails in DKIM Replay Phishing Campaign *

Attackers Use Bing Advertising Platform for Azure Tech Support Scams *

Libpng Heap Overflow Vulnerability (CVE-2026-25646) Affects Millions of Apps *

Critical JinJava Vulnerability (CVE-2026-25526) Allows Remote Code Execution *

Critical SAP S Code Injection Vulnerability *

Black Basta Ransomware Uses BYOVD Technique to Disable Antivirus Protections *

Critical Vulnerability in Payload CMS SQL Injection with CVSS 9.8 Exposes Admin Credentials *

Microsoft Patches Severe Arbitrary File Write via SessionsPythonPlugin in Semantic Kernel .NET SDK *

Critical Keylime Authentication Bypass (CVE-2026-1709) Undermines mTLS Trust Model *

Trust Boundary Flaw in Claude Desktop Extensions Enables Zero-Click RCE via Google Calendar *

Emerging Node.js–Based LTX Stealer Malware Exfiltrates User Credentials *

Hackers Use SmarterTools Software Bug to Launch Ransomware Attack *

Microsoft Exchange Online Flags Legitimate Emails as Malicious, Causing Delivery Disruptions *

Roundcube Webmail Flaw Enables Attackers to Track Email Open Activity *

Vortex Werewolf Malware (aka SkyCloak) – Tor-Enabled Persistent Backdoor *

Critical BeyondTrust Zero-Day Enables Unauthenticated Remote Code Execution *

Detecting Ransomware Using Windows Minifilters to Intercept File Change Events *

Apple Pay Phishing Campaign Exploits Fake Fraud Alerts to Steal 2FA Codes and Payment Data (2026) *

Cloud Infrastructure Exploited by TeamPCP Worm for Large-Scale Cybercrime *

Telegram Phishing Scam Targets User Accounts via Fake Login Authorization *

OpenClaw Marketplace Compromised in Supply Chain Attack Campaign *

Multiple SandboxJS Zero-Click Sandbox Escape Flaws Enable Arbitrary Code Execution *

CVE-2026-25526 Critical Jinjava Flaw Permits Remote Code Execution *

Mac Malware Exploits User Trust to Circumvent TCC Protections *

Improper Input Sanitization in EMS Server Leads to SQLi Allowing Attackers to Execute Arbitrary Commands *

Critical Moxa Switch Vulnerability Enables Bypass of Authentication Controls *

Hikvision Wireless AP Vulnerability Enables Remote Command Execution *

DKnife Framework Enables Router-Level TLS Interception and Malicious Payload Injection *

China-Nexus Hackers Target Global Organizations Using Advanced Cyber Espionage Techniques *

Transparent Tribe Hacker Group Targets India’s Startup Ecosystem in Cyber Attack *

Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers *

Cyber Espionage Group Linked to Asia Targets Public Infrastructure Worldwide *

Hackers Leveraging Windows Screensaver Files to Deploy RMM Tools for Persistent Remote Access *

Odyssey Stealer Launches New Active Campaign Targeting macOS Users *

F5 Urges Immediate Patching for High-Risk BIG-IP and NGINX Vulnerabilities *

Spam Campaign Distributing Fake PDFs Installs Remote Monitoring Tools for Persistent Access *

Improper Packet Handling in CAKE Qdisc Triggers Use-After-Free and System Compromise Through Kernel Memory Corruption *

APT-Q-27 Stealth Attack on Corporate Networks *

Malicious Traffic Ticket Payment Websites Target Drivers for Credit Card Fraud *

DDoS Attacks Hit Milano-Cortina 2026 Olympics Websites Amid Pro-Russian Hacktivist Campaign *

170+ SolarWinds Web Help Desk Servers Exposed to Actively Exploited RCE Flaw *

Substack Confirms Data Breach After Hacker Claims Theft of 700,000 User Records *

Betterment Discloses Data Exposure Affecting Approximately 1.4 Million Customers *

Injection and Denial-of-Service Threat in JavaScript PDF Generation *

Cyberattackers Use Fake RTO Challan Alerts to Spread Android Malware *

Cyberattack Forces Italy’s La Sapienza University to Shut Down Systems *

AISURU/Kimwolf Botnet Orchestrates 31.4 Tbps Hyper-Volumetric DDoS Attack on Global Infrastructure *

Ransomware Attack Disrupts Corporate IT and Website of Romania’s National Oil Pipeline Operator Conpet *

DragonForce Ransomware Attacks Critical Businesses Worldwide *

Critical n8n Vulnerability CVE-2026-25049 Allows Arbitrary Command Execution *

Malicious NGINX Configurations Used in Large-Scale Web Traffic Hijacking Attacks *

DesckVB RAT New Modular Remote Access Trojan Emerging in 2026 *

Cybercriminals Exploit Search Results to Redirect Victims to Counterfeit Traffic Portals in Phishing and Data Theft Campaign *

Hackers Abuse SonicWall SSLVPN Access to Deploy EDR Killer and Disable Endpoint Security *

WatchGuard Firebox LDAP Injection and VPN Privilege Escalation Pose Elevated Security Threats *

Cisco Collaboration Vulnerabilities Pose Serious Security Threats *

CVE-2026-24735 Apache Answer Data Exposure Flaw Reveals Deleted and Private Content *

Amaranth-Dragon Exploits WinRAR Flaw to Spy on Southeast Asia *

Critical Vulnerability in Cisco Meeting Management Allowing Remote Attackers to Upload Arbitrary Files *

Critical SolarWinds Web Help Desk RCE Flaw Added to CISA KEV List *

Critical Arbitrary File Write Vulnerability in ASUSTOR ADM CGI Hits ADM NAS Devices to Complete Takeover *

Chrome Security Flaws Enable Arbitrary Code Execution *

Google Chrome 144 Vulnerabilities in V8 and Libvpx Could Enable Remote Exploitation (CVE-2026-1862, CVE-2026-1861) *

Critical Metro4Shell Flaw in React Native Actively Exploited to Compromise Developer Systems *

Multiple OS Command Injection Vulnerabilities Fixed in TP-Link Archer BE230 Wi-Fi 7 Router *

Django Patches Multiple Vulnerabilities Impacting Application Security *

Critical Apache Syncope Console Admin-Level XXE Bug Enables XML Entity Injection and Data Exposure *

DynoWiper Malware Targets Polish Energy Sector in State-Sponsored Destructive Cyberattack *

APT28 Exploits Microsoft Office Zero-Day in Targeted Espionage Campaigns *

eScan Antivirus Update Servers Compromised in Malware Supply Chain Attack *

Panera Bread Confirms Data Breach Affecting 5.1 Million Unique Accounts *

NationStates Data Breach Enables Remote Code Execution and User Data Exposure *

OpenClaw Vulnerability Exposes Systems to Link-Based RCE Attacks *

Russian Legion Deploys Botnet-Driven DDoS Campaign Against Danish Critical Infrastructure *

Global Surge in HYIP Investment Scam Platforms Exploiting Social Media and Messaging Apps *

Punishing Owl Hacker Group Emerges, Targets Russian Government Networks *

Microsoft Launches Three-Phase Plan to Replace NTLM With Kerberos in Windows *

Electrum-Linked OT Attack Targets Poland’s Distributed Energy Sites *

Apple Privacy Strategy 2026: Ten System-Level Controls for Data Security *

Microsoft 365 OWA Add-Ins Bypass Audit Logs Allowing Persistent Silent Data Theft *

Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers *

Silent Intruder: EncystPHP Web Shell Burrows into FreePBX Systems *

CVE-2025-26385: Critical Remote SQL Injection Vulnerability in Johnson Controls Metasys *

Google Play Store Introduces Warnings for Power-Hungry Apps *

New Undetected macOS Malware Bypasses Gatekeeper to Steal Sensitive Data *

New ShadowHS Fileless Malware Actively Spreads Across Linux Systems *

Hackers Abuse IIS Servers in Targeted BadIIS Malware Campaign *

Microsoft Windows 11 Update Introduces Reliability Improvements and Secure Boot Changes *

Active Exploitation of Critical Ivanti EPMM Remote Code Execution Vulnerabilities *

NVIDIA Patches High Severity vGPU and Driver Bugs Enabling Host Compromise *

Open VSX Supply Chain Attack Deploys Encrypted Stealer Malware via Solana Etherhiding Targets Over 5,000 Developers *

Kyverno Privilege Escalation Vulnerability Grants Full Cluster Control to Namespaced Users *

Gemini MCP Tool Zero-Day Vulnerability Enables Remote Code Execution *

Critical Remote SQL Injection Vulnerability in Johnson Controls Metasys *

Critical SessionReaper Vulnerability Actively Exploited Against Magento Platforms Worldwide *

PHPUnit Unsafe Deserialization Allows RCE in CI CD Pipelines *

Critical Appsmith Flaw Enables Unauthenticated Execution of Unpublished Application Logic *

Google Disrupts the IPIDEA Residential Proxy Network Used to Abuse Millions of Compromised Devices Worldwide *

Critical Sandbox Escape Vulnerability in Grist-Core Enables Remote Code Execution (CVE-2026-24002) *

Cloudflare IPv6 BGP Route Leak Caused by Network Policy Misconfiguration in Miami Data Center *

Fake CAPTCHA Campaign Abuses Microsoft App-V to Deliver Amatera Infostealer *

TP-Link Omada Controller Hit by High-Severity IDOR Leading to Full Network Control *

PyTorch Safe Mode Bypass Vulnerability Enables Critical Remote Code Execution *

TP-Link Archer Vulnerability Allows Attackers to Take Full Control of Routers *

GitHub-Backed Cyber-Espionage Targeting Indian Government Networks *

MITRE’s ESTM Enables Proactive Defense for Embedded Systems Powering Critical Infrastructure *

SolarWinds Web Help Desk Vulnerabilities Expose Systems to RCE and Auth Bypass *

Severe n8n Vulnerability (CVSS 9.9) Enables Authenticated Users to Execute Remote Code *

OpenSSL Stack Buffer Overflow Vulnerability Enables Pre-Auth Remote Code Execution *

HPE Aruba Releases Patches for High-Severity RCE and OpenSSL Vulnerabilities *

Active Exploitation of Critical Fortinet FortiCloud SSO Vulnerability *

High-Severity Chrome Background Fetch Bug Patched in Latest Stable Release *

Localhost Authentication Bypass in Clawdbot Agents Exposes Thousands of Instances *

CVE-2025-67968: Critical Arbitrary File Upload in RealHomes CRM Threatens 30,000+ WordPress Sites *

Rufus Local Privilege Escalation Vulnerability Allows Administrator-Level Code Execution (CVE-2026-23988) *

High-Severity Flaw in Western Digital Installer Opens Door to Code Execution *

Active Threat Campaigns Abuse React2Shell for Remote Code Execution *

Google Protocol Buffers Affected by High-Severity DoS Vulnerability *

Microsoft Fixes Actively Exploited Office Zero-Day Vulnerability (CVE-2026-21509) *

Fake Notepad++ Installers Infect Systems with Proxyware Malware *

React Issues Urgent Advisory After Incomplete DoS Fix in Server Components *

Severe vm2 Vulnerability (CVSS 9.8) Exposes Millions of Apps to Sandbox Escape *

Snap Store Domain Hijacking Attack Enables Malicious Linux Software Distribution *

Oracle January 2026 CPU: Critical Vulnerabilities, Exposure Risks, and Patch Prioritization *

Nike Investigating Alleged Cyberattack After WorldLeaks Data Leak Threat *

Backdoor Vulnerability Places Over 20,000 WordPress Sites at Risk of Unauthorized Admin Access *

Raaga Discloses Data Breach Affecting 10.2 Million Accounts *

Fake Notepad++ Installers Deliver Proxyjacking Malware via DLL Side-Loading *

TrustAsia Fixes Critical LiteSSL ACME Misconfiguration After Mass Certificate Revocation *

Threat Actors Abuse Legitimate Driver Variants to Disable Endpoint Security Before Ransomware Attacks *

Hackers Weaponize Security Tools to Undermine Defenses Before Ransomware Attacks *

Critical RCE Vulnerability in Vivotek IoT Camera Firmware *

New AI-Based Android Malware Exploits WebView Components for Automated Ad Fraud *

NVIDIA CUDA Toolkit Vulnerabilities Enable High-Severity Code Execution Attacks *

Critical Chainlit AI Flaws Allow Attackers to Take Over Cloud Environments *

Malicious Code Injection Risk Found in binary-parser for Node.js *

Critical Academy LMS Flaw (CVE-2025-15521, CVSS 9.8) Leads to Complete Admin Compromise *

Global FortiGate Firewall Threat: Key Actions to Safeguard Networks Against Unauthorized Access *

CVE-2026-20045: Critical Cisco Unified CM RCE Under Active Exploitation *

BIND DNS Remote Crash Vulnerability CVE-2025-13878 *

Evelyn Stealer Malware Abuses VS Code Extensions *

OPNsense 25.7.11 Introduces Host Discovery Service to Enhance Network Visibility *

WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol *

Apache Solr Flaws Allow Data Exposure & Authentication Bypass *

Hackers Exploit LinkedIn Messages to Deliver Malware via Fake Business Files *

Prompt Injection to RCE: Three Flaws Expose Anthropic’s MCP Git Server *

NVIDIA Nsight Graphics for Linux Vulnerability Enables Arbitrary Code Execution *

GitLab Fixes High-Severity Vulnerabilities Impacting Authentication and Availability *

Zoom Hit by Critical RCE Vulnerability Exploitable via Command Injection *

AVEVA Software Hit by Critical Flaws Allowing SYSTEM-Privilege Remote Code Execution *

TP-Link Router Vulnerability Allows Authentication Bypass via Password Recovery Feature *

McDonald’s India Allegedly Hit by Everest Ransomware Data Exfiltration Attack *

100,000+ WordPress Sites Exposed by Critical Plugin Vulnerability *

Critical Bluetooth Flaws in Xiaomi Redmi Buds Enable Call Data Exposure and Device Crashes *

Coordinated Malicious Chrome Extensions Target Enterprise HR and ERP Platforms via Session Hijacking *

Remcos RAT Campaign Uses Trojanized VeraCrypt Installers to Target South Korean Users *

ServiceNow BodySnatcher Vulnerability Enables Unauthenticated User Impersonation *

UK Government Issues Alert on Sustained Pro-Russian Hacktivist DDoS Campaigns *

Threat Actors Impersonate Malwarebytes to Deploy Infostealers *

AI Guardrails Under Fire Prompt Injection and Agent Exploits Expose New Enterprise Security Risks *

StackWarp Hardware Vulnerability in AMD Zen Processors *

PDFSider Backdoor Leveraged in Attack Against Fortune 100 Financial Enterprise *

CrashFix Campaign Uses Malicious Chrome Extension to Deliver ModeloRAT Malware *

Iran State TV Hijacked to Broadcast Anti-Regime Messages and Protest Appeal *

Critical Vertex AI Misconfiguration Enables Privilege Escalation via Service Agents *

Cisco Addresses Actively Exploited AsyncOS Zero-Day Vulnerability *

Livewire File Manager Flaw Leaves Web Applications Vulnerable to Remote Code Execution *

Cloudflare Zero-Day Allows Attackers to Bypass WAF and Access Protected Origin Servers *

Ingram Micro Confirms Ransomware Incident Impacting 42,000 Individuals *

Critical WhisperPair Vulnerability Enables Tracking and Eavesdropping via Bluetooth Audio Devices *

Bluetooth “Heartbleed” and DoS Flaws in Xiaomi Redmi Buds *

Crypto Wallet Theft Campaign Using Impersonated Malware Branding *

ABB Ability OPTIMAX Authentication Bypass Vulnerability Enables Full System Takeover *

Critical Deno Flaws Expose Cryptographic Secrets and Windows Command Execution Risks *

GootLoader Malware Abuses Malformed ZIP Archives to Evade Endpoint and Network Defenses *

GhostPoster Campaign Spreads Malicious Browser Extensions to 840,000 Users *

Major CIRO Security Incident Compromises Data of 750,000 Investors in Canada *

Critical XSS Vulnerabilities in Meta Conversions API Gateway Enable Silent, Large-Scale Facebook Account Takeovers *

Researchers Breach StealC Malware Infrastructure via Control Panel Flaw *

Promptware Kill Chain Five-Step Model for AI-Driven Cyberattacks *

Chinese Infrastructure Used for Large-Scale C2 Operations *

HPE Aruba Networking Flaws Expose VLAN and Internal Network Data *

Palo Alto PAN-OS GlobalProtect Denial-of-Service Vulnerability *

Kyowon Group Ransomware Incident Disrupts Operations, Millions of Accounts Potentially Affected *

Critical Cal.com Authentication Bypass Vulnerability Allows Account Takeover *

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure *

AWS Fixes CodeBuild Misconfiguration Preventing CI Pipeline Supply Chain Repository Takeovers *

Critical CVE-2026-23550 Bug Lets Hackers Gain Full WordPress Admin Access *

Reprompt Attack Exposes Risk of Silent Data Theft in Microsoft Copilot *

Major Data Breach at Central Maine Healthcare Affects 145,000+ Patients *

Windows Remote Assistance Security Feature Bypass Enables Circumvention of MoTW Safeguards *

Cloud Infrastructure Abuse for Enterprise Phishing Campaigns *

Elastic Releases Security Fixes for Vulnerabilities Enabling File Theft and DoS *

Improper Input Handling in Copilot URL Parameters Leads to Silent Data Disclosure *

Spring CLI Vulnerability Allows Arbitrary Command Execution on User Systems *

VoidLink Emerges as Cloud-Native Linux Malware Framework Targeting Containers and Cloud Infrastructure *

Apex Legends Character Hijacking Incident Enables Remote Player Control in Live Matches *

Critical OpenCode Flaws Allow Malicious Websites to Execute Code on Developer Systems *

Critical FortiSIEM Vulnerability Risks Enterprise Visibility and Security Operations *

Critical SAP Vulnerabilities in S-4HANA and Wily Introscope Put Financial Systems at Risk *

Chrome 144 Security Update Patches Critical V8 Engine Vulnerabilities *

Critical OpenSSH Remote Code Execution Risk in Moxa Industrial Switches *

Betterment Reports Security Incident Involving Compromised Email Distribution Infrastructure *

Microsoft Patch Tuesday Security Advisory – January 2026 *

Critical Hikvision Bugs Expose Cameras to Network-Based Disruption Attacks *

FortiSandbox SSRF Flaw Allows Attackers to Proxy Internal Traffic Using Crafted HTTP Requests *

Node.js Issues Security Update Patching Seven Vulnerabilities Across All Release Lines *

Target Dev Server Offline After Hackers Claim to Steal Source Code *

State-Sponsored Insider Threat Campaign via Fraudulent Remote Hiring Practices *

Apex Legends Live Match Incident Involved Remote Character Control by Unknown Actor *

New Multi-Stage Malware Campaign Delivers Remcos RAT (SHADOW#REACTOR) *

YARA-X 1.11.0 Adds Hash Function Warnings to Improve Rule Accuracy *

ServiceNow Security Flaw CVE-2025-12420 Allows Unauthenticated User Impersonation *

Browser-in-the-Browser Phishing Campaign Targets Facebook Users for Credential Theft *

CISA Issues Urgent Alert on Active Exploitation of Gogs Vulnerability CVE-2025-8110 *

Angular Template Compiler Bug Allows Malicious SVG Script Injection And Session Hijacking *

University of Hawaii Cancer Center Ransomware Attack Exposes Research Data and SSNs *

Endesa Reports Customer Data Breach Following Security Incident *

Texas Gas Station Operator Reports Data Breach Affecting 377,000 Customers *

Cisco Snort 3 Vulnerabilities Impacting Sensitive Data Security *

GitLab Releases Patch for High-Severity XSS and AI Vulnerabilities Exposing User Data *

700,000 Personal Records Compromised in Illinois DHS Cyber Incident *

Illicit Cryptocurrency Transactions Surge in 2025 as Cybercrime Ecosystems Expand *

ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration *

Instagram Confirms No Breach After Reports of 17M Account Data Exposure *

MuddyWater Deploys RustyWater RAT in Targeted Spear-Phishing Campaign *

BreachForums User Database Exposure Leaks 324000 Account Records *

Critical InputPlumber Bug Permits UI Input Manipulation and Denial-of-Service *

Solonik Leak Exposes 17.5 Million Instagram User Profiles *

Critical Vulnerabilities in EOL Vivotek IP7137 Cameras Enable Unauthorized Access *

Apache Struts XXE Flaw CVE-2025-68493 Puts Enterprise Data at Risk *

Critical Apache Uniffle Vulnerability Exposes Distributed Systems to MITM Attacks *

Critical React Router Vulnerabilities Enable File Access, XSS, and Session Manipulation Attacks *

Critical zlib Vulnerability (CVE-2026-22184, CVSS 9.3) Enables Global Buffer Overflow *

Critical Linux TLP Vulnerability Exposes Systems to Unauthorized Power Control *

Critical OWASP CRS Vulnerability Allows Charset Validation Bypass *

Critical Trendnet Vulnerability (CVE-2025-15471) Enables Complete Device Takeover *

SmarterMail Flaw Enables Remote Code Execution, Proof-of-Concept Released *

Major Security Flaw in H3C Wi-Fi Systems Exposes Networks to Takeover *

Possible State-Sponsored Cyber Activity Disrupts Power Infrastructure in Caracas *

Critical Vulnerabilities Enabling Full Server Compromise *

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls *

Malicious npm Packages Distributing NodeCordRAT via Supply Chain Attack *

DocuSign Impersonation Campaign Distributes Vidar Malware Through Phishing Emails *

Trend Micro Apex Central Hit by Critical Unauthenticated RCE Vulnerability *

Critical Foomuuri D-Bus Vulnerabilities Expose Linux Systems to Unauthorized Local Network Configuration Changes *

Critical Undertow Vulnerability (CVE-2025-12543) Exposes Java Servers to Host Header Attacks *

GoBruteforcer Botnet Targets Crypto Servers Using Weak AI-Generated Configurations *

Critical Apache NimBLE Bluetooth Vulnerabilities Allow Spoofing and Eavesdropping Attacks *

New “Maestro” Exploit Reveals Critical Weaknesses in ESXi VM Isolation *

Critical jsPDF Vulnerability (CVE-2025-68428) Allows Sensitive Data Exfiltration via PDF Generation *

China-Linked Salt Typhoon Breaches U.S. Congressional Email Systems *

BlueDelta Cyber Espionage Operations Target Enterprise Authentication Services for Credential Theft *

CVE-2026-21858: CVSS 10.0 Flaw in n8n Allows Unauthenticated RCE and Server Takeover *

Malicious Office Assistant Update Infects Windows Systems With Mltab Malware *

Venezuela BGP Leak Explained: Misconfiguration, Not Cyber Espionage *

CISA Adds Critical HPE OneView RCE and Legacy PowerPoint Vulnerability to KEV Catalog *

Critical RCE Vulnerability Actively Exploited in End-of-Life D-Link Routers (CVE-2026-0625) *

GoBruteforcer Attack Wave Targets Crypto and Blockchain Projects *

Veeam Patches Critical Remote Code Execution Flaws in Backup & Replication Software *

High-Severity WebView Vulnerability Patched in Google Chrome 143 *

Dify Addresses Backend Masking Failure Leading to API Key Exposure *

Forcepoint DLP Vulnerability (CVE-2025-14026) Enables Bypass of Restricted Python Controls *

Critical Remote Command Injection in D-Link Legacy DSL Routers (CVE-2026-0625) *

Microsoft Alerts on Email Routing Misconfigurations Driving Internal Domain Spoofing *

Critical n8n Vulnerability CVE-2026-21877 Enables Full System Compromise *

Fake Notepad++ Websites Used by BlackCat Group to Distribute Credential-Stealing Malware *

China-Linked Cyberattacks on Taiwan Energy Sector Increase Tenfold *

PHALT BLYX Campaign Exploits Fake Booking.com Alerts to Deploy DCRat Malware *

macOS Vulnerability Enables TCC Bypass, Putting Sensitive User Data at Risk *

Two Malicious Chrome Extensions Exfiltrating ChatGPT and DeepSeek Conversations *

Unpatched Firmware Vulnerability Allows Full Remote Takeover of TOTOLINK EX200 Devices *

Critical Dolby Vulnerability Patched in Android *

Crimson Collective Allegedly Breaches Brightspeed, Claims Theft of Over 1M Customer Records *

Sophisticated Google Support-Style Phishing Campaign Steals Credentials *

n8n Vulnerability (CVE-2025-68668) — Authenticated System Command Execution (CVSS 9.9) *

ClickFix BSOD Phishing Campaign Delivering DCRAT Malware *

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks *

ProfileHound Tool Exposes Dormant User Profiles in Active Directory Environments *

PyArmor Obfuscation Used for Evasion of Static and Signature-Based Analysis *

Russia-Linked Hackers Weaponize Viber Messaging to Deploy RATs in Ukrainian Government Networks *

Apache SIS Vulnerability Allows Local File Disclosure via Malicious XML Metadata Targeting GIS Applications *

Critical jsPDF Vulnerability Enables Unauthorized Server File Access in Node.js *

GravityRAT Expands Remote Access Attacks Across Multiple Platforms *

High-Severity DoS and Request Smuggling Flaws Patched in Aiohttp Security Update *

High-Severity Apache Kyuubi Vulnerability Enables Arbitrary File Access *

Cybersecurity Incident Leads to Full Closure of Higham Lane School *

Covenant Health Confirms Large-Scale Unauthorized Access to Healthcare IT Systems *

Ledger Users Affected by Data Breach at Third-Party Vendor Global-e *

PS5 BootROM Key Leak Reveals Unfixable Hardware-Level Security Flaw *

VVS Stealer Malware Targets Discord Accounts *

Hackers Claim Resecurity Breach, Firm Says Incident Was a Honeypot Operation *

Alleged NordVPN Internal Systems Breach Highlights Risks in Exposed Development Environments *

GHOSTCREW Open-Source Toolkit Introduces AI-Driven Penetration Testing *

Healthcare Provider Revises Breach Scope to Impact 478000 Patients *

Critical Hardcoded Authentication Token Vulnerability in RustFS Enables Full Cluster Compromise *

Sedgwick reports data breach linked to TridentLocker ransomware attack *

QNAP Fixes High Severity SQL Injection and Path Traversal Vulnerabilities *

FortiWeb Exploitation Campaign Uncovered via Exposed Logs *

Telegram Breach Sparks Concerns Over Political Cybersecurity *

CVE-2025-66848: Critical JD Cloud Router Flaw Allows Remote Root Access *

AdonisJS Bodyparser Bug Allows Path Traversal Leading to File Overwrite and RCE *

Critical Eaton UPS Companion Vulnerabilities Enable Local Code Execution on Windows Systems *

Critical Authentication Bypass in IBM API Connect CVE-2025-13915 *

Phishing Campaign Abuses Google Cloud Email Feature *

Careto Hacker Group Resurfaces After 10 Years *

DarkSpectre Browser Malware Operation Infected 8.8 Million Chrome, Edge, and Firefox Users *

Fake Eternl Desktop Wallet Used in Cardano Phishing Campaign *

CVE-2025-14346 Allows Unauthorized Bluetooth Control of WHILL Power Chairs *

GlassWorm Malware Targets macOS Developers via Malicious VSCode Extensions *

High-Risk Flaws in GNU Wget2 Allow Path Traversal and Memory Corruption Attacks *

Apache NuttX RTOS Updates Fix Use-After-Free and DoS Flaws *

Magecart Attack Chain Uses 50+ Malicious Scripts to Steal Online Payment Data *

Critical SmarterMail RCE Vulnerability (CVE-2025-52691) Alert by Singapore CSA *

VOID KILLER Emerges as Serious Threat to Enterprise Endpoint Security *

Apache StreamPipes Privilege Escalation Vulnerability CVE-2025-47411 Enables Unauthorized Administrative Access *

ErrTraffic ClickFix Campaign Automation Service *

Spear-Phishing Threat Aimed at Security Individuals in the Israel Region *

European Space Agency Confirms Cybersecurity Breach on External Servers *

CISA Directs Federal Agencies to Patch Exploited MongoBleed Vulnerability *

Coupang to Split $1.17 Billion Among 33.7 Million Data Breach Victims *

Chinese State-Linked Rootkit Hides ToneShell Malware Deployment *

New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones *

Coordinated Cyberattack Floods Adobe ColdFusion Infrastructure with Millions of Exploit Attempts *

Critical SmarterMail Vulnerability Enables Full Server Takeover Without Authentication *

Silver Fox Phishing Campaign Targets Indian Organizations Using Tax-Themed Malware *

Windows Local Privilege Escalation Flaws in Kernel Drivers and Named Pipes Enable Elevated Access *

Ransomware Attack Shuts Down Key IT Systems at Romania’s Oltenia Energy Complex *

Security Incident at Korean Air Leads to Employee Data Exposure *

OpenAI Hardens ChatGPT Atlas Against Prompt Injection Attacks *

WIRED Subscriber Data Breach Claim Exposes 2.3 Million Records *

27 npm Packages Weaponized as Phishing Infrastructure for Login Credential Theft *

Trust Wallet Chrome Extension Supply-Chain Attack Leads to Multi-Million Dollar Crypto Theft *

Large-Scale Automated Exploitation Campaign Targeting Multiple Internet-Facing Technologies *

Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns *

EmEditor Supply Chain Attack Prompts Urgent Security Warnings for Enterprises *

AI-Led Discovery Triggers Alarm Over CVSS 10 Zero-Day in Xspeeder Firmware *

Jackson Typosquatting Attack on Maven Central *

Ubisoft Rainbow Six Siege Services Disrupted Following Suspected MongoBleed Exploitation *

New WebKit Integer Overflow Vulnerability Found in iOS 26.2 with Public PoC *

China-Linked Evasive Panda Conducted DNS Poisoning Attacks to Distribute MgBot Malware *

French Postal Operator Suffers Major Network Outage Linked to Cyberattack *

Malicious Analytics Logic in Trust Wallet Browser Extension Leads to Multi-Chain Wallet Drain *

“Purchase Order” Deception Leveraging a Sophisticated Malware Loader Across Italy, Finland, and Saudi Arabia *

DriverFixer0428 Credential Stealer in Contagious Interview Campaign (macOS) *

Israeli Organizations Targeted by AV Themed Malicious Word and PDF Files *

LastPass 2022 Data Breach Enables Years-Long Exploitation of Encrypted Vaults Leading to Cryptocurrency Theft *

Critical LangChain Flaw Allows Malicious Actors to Steal Secrets from AI-Driven Systems *

Typosquatted MAS Domain Tricks Users into Running Malicious Activation Script *

Threat Actors Exploit Unpatched FortiGate 2FA Bypass Vulnerability *

Koi Security Uncovers Persistent Backdoor with lotusbail npm Package Targeting WhatsApp npm Library Stealing Credentials and Messages *

Critical LangChain Vulnerability Lets Attackers Steal Secrets via Prompts *

High-Severity Zimbra Vulnerability Exposes Internal Files Without Authentication *

Critical TeamViewer DEX Vulnerabilities Enable Takeover of Nomad Services *

Net-SNMP Vulnerability Triggers Buffer Overflow, Crashing the Daemon *

Somalia E-Visa Platform Exposes Sensitive Traveler Information *

Shinhan Card Confirms Data Breach Impacting 192,000 Merchants in South Korea *

MacSync Stealer Dropper Bypasses macOS Gatekeeper Using Notarized Signed App *

Ransomware Attack on Romanian Waters Authority Disrupts IT Systems Nationwide *

WebRAT Malware Targeting Developers Through Malicious GitHub Exploit Repositories *

Operation PCPcat Weaponizes Next.js and React Bugs, Compromising 59,000+ Servers *

Inside APT37’s Artemis Malware Campaign: From Casting Lures to System Compromise *

High-Risk NVIDIA Isaac Launchable Security Issues Lead to Complete System Takeover *

Spotify Investigates Alleged 300TB Music Archive Leak Linked to Anna’s Archive *

Critical MongoDB Vulnerability Allows Unauthenticated Memory Disclosure via zlib Compression *

M-Files Alert on Insider Session Hijacking and Vault Metadata Leakage Risks *

Linksys Router Authentication Bypass Zero-Day Vulnerability *

Nissan Confirms Data Breach After Unauthorized Access to Red Hat Servers *

Critical Vulnerabilities in Exim Mail Server Could Lead to Remote Compromise *

University of Phoenix Data Breach Affects Nearly 3.5 Million Individuals *

Microsoft Fixes Privilege Escalation Flaw in Windows Brokering File System Driver *

Sleeping Bouncer: A Deep Dive into the Pre-Boot DMA Vulnerability in Modern Firmware *

Darknet-Driven Insider Threat Campaigns Target High-Value Enterprise Networks *

Malicious Free VPN Extensions Compromise AI Chat Privacy of 8 Million Users *

Microsoft Teams Global Outage Causes Widespread Messaging Delays *

U.S. DOJ Files Charges Against 54 in Coordinated ATM Jackpotting Attacks Using Ploutus Malware *

Critical n8n Security Flaw Grants Attackers Full Control of Affected Servers *

Cellik RAT Exploits Google Play Apps, Expanding the Reach of Mobile Cybercrime *

Dify Vulnerability Exposes System Configurations to Anonymous Users *

RansomHouse Elevates Ransomware Threat With Advanced Multi-Layered Mario Encryptor *

Critical Apache NiFi Vulnerability in GetAsanaObject Processor Enables Unsafe Java Deserialization Attacks *

Cloud Atlas Hacker Group Exploits Microsoft Office Vulnerabilities to Execute Malicious Code *

Roundcube Vulnerabilities Enable Malicious Script Execution *

Headlamp Vulnerability Enables Unauthorized Helm Release Management in Kubernetes Clusters *

Linux Kernel Records First Rust-Based Vulnerability With CVE-2025-68260 *

WatchGuard 0-day Vulnerability Exploited to Hijack Firewalls *

China-Linked LongNosedGoblin APT Exploits Windows Group Policy to Target Government Networks in Asia *

Udados Botnet Targets Web Infrastructure with Stealth DDoS Attacks *

UEFI IOMMU Initialization Flaw Exposes Major Motherboard Vendors to Early Boot DMA Attacks *

University of Sydney Data Breach (December 2025) Exposes Personal Information of Staff and Students *

High-Severity Kibana Vulnerability Enables XSS Attacks Through Vega Charts *

Log4j TLS Hostname Verification Vulnerability Enables Log Interception *

OpenAI GPT-5.2-Codex Accelerates Software Vulnerability Discovery and Defensive Cybersecurity *

Ink Dragon Hackers Breach European Governments, Extending Attacks to Asia and South America *

Severe systeminformation Flaw Allows Arbitrary Command Execution on Windows Systems *

Virginia Mental Health Authority Reports Data Breach Impacting 113,000 Individuals *

Critical Flaw in Apache Commons Text Enables Remote Code Execution Attacks *

Kimwolf Botnet Compromises 1.8 Million Android TV Devices to Conduct Large-Scale DDoS Attacks *

SonicWall Privilege Escalation Vulnerability (CVE-2025-40602) Actively Exploited - Patch Released *

Suspected Malware on GNV Ferry Fantastic Sparks Remote Hijack Fears *

Cisco AsyncOS Zero-Day Vulnerability Actively Exploited *

CVE-2025-20393 Under Active Attack as UAT-9686 Targets Cisco Email Gateways *

CISA Warns of Active Exploitation of Critical Cisco Zero-Day and SonicWall Vulnerabilities *

Critical HPE OneView Security Bug Exposes Data Center Control Planes Worldwide *

Remote Code Execution in Automotive Infotainment via Modem Firmware *

Russian Hackers Target Network Edge Devices Across Western Critical Infrastructure *

Microsoft Confirms Critical Desktop Window Manager Privilege Escalation Vulnerability *

China-Linked Ink Dragon Espionage Campaign Uses ShadowPad and FINALDRAFT Malware Against Government Networks *

APT C 35 Leverages Distinct Apache HTTP Response Patterns for Covert Infrastructure Operations *

BlindEagle Attackers Leverage Trusted Channels to Bypass Enterprise Email Protections *

Chrome Stable Channel Update Fixes High-Severity WebGPU and V8 Vulnerabilities *

NVIDIA Patches Critical Vulnerabilities Across Isaac Sim, NeMo Framework, and Linux Resiliency Tools *

Cellik Android Malware Turns Trusted Google Play Apps into Stealthy Trojanized Threats *

GhostPoster Campaign Hides Malicious JavaScript Inside Firefox Add-on Logos *

Security Flaws in Windows Remote Access Connection Manager Enable Privilege Escalation *

Microsoft Windows Admin Center Bug Exposes Systems to Privilege Escalation Attacks *

Cyber Threat Alert: NoName057(16) Launches DDoSia Attacks Against NATO-Linked Organizations *

Critical Privilege Escalation Vulnerability Identified in JumpCloud Remote Assist *

700,000 Records Exposed Following Askul Ransomware Incident *

GhostPairing WhatsApp Account Takeover Attack *

Fake mParivahan and e-Challan Apps Used to Distribute Android Malware *

PCPcat Malware Campaign Exploiting React2Shell and Next.js RCE Vulnerabilities *

Critical React2Shell Vulnerability Exploited in the Wild to Establish Persistent Backdoors *

SantaStealer Malware Campaign Exploits Browser Storage to Steal Crypto and User Credentials *

FrogBlight Android Malware Disguises Government Websites to Collect SMS and Device Information *

Shannon AI Pentesting Platform Automates Discovery and Exploitation of Web Application Flaws *

Five-Year NuGet Supply Chain Attack Targeting .NET Developers via Homoglyphs and Typosquatting *

OpenShift GitOps Privilege Escalation Vulnerability (CVE-2025-13888) *

SoundCloud Hit by Data Breach as User Information Stolen and VPN Access Blocked *

Persistent macOS Installer Bug Allows Attackers to Hijack Privileged Processes *

Critical ScreenConnect Server Vulnerability Enables Privileged Abuse Through Malicious Extension Installation *

Jaguar Land Rover Confirms Enterprise IT and OT Systems Breached, Employee Data Compromised *

FreePBX Releases Security Updates for High-Risk RCE Vulnerabilities *

French Interior Ministry Confirms Cyberattack Affecting Email Servers *

Frogblight Malware Targets Android Users by Spoofing Government Portals *

700Credit Data Breach Exposes Information of 5.8 Million Auto Dealership Customers *

Critical RasMan Flaw in Windows Enables Local Crash and SYSTEM-Level Privilege Escalation *

Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution *

Active Phishing Campaign Targets Russian Organizations With ISO-Based Malware and Credential Theft *

PayPal Subscriptions Abused to Send Fake Purchase Emails *

Gentlemen Ransomware Emerges as a Threat to Corporate Networks *

Storm-0249: Sideloading Malicious Code into EDR Processes to Avoid Detection *

CyberVolk VolkLocker Ransomware Undermined by Critical Cryptographic Implementation Flaw *

Critical Security Flaws in Apache StreamPark Expose Data to Decryption and Token Forgery *

ImageMagick Flaw Allows Arbitrary Memory Disclosure via PSX TIM Integer Overflow on 32-bit Systems *

Critical Plesk Vulnerability Enables Root-Level Server Takeover *

NVIDIA Merlin Deserialization Flaws in NVTabular & Transformers4Rec Risk AI Pipeline RCE *

Apple Releases Emergency iOS 26 Update to Patch Actively Exploited WebKit Zero-Day Vulnerabilities *

Critical pgAdmin Vulnerability Enables Server Takeover Through Database Restore via Malicious SQL Dump Files *

IBM Mitigates High-Risk Vulnerabilities Across Enterprise Software Stack *

Fieldtex Data Breach Affects Approximately 238,000 Individuals *

Pierce County Library Data Breach Exposes Information of 340,000 Individuals *

Adobe Delivers Critical Updates After Discovering 140 Vulnerabilities *

Global Developer Frustration as GitHub Faces Intermittent Server Failures *

Soledad WordPress Theme Vulnerability that Enables Full Site Takeover *

Critical Vulnerabilities Discovered in Apache Fineract Core Banking Platform *

Critical New Bugs in React Server Components Allow Server Downtime and Code Leak Exploits *

Spiderman Kit Fuels Advanced Phishing Campaigns Against Banks and Crypto Services *

MKVCinemas Streaming Piracy Platform Dismantled After 142M Visits *

Persistent Middle East Espionage: WIRTE Uses AshenLoader to Deploy AshTag Backdoor *

Critical Cryptographic Flaw in Gladinet CentreStack Enables Remote Code Execution Attacks *

Researchers Discover NANOREMOTE Malware Targeting Windows Systems Worldwide *

Notepad++ Fixes Flaw That Allowed Malicious Update Files *

Windows PowerShell CVE-2025-54100 Fixed: Improper Neutralization Enables Local Code Execution *

CISA Issues Warning on Actively Exploited GeoServer XXE Vulnerability in Updated KEV Catalog *

GitLab Releases Security Update Addressing Severe XSS and Denial-of-Service Flaws *

Critical Flaw in India-Based CCTV Cameras Exposes Video Feeds and User Credentials *

Active Exploitation of Gogs 0-Day Allows Remote Code Execution via API Endpoint Vulnerability *

SOAPwn Flaw Exposes .NET Apps to Remote Code Execution *

Critical Chrome Zero Day Flaw Patched in Urgent Security Update *

DroidLock Android Ransomware Locks Devices and Extorts Victims *

React2Shell Security Flaw Used in Coordinated Campaigns to Deploy Crypto Miners and Complex Malware Toolkits Across Businesses *

Security Alert: Zoom Rooms Vulnerabilities Put Conference Systems at Risk *

Critical Jenkins Vulnerabilities Expose Unauthenticated DoS via HTTP CLI and XSS via Coverage Reports *

Apache Struts 2 DoS Vulnerability (CVE-2025-66675) File Leak in Multipart Request Processing *

Fortinet Warns of Critical FortiSandbox Vulnerability Allowing OS Command Injection *

Windows Defender Firewall Bug Exposes Sensitive Data to Attackers *

PCIe Security Flaws Impact Intel and AMD Processors *

Akira ransomware group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities *

Microsoft Outlook Flaw Allows Remote Execution of Malicious Code *

New Vishing Threat Exploits Teams Calls and Quick Assist Sessions to Inject .NET Malware *

Makop Ransomware Targets RDP Vulnerabilities and Uses AV Evasion Tactics for Deployment *

Critical Zero-Click Flaw in Google Gemini Enables Complete Workspace Data Theft *

Critical n8n Git Node Flaw (CVE-2025-65964) Exposes Servers to Remote Code Execution *

Critical Rockwell Flaws Threaten Industrial Systems with SQL Injection Data Tampering and Safety Device DoS Needing Manual Fix *

High-Severity ZITADEL V2 Login UI Flaws Lead to SSRF Exploitation and XSS-Based Account Takeover *

Critical Fortinet Flaw Enables Unauthenticated Admin Bypass via FortiCloud SSO SAML Forgery *

Microsoft Patch Tuesday Security Advisory – December 2025 *

Critical Step CA Exploit Lets Threat Actors Mint Trusted Certificates Unchecked *

Vitas Healthcare Data Breach Exposes Sensitive Information of Over 300,000 Individuals *

Ivanti Issues Security Update to Fix Code Execution Vulnerabilities in Endpoint Manager *

Critical Vulnerability in Emby Server Enables Full Admin Access *

Anatsa (TeaBot) Banking Trojan Delivered via Fake Document-Reader App on Google Play *

React Ecosystem Exposed to High-Impact RCE via React2Shell Vulnerabilities *

Malicious Ads Used by Hackers to Spread Triada Malware to Android User Base *

JS SMUGGLER Malware Exploits Legitimate Websites to Deliver NetSupport RAT *

Malicious VSCode Extensions Drop Infostealers Through Microsoft Marketplace Supply-Chain Attack *

Cybercriminals Adopt Shanya Packer to Disable EDR and Launch Stealthy Ransomware *

AI Discovers GhostPenguin Undetectable Linux Backdoor Using RC5-Encrypted UDP for Covert Command and Control *

Critical Authentication Bypass Flaws in Ruby SAML Library *

SAP Rolls Out Final 2025 Security Notes Covering 14 Vulnerabilities Across Core Enterprise Components *

Major French Retail Chain Leroy Merlin Hit by Data Breach *

Barts Health Confirms Massive Data Breach Tied to Oracle E-Business Zero-Day *

India May Require Apple, Google, and Samsung to Enable Always-On GPS *

ASUS Acknowledges Vendor Exposure as Everest Releases Data and Reference ArcSoft, Qualcomm *

Factory Satellite Security Glitch Leaves Hundreds of Porsches Undrivable in Russia *

Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude & Other AI Developer Tools *

Stealthy Proxmox Hypervisor Abuse Exposed Through New LOLPROX Techniques *

TP-Link TL-WR940N V6 Affected by High-Severity UPnP DoS Vulnerability *

Inotiv Reports Ransomware Breach Impacting Pharmaceutical Research Systems *

Arena® Simulation Affected by DOE File Parsing Weakness That Enables Dangerous Stack-Based Buffer Overflow Attacks *

Critical Firebox Flaws Force Urgent Fireware OS Updates from WatchGuard *

High-Severity Duc Disk Tool Vulnerability (CVE-2025-13654) Allowing DoS and Information Leakage *

Critical lz4-java Vulnerability (CVE-2025-66566) Exposes Uninitialized Memory During Decompression *

Intellexa Spyware Vendor Targets iOS and Chrome with 15 Zero-Day Exploits, Deploying Predator Malware *

Critical Authentication Breakdown in Scheduling Platform (CVE-2025-66489) *

Apache Tika Core Vulnerability Enables System Exploitation via Malicious PDF Uploads *

Avast Sandbox Flaws Enable Attackers to Gain Elevated Privileges *

Subtle Privilege Escalation in AWS EC2 and SageMaker Through Execution Roles *

SeedSnatcher Android Malware is Critical Threat to Crypto Wallet Users *

BRICKSTORM Malware Alert Campaign by PRC-linked Actors *

Splunk Windows Bug Enables Local Privilege Escalation Through Misconfigured File Permissions *

SVG Clickjacking Technique Enables Highly Interactive UI-Redressing Attacks *

High-Severity Splunk Vulnerability Exposes Windows Systems to Privilege Escalation *

GoldFactory Strikes Southeast Asia Using Trojanized Banking Apps Driving 11,000+ Infections *

ArrayOS AG Remote Command Injection Enables Unauthorized Webshell Deployment *

Apache HTTP Server 2.4.66 SSRF NTLM Hash Exposure and Suexec Bypass Fixes *

CVE-2025-66399: Cacti Bug Exposes Servers to Remote Code Execution *

NVIDIA Issues Emergency Patch for Input-Validation and Oversized-Payload Flaws Causing Triton DoS Risks *

PickleScan Bypass Lets Malicious PyTorch Models Execute Code Silently *

Freedom Mobile Data Breach Exposes Sensitive Customer Information *

New Windows LNK Zero-Day Under Active Exploitation by Hackers *

India’s New SIM-Binding Mandate for Social Media and Messaging Platforms *

New Report Warns of 68 percent of Phishing Kits Protected by Cloudflare *

AISURU Botnet Launches Unprecedented 29.7 Tbps DDoS Assault *

DuperRunner Malware Delivered via LNK Files Targets Corporate Staff in Operation DupeHike *

Synology BeeStation Hit by Triple Vulnerability Chain Allowing Full System Takeover *

Marquis Data Breach Exposes Information Across Over 74 U.S. Banks and Credit Unions *

Critical Windows Vim Vulnerability (CVE-2025-66476) Enables Arbitrary Code Execution via Malicious Folders *

Severe RCE Vulnerability Discovered in React Server Components and Next.js *

React Server Components Critical RCE Flaw Enables Unauthenticated Attacks (CVE-2025-55182) *

Angular Security Advisory: Immediate Patch Required for CVE-2025-66412 *

Critical Elementor Plugin Flaw Allows Full Admin Takeover of WordPress Sites *

Critical CVE-2025-13486 Flaw in ACF Extended Enables Unauthenticated RCE on 100,000 WordPress Sites *

Cybercriminals Market Latest K.G.B RAT Toolkit Within Dark-Web Communities *

Stealthy Supply-Chain Attack Found in Malicious Rust Crate ‘evm-units’ Targeting Crypto Developers *

Google Pushes Emergency Security Update as Chrome 143 Fixes 13 New Vulnerabilities *

Critical Django Flaw Exposes PostgreSQL Databases to SQL Injection (CVE-2025-13372) *

Longwatch Critical RCE Vulnerability Enables Unauthenticated SYSTEM-Level Takeover (CVE-2025-13658) *

Threat-Hunting Alerts Impacted by Microsoft Defender Portal Outage *

Russia’s Aerospace and Defense Sectors Hit by Ukrainian Cyberattack *

OpenAI Codex CLI Exploit Lets Attackers Run Unauthorized Commands *

India Orders Messaging Apps to Work Only with Active SIM Cards *

Living Off the Land (LOTL) Tactics Enable Stealthy EDR Evasion Across Windows Environments *

Malicious VS Code Extension as Icon Theme — Hidden Backdoor Targets Windows and macOS Developers *

GlassWorm Campaign Expands With New Malicious VS Code and OpenVSX Extensions *

India Mandates Pre-Installation of Sanchar Saathi on All Smartphones *

ShadyPanda Weaponizes 4.3 Million-Download Extensions Into a Spyware Network *

KimJongRAT Strikes Windows Users via Malicious HTA Files *

OpenVPN Releases Patch for Critical Heap Over-Read and HMAC Bypass Vulnerabilities *

New Struts Flaw (CVE-2025-64775) Exposes Servers to Disk-Filling DoS Attacks *

Arkanix Stealer Uses Chrome Process Injection to Evade Modern Protections *

Android Critical DoS and Two Actively Exploited Zero-Days *

Coupang Confirms Data Breach Impacting Nearly 34 Million Customers *

Microsoft Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants *

Government Confirms Cyberattack Using GPS Spoofing Targeted Indian Airports *

Qualcomm Warns of Critical Vulnerabilities Undermining Secure Boot Integrity *

Microsoft Outlook MonikerLink Vulnerability Enables Remote Code Execution *

Legacy Python Bootstrap Scripts Pose Domain-Takeover Threat Across Multiple PyPI Packages *

APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies *

New Wave of Albiriox Malware Attacks Targets Android Users and Provides Criminals with Full Interactive Device Control *

Mercedes-Benz USA Breach Claim Involving Legal and Customer Data Surfaces Online *

Critical SQL Injection in Devolutions Server Lets Authenticated Users Extract All Stored Credentials *

GeoServer XXE Vulnerability CVE-2025-58360 Unauthenticated File Theft and SSRF via WMS GetMap *

New Malware Packer Discovered Masking EDR-Killers in Global Ransomware Attacks *

PoC Released for Critical Outlook Zero-Click RCE Vulnerability *

Critical Apache bRPC Vulnerability CVE-2025-59789 Puts High-Performance Systems at Risk of Server Crashes *

Apache Kvrocks Fixes Serious RESET and MONITOR Abuse Causing Privilege Escalation and Credential Leakage Risks *

Data Breach Reported by French Football Federation After Cyberattack *

Data Breach Hits Canadian Scientific Consultancy, Attackers Demand $1.2M Ransom *

Active Attacks Exploit WordPress RCE Bug Rated CVSS 9.8 *

Vivotek Legacy Firmware Permits Zero-Auth Arbitrary Command Execution via CGI Endpoint *

Public GitLab Repos Leak More Than 17,000 Sensitive Secrets *

Black Friday Scammers Are Impersonating Major Brands to Steal Your Money *

KawaiiGPT A Free Malicious AI Clone Leveraging DeepSeek, Gemini, and Kimi-K2 Models *

Microsoft Announces CSP Enforcement to Enhance Entra ID Sign-In Security *

Fake Battlefield 6 Cracks & Trainers Spread Infostealers and Backdoors *

Malicious Chrome Extension Crypto Copilot Steals Funds Through Hidden Solana Transactions *

Cyberattacks Target Telecommunications & Media Industry to Deploy Malicious Payloads *

Bloody Wolf Expands Spear-Phishing Campaign to Deliver NetSupport RAT Using JAR Loaders Targeting Central Asia *

Dead Man’s Switch Massive npm Supply-Chain Malware Attack *

Calendar-Based Cyberattacks: The Rise of Promptware Exploiting iOS and macOS Users *

OpenAI Alerts Users After Mixpanel Data Breach: Security Recommendations Issued *

ShadowV2 Botnet Leveraged AWS Outage to Test Large-Scale IoT Attack Capabilities *

GitLab Fixes Multiple Vulnerabilities Allowing Authentication Bypass and DoS Attacks *

London Councils Shut Down Key Systems Amid Ongoing Cyberattack *

Angular Security Failure Lets Hackers Steal XSRF Tokens via Protocol-Relative URLs *

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets *

Global Data Exposure: ByteToBreach Sells Compromised Airline, Finance, and State Records Online *

Water Gamayun Exploits New Windows Zero-Day in Global Espionage Campaign *

Browser-Based RCE in Ray (CVE-2025-62593) Puts AI & Python Developers at High Risk *

Chrome Extension Malware Adds Hidden SOL Fees *

Critical Stored XSS Flaw Discovered in Apache SkyWalking (CVE-2025-54057) *

Tor Introduces Galois Onion Encryption to Bolster Protection Against Cyber Attacks *

Delta Dental of Virginia Reports Intrusion into Data Environment Resulting in Exposure of Sensitive Customer Information *

Latest Cobalt Strike Update Introduces Advanced Malleable C2 and Stealth Upgrades *

VSCode Marketplace Targeted by Malicious Prettier Clone Deploying Anivia Stealer *

Zenitel TCIV 3 Plus Intercoms Exposed to Multiple Critical CVSS 9.8 Vulnerabilities *

RomCom Uses SocGholish Fake-Update Attacks to Deliver Mythic Agent Malware *

Nationwide Emergency Alerts Impacted After Major CodeRED Platform Cyberattack *

Critical Node-Forge Vulnerability Prompts Immediate Update and Security Checks *

High Severity NVIDIA DGX Spark Flaw Could Expose Sensitive AI Data and Allow System Takeover *

ASUS Routers Critical Authentication Bypass Vulnerability (CVE-2025-59366) *

Critical Fluent Bit Flaws Allow Remote Attacks on Cloud Environments *

Critical Remote Code Execution Vulnerability in Microsoft Update Health Tools *

Dartmouth College Hit by Clop in Targeted Data-Theft Attack *

Harvard University Announces Data Breach Impacting Alumni and Donors *

Malicious Blender Model Files Used to Deploy StealC Infostealing Malware *

Kimsuky APT Deploys Dual KimJongRAT Payloads, Switching Between PE PowerShell Based on Windows Defender Status *

Canon Allegedly Hit by Clop Ransomware Following Oracle E-Business Suite 0-Day Abuse *

HashiCorp Vault Authentication Bypass Vulnerability (CVE-2025-13357) *

ClickFix Social Engineering Campaign Delivers Stealthy Infostealer Malware *

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users *

Brazil Hit by Water-Saci Campaign with WhatsApp Web Hijacking and Memory-Resident Banking Trojan *

ToddyCat APT Gains Microsoft 365 Emails by Dumping OAuth Tokens from Memory & Copying Locked OST Files *

Linux Kernel 6.18-rc7 Released with Key Driver and Security Fixes as Final Version Approaches *

Apache Syncope Vulnerability (CVE-2025-65998) Allows Decryption of User Passwords via Hard-Coded AES Key *

Second Sha1-Hulud Malware Wave Hits 25,000+ npm Repositories, Stealing Developer Credentials *

Delta Dental of Virginia Data Breach Impacts 146,000 Individuals *

Client Information Compromised in SitusAMC Data Breach *

Zapier’s NPM Account Hacked, Multiple Packages Infected with Malware *

Fluent Bit Security Flaws Put Cloud Environments at Risk of RCE and Hidden Breaches *

Iberia Airlines Hit by Data Breach Exposing Customer Personal Details *

Wireshark Flaws Allow Crashes Through Crafted Packet Injection *

Threat Actors Inject Python Malware into Legitimate Windows Executable *

Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information *

Critical RCE Flaw Discovered in W3 Total Cache Plugin (CVE-2025-9501) *

Threat Actors Use Typo-Trick ‘rn’ for ‘m’ in Microsoft URL to Conduct Credential Theft *

Emergency Patch Issued for Azure Bastion After Discovery of Critical Login Bypass Vulnerability *

BadAudio Malware Used by China-Linked APT24 in Long-Running Espionage Campaign *

Emergency Patch Issued for Grafana SCIM User Impersonation Flaw (CVE-2025-41115) *

Global Enterprises Hit by Widespread Supply Chain Breaches, BlueVoyant Report Finds *

Threat Actor Alleges Massive 2.3TB Data Breach at Almaviva *

Critical Twonky Server Vulnerabilities Allow Attackers to Bypass Authentication *

Oracle Identity Manager Hit by Potential Zero-Day Exploit *

Salesforce Warns of Unauthorized Data Access Through Compromised Gainsight OAuth Tokens *

ShadowRay 2.0 Leverages Ray Authentication Gap to Create Expanding GPU Botnet *

UNC2891 Money-Mule Network Reveals Full Scope of ATM Fraud Operation *

Critical Weakness in Legacy Train Signaling Systems Allows Signal Spoofing *

Aruba Networking 100 Series Cellular Bridge Impacted by Critical Firmware Weaknesses *

Advanced Sturnus Banking Trojan Hijacks Android Devices and Steals Encrypted Messaging Data *

SonicWall Discloses High-Severity SonicOS Vulnerability Affecting Firewalls *

Critical Weaknesses in N-central Permit Attackers to Read Sensitive Configs via Legacy APIs *

Severe Windows Graphics Bug Lets Attackers Gain Control with Just One Image *

TamperedChef Campaign Delivers Stealthy Backdoor Through Digitally Signed Fake Installers *

Chinese Hackers Hijack Legitimate Software Updates Using EdgeStepper Tool to Redirect to Malicious Servers *

“The Gentlemen” Ransomware Crew Targets Enterprises With Encryption-Based Attacks and Data Exfiltration *

Ollama Vulnerabilities Permit Arbitrary Code Execution via Malicious Model File Parsing *

The Gentlemen Ransomware Campaign Targets Global Networks with Automation, Propagation, and Dual-Extortion *

JOSERFC Oversized JWT Token Vulnerability (CVE-2025-65015) Enables Uncontrolled Resource Consumption *

Sneaky2FA PhaaS Adopts Browser-in-the-Browser Technique for Advanced Phishing Attacks *

Critical DLL Hijacking Vulnerability (CVE-2025-13051) Found in ASUSTOR Backup and Sync Utilities *

Apache Causeway Releases Fix for Critical Java Deserialization RCE (CVE-2025-64408) *

Cloudflare Reveals Root Cause Behind Global Outage That Disrupted the Internet *

WhatsApp Flaw Exposes Phone Numbers of 3.5 Billion Users *

WrtHug Attack Wave Hijacks 50,000 Vulnerable ASUS Routers *

Multiple Critical Flaws in METZ CONNECT Controllers Expose Industrial Networks to Unauthenticated RCE *

Critical SolarWinds Serv-U Vulnerabilities (CVSS 9.1) Enable Admin RCE and Path Traversal Bypass *

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar *

Trojanized ‘Free’ VPN Extension with 9 Million Installs Hijacks Sessions and Tracks User Online Behavior *

AI-Generated ShadowRay 2.0 Botnet Targets 230,000 Exposed Ray AI Clusters *

Stealthy Chrome Malicious VPN Extensions Used for Traffic Redirection and Data Exfiltration *

Critical FortiWeb Vulnerability Under Attack: CISA Adds CVE-2025-58034 to KEV Catalog *

Four Severe Vulnerabilities Discovered in D-Link DIR-878 No Patches Due to EOS-EOL Status *

Eurofiber France Infrastructure Exposed After GLPI ITSM Platform Exploit *

Google Issues Emergency Chrome Update to Fix Actively Exploited Zero-Day *

Critical Flaw in Imunify AI-Bolit Component Allows Remote Code Execution *

Data Breach at Princeton University Compromises Student, Alumni, and Employee Records *

French Government-Linked Pajemploi Targeted in Breach Impacting 1.2M *

Threat Actors Leverage Remcos RAT C2 Network for Stealthy Remote Control *

Nine-Day Lynx Ransomware Attack Exposes Critical Security Gaps *

UNC1549 Exposed Tactics, Tools, and Malware Threatening Aerospace and Defense *

W3 Total Cache Plugin Vulnerabilities Endanger One Million Website Owners Worldwide *

Under Armour Data Breach: Everest Ransomware Group Boasts 343 GB Stolen Files *

Cloudflare Outage Disrupts X, OpenAI, and Popular Multiplayer Games *

EVALUSION ClickFix Campaign Deploys Amatera Stealer and NetSupport RAT in New Malware Wave *

DigitStealer Malware Hits M2+ Macs, Hijacks Ledger Live via JXA and DNS C2 *

DragonBreath APT Targets Chinese Users with Stealthy Multi-Stage RoningLoader Campaign *

Severe RCE Vulnerabilities Discovered in AI Inference Frameworks from Meta, Nvidia, and Microsoft *

Microsoft Azure Suffers Massive 15 Tbps DDoS Attack from Half a Million IPs *

Logitech Discloses Intrusion After Clop Publishes Stolen Data Claims *

Customized Social Engineering Tactics Used by Iranian SpearSpecter to Target High-Profile Officials *

Researchers Unveil New Techniques to Detect Outlook NotDoor Backdoor Malware *

LG Data Exposure Alleged After Hacker Publishes Source Code Samples *

TaskHound Exposes High Risk Windows Scheduled Tasks with Privileged Execution Paths *

Fortinet FortiWeb Authentication Bypass & Path Traversal (CVE-2025-64446) *

Critical MCP Server Injection Vulnerability Exposes Cursor IDE to Code Execution Remote *

Unremovable Israeli Spyware on Samsung Phones (AppCloud) *

IBM AIX Faces CVSS 10.0 RCE & NIM Private Key Exposure in Newly Disclosed Flaws *

ClickFix Attack Chain Uses Finger Protocol to Deploy Python Payloads, NetSupport RAT and Infostealers *

Critical pgAdmin Flaws Enable RCE Through Malicious PostgreSQL Dump Files *

CISA Issues Warning on Severe Lynx+ Gateway Flaw Enabling Unauthenticated Remote Reset With No Vendor Action *

High-Severity Memos Flaw (CVE-2024-21635) Allows Persistent Unauthorized Access *

Malicious npm Package With 206K Downloads Steals GitHub Tokens From Developer Repositories *

Cisco Catalyst Center CVE-2025-20341 Enables Authenticated Privilege Escalation on ESXi Deployments *

Lite XL Vulnerability Exposes Users to Code Execution Attacks *

Kraken Cross-Platform Ransomware Expands Attacks to Windows, Linux, and VMware ESXi Environments *

Malicious Ethereum Wallet Extension on Chrome Web Store Grants Full Wallet Control *

Phishing Campaign Targets Customers of Leading Italian Web Hosting Provider *

Android Photo-Frame App Distributes Malicious Payloads *

Imunify360 Zero-Day-Like RCE Threat Endangers Millions of Linux Web Servers *

Checkout.com Breach Linked to Exposed Legacy Cloud Storage System *

DoorDash Confirms October 2025 Data Breach Exposing User Contact Information *

High-Risk NVIDIA NeMo Vulnerabilities Impact AI Pipelines Before Version 2.5.0 *

Zero-day Attack Warning: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access *

Critical ASUS DSL Router Authentication Bypass Vulnerability (CVE-2025-59367) *

Zero-Day Campaign Targets Cisco ISE and Citrix, Compromising Critical Identity Systems Globally *

Severe Zoho Analytics Plus Vulnerability (CVE-2025-8324, CVSS 9.8) Enables Unauthenticated SQL Injection and Potential Data Compromise *

How Malicious Actors Turn Vector Images (SVG) Into Live Phishing Lures that Bypass Email Defenses *

OpenAI Sora 2 Security Bug Exposes System Prompts Using Audio Transcripts *

Dell Issues Emergency Patch After Critical Data Lakehouse Privilege-Escalation Bug *

Microsoft SQL Server Flaw Allows Attackers to Gain Elevated Privileges *

Massive npm Supply Chain Spam Campaign Publishes Over Fake Packages *

DanaBot Malware Resurfaces After 6-Month Hiatus to Target Windows Systems *

Security Update: Kibana SSRF and XSS Vulnerabilities Patched *

PAN-OS Firewall Vulnerability (CVE-2025-4619) Enables Unauthenticated Device Reboot *

GitLab XSS Flaw (CVE-2025-11224) Threatens Kubernetes Proxy Sessions *

Hackers Exploit SSRF Vulnerability in Custom GPTs, Exposing ChatGPT’s Cloud Secrets *

Tor Browser 15.0.1 Update Patches Multiple Vulnerabilities Across Platforms *

Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting Exploitation *

Apple Device Recovery Phishing Scam Targets Lost iPhone Owners with Fake “Found Device” Alerts *

New Android RAT “KomeX” (advertised on hacker forums) *

Microsoft Patches Critical Flaws in GitHub Copilot and Visual Studio Code Allowing Security Feature Bypass *

Rhadamanthys Infostealer Disrupted as Cybercriminals Lose Server Access *

New Phishing Wave Exploits Meta Business Suite Features for Credential Theft *

Critical Milvus Proxy Vulnerability (CVE-2025-64513, CVSS 9.3) Enables Authentication Bypass *

Apache OpenOffice Addresses Memory Corruption and Remote Content Loading Flaws *

Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution *

Critical GE Vernova Smallworld SWMFS Improper Authentication (CVE-2025-3222) *

Ivanti Endpoint Manager Vulnerabilities Could Allow Arbitrary File Writes to System Disk *

GlobalLogic Suffers Data Breach via Oracle E-Business Suite Zero-Day Exploit (CVE-2025-61882) *

Microsoft Patch Tuesday Security Advisory – November 2025 *

Vulnerability in Zoom Enables Bypass of Access Controls, Exposes Session Data *

Mozilla Patches Critical Firefox Flaws Enabling Remote Code Execution *

Security Alert-Themed Phishing Campaign Exploits Domain Trust to Steal Email Credentials *

Synology BeeStation Zero-Day Vulnerability (CVE-2025-12686) Allows Remote Code Execution *

KONNI APT Exploits Google Find Hub to Wipe Android Devices After Credential Theft *

Maverick and Coyote Banking Trojans Target Brazilian Users via WhatsApp *

SAP Issues November 2025 Patch Day Updates to Mitigate High-Severity Remote Code Execution and Injection Weaknesses in Key Business Applications *

Critical WatchGuard Firebox Vulnerability (CVE-2025-59396, CVSS 9.8) Enables Remote Admin Access via Default SSH Credentials *

Authenticated SQLi in SuiteCRM Exposes Customer Data Upgrade to 8.9.1 Now *

Quantum Route Redirect Phishing Service Targets Microsoft 365 Users *

JokerJanus-style Campaign Abuses Triofox Configuration to Deploy Remote Access Tools (CVE-2025-12480) *

Critical Devolutions Server Vulnerability (CVE-2025-12485, CVSS 9.4) Enables User Impersonation Through Pre-MFA Session Cookie Hijacking *

Kimsuky and APT37 Uses Google Find Hub Abuse Google Accounts for Remote Android Data Wipe Attacks *

Android Users Hit by Malware Disguised as Relaxation Programs *

Critical NPM Library Flaw in expr-eval Puts AI and NLP Applications at Risk of Remote Code Execution *

Data Breach at Chinese Security Giant Reveals Cyber Weapons and Global Espionage Campaigns *

Hospitality Sector Targeted by ClickFix Phishing and PureRAT Malware Campaign *

APT Groups Target Construction Industry Networks to Steal RDP, SSH, and Citrix Credentials *

Paragon “Graphite” Spyware Targets iOS Devices Through Zero-Click Exploits in Global Surveillance Campaigns *

China-Linked Espionage Campaign Targets U.S. Policy Non-Profit via DLL Side-Loading *

MAD-CAT Enables Real-World Data Corruption Simulation *

QNAP Fixes Multiple Zero Days Demonstrated at Pwn2Own 2025 *

Ex Intel Engineer Accused of Stealing 18000 Confidential Files Marked Top Secret *

Vidar Infostealer Launches First-Ever npm Attack Chain Through 17 Typosquatted Packages and Postinstall Payloads *

Hackers Compromise Sites to Insert SEO-Boosting Malicious Links *

Whisper Leak: Novel Side-Channel Attack on Remote Language Models *

LangGraph RCE Vulnerability CVE-2025-64439 in JsonPlusSerializer Enables Arbitrary Python Code Execution *

Threat Actors Exploiting Monsta FTP Remote Code Execution Vulnerability *

CVE-2025-37735: Elastic Defend Permission Bug Enables Local Privilege Escalation *

LeakyInjector and LeakyStealer Campaign Targets Crypto Wallets and Browser Data *

Landfall Android Spyware Exploits Samsung Zero-Day to Target Galaxy Phones Worldwide *

Advanced Persistent Threat Group Breaches U.S. Congressional Budget Office *

Keras Deep Learning Tool Impacted by Data Exposure Vulnerability *

Critical Flaw in NVIDIA NVApp for Windows Enables Remote Code Execution *

FreeBSD-based OPNsense Firewall Released for Security Issues and Improvements *

Phishing Campaign Targeting Travelers via Compromised Booking Accounts *

Cavalry Werewolf APT Campaign (FoalShell / StallionRAT) *

Elastic EDR Vulnerability Exposed: Call Gadgets Used to Bypass Detection *

DragonForce Ransomware Hits Manufacturing Firm, Using Brute-Force Attacks and SSH Data Exfiltration to Russian Server *

Trojanized npm Packages Deliver Vidar to Windows Hosts *

From Cyberspace to Strategy: How Chinese Cyber Activities Shape U.S. Foreign Policy Responses *

Amazon Addresses Critical Token Exposure Bug in WorkSpaces Linux Client (CVE-2025-12779) *

Cisco ISE RADIUS Vulnerability (CVE-2025-20343) Causes Unauthenticated Denial-of-Service Attacks *

OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) *

Russia-Aligned InedibleOchotense Impersonates ESET to Deploy Kalambur Backdoor Targeting Ukraine *

Malicious Plugin or Dependency Injection Enables Remote Code Execution in Claude Desktop Environment *

Massive DoS Risk Emerges from HTTP/2 ‘MadeYouReset’ Vulnerability *

Newly Discovered Flaws in GPT Models Enable 0-Click Exploitation *

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection *

ValleyRAT Campaign (ValleyRAT) — Windows Remote-Access Trojan *

EndClient RAT Exploits Hijacked Code-Signing to Bypass Endpoint Defenses and Exfiltrate Victim Data *

Gootloader Resurfaces After 7 Month Hiatus with Enhanced Evasion Techniques *

Hyundai AutoEver America Data Breach Exposes SSNs and Driver’s Licenses *

Critical VizAir Vulnerabilities (CVSS 10.0) Allow Unauthenticated Control of Airport Weather Systems *

PROMPTFLUX Malware Uses Gemini AI to Rewrite Its Code Hourly *

Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358) *

Google Issues Urgent Chrome Update to Patch Critical WebGPU and V8 Security Flaws *

Django Patches High-Severity SQL Injection (CVE-2025-64459) and DoS Bug (CVE-2025-64458) *

Apache OpenOffice Infrastructure Reportedly Breached via Akira Ransomware Campaign *

Attackers Exploit OneDrive.exe DLL Sideloading to Run Arbitrary Code *

17,000 Employees and Partners Affected in Nikkei Slack Security Incident *

CISA Flags Gladinet CentreStack and Control Web Panel Vulnerabilities Under Active Exploitation *

ASF Confirms No Evidence of Data Breach Following Akira Ransomware Claims *

AI-Driven Ransomware Surge Against European Organizations *

Jupyter Misconfiguration Vulnerability Lets Attackers Gain Root Access Remotely *

Malicious Android Applications on Google Play Accumulate Over 42 Million Downloads *

Microsoft Teams Identity & Message Manipulation Flaws (CVE-2024-38197) *

Critical CVE-2025-11749-AI Engine Plugin Authentication, MCP Token Exposure *

NGate Android Malware Relays NFC Transactions, Enables ATM Cashouts *

Critical Flaw in WordPress Post SMTP Plugin Exposes 400,000 Sites to Account Takeover Risk *

Sweden Probes Major Municipal IT Supplier Breach Affecting 1.5M People *

Malicious PuTTY and Fake Teams Ads Spread Malware, Granting Attackers Network Access *

Critical 0-Click Vulnerability Exposes Android Devices to Remote Code Execution Attacks *

Critical Vulnerability in React Native NPM Package Enables Remote Code Execution *

Balancer DeFi Platform Targeted in Multi-Chain Exploit, With Over $100 Million in Assets Drained from V2 Pools *

SleepyDuck RAT Infects IDE Extensions, Raises Supply-Chain Alarms *

Active RondoDox v2 Malware Campaign Exploiting Multiple IoT and Enterprise Vulnerabilities *

Google AI ‘Big Sleep’ Discovers Five New WebKit Vulnerabilities in Safari (CVE-2025-43429 through CVE-2025-43434) *

JobMonster WordPress Theme Hit by Critical Auth Bypass Vulnerability *

SesameOp Exploits Legitimate OpenAI API to Run Encrypted Espionage Operations *

Generative AI Empowers Rapid Reverse Engineering of XLoader’s Multi-Layer Encryption *

AI-Discovered Redis Flaw (CVE-2025-62507) — Stack Buffer Overflow Allowing Potential RCE *

Windows SMB Server Elevation-of-Privilege Vulnerability (CVE-2025-58726) *

Hacker Claims to Have Stolen 1.2 Million Donor Records in University of Pennsylvania Data Breach *

Major Telecom Provider Ribbon Communications Breached by State Hackers *

Windows Graphics Engine Flaws Allow Remote Code Execution by Attackers *

New Global Phishing Campaign Exploits Cloudflare and Zendesk Pages for Credential Theft *

Canada Reports Critical Infrastructure Breach by Hacktivists *

Operation SkyCloak Targets Russian, Belarusian Military via LNK Exploit and Tor Backdoor *

New Defensive Email Protocol Blocks Phishing Vectors Exploited in NPM Compromise *

Ernst and Young (EY) Exposes 4 TB SQL Server Backup Publicly on Microsoft Azure *

Elastic Cloud Enterprise Privilege Escalation (CVE-2025-37736) *

Open VSX Access Token Leak Enables Supply-Chain Malware Campaign *

New BOF Tool Exploits Microsoft Teams’ Cookie Encryption to Access User Chats *

UNC6384 Attack via Windows Shortcut Vulnerability (CVE-2025-9491) Deploys PlugX RAT Through Canon DLL Sideloading *

AMD Zen 5 RDSEED Flaw (CVE-2025-62626) Risks Randomness Integrity — Microcode Fix Coming *

ASD Warns of Ongoing BADCANDY Attacks Exploiting Critical Cisco IOS XE Vulnerability (CVE-2023-20198) *

Researchers Create Linux Rootkit That Bypasses Elastic EDR *

Russian Threat Actors Exploit LotL Methods, Deploy Sandworm Webshells, and Steal Credentials in Ukraine *

Chinese Hackers Exploit Cisco ASA Firewall Flaws to Target Governments Worldwide *

Conduent Data Breach Exposes Personal Information of Over 10 Million People Linked to Government Services *

Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads *

Brash — Critical Chromium Blink DoS via document.title injection *

Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations *

AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID *

CVE-2025-64095 Critical CVSS 10.0 Flaw in DNN Platform Allows Unauthenticated Website Overwrite *

MOVEit Transfer Vulnerability (CVE-2025-10932) Fixed in Latest Progress Security Update *

Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access *

500GB Great Firewall Data Breach Reveals Censorship Secrets *

PhantomRaven Campaign Steals Developer Tokens via Hidden npm Dependencies *

Airstalk Malware Exploits VMware AirWatch MDM APIs in Suspected Nation-State Espionage Campaign *

Lampion Stealer Returns with ClickFix Campaign to Steal User Credentials Stealthily *

Brash Vulnerability in Chromium Blink Engine Triggers Critical Browser Collapse *

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day (CVE-2025-61932) *

Critical XSS Flaw (CVE-2025-12450) Affects Over 7 Million WordPress Sites Using LiteSpeed Cache *

Russian-Linked Ransomware Gangs Weaponize Open-Source Exploits *

Thousands of WordPress Sites at Risk from Actively Exploited WP Freeio Privilege Escalation Vulnerability *

Windows Cloud Files Minifilter TOCTOU Privilege Escalation (CVE-2025-55680) *

Jenkins Hit by Series of Plugin Vulnerabilities, Including SAML Authentication Bypass (CVE-2025-64131) *

Automated Threat Campaigns Rise as Botnets Exploit PHP Flaws, IoT Weaknesses *

Hacktivist Attacks Disrupt Canadian Critical Infrastructure Systems *

npm Typosquat Campaign Delivers PyInstaller Infostealer via Fake CAPTCHA *

New AI-Targeted Cloaking Attack Deceives AI Crawlers Into Treating False Content as Verified Facts *

WooCommerce Credit Card Skimmer Malware Targets WordPress Sites *

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads *

Critical IBM Maximo Vulnerability (CVE-2025-36386) Exposes Cognos Analytics to Unauthenticated Attacks *

Critical MikroTik Vulnerability (CVE-2025-61481, CVSS 10.0) Leaks Admin Credentials via Unencrypted WebFig Interface *

Beast Ransomware (BEAST) — Active SMB-targeting RaaS with Double-Extortion Tactics *

Hackers Allegedly Claim Breach of HSBC USA Customers’ Records Including Financial Details *

Atroposia’s Plugin Ecosystem Enables Targeted Fileless Exfiltration *

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel & AMD DDR5 Secure Enclaves *

Dentsu Confirms Data Breach Impacting Its Subsidiary Merkle *

Gunra Ransomware Analysis: Dual-Platform Threat with Recoverable Linux Encryption Flaw *

Wear OS Messages Flaw (CVE-2025-12080) Enables Silent SMS/RCS Transmission by Unprivileged Apps *

Docker Compose Path Traversal Vulnerability (CVE-2025-62725) Enables Arbitrary File Overwrite via OCI Artifacts *

Critical Ubuntu Kernel Flaw Enables Local Privilege Escalation to Root *

XWiki Zero-Day RCE Actively Used to Deploy Cryptominer *

Gamaredon Phishing Campaign Exploits WinRAR Path-Traversal Flaw (CVE-2025-8088) to Target Government Entities *

Herodotus Sophisticated Android Malware Imitates Human Actions to Evade Biometric Defenses *

Predatory Sparrow Group Launches Cyber Attacks on Critical Infrastructure to Destroy Data and Disrupt Operations *

Kaspersky Tracks ForumTroll Hackers Exploiting Chrome Zero-Day to Spy on Users *

ChatGPT “Tainted Memories” Exploit Targets Atlas Browser Memory Feature *

BlueNoroff Refines Social Engineering Tactics to Target Executives and Financial Managers *

Everest Ransomware Targets Swedish Energy Infrastructure *

DLL Sideloading and Graph API: Inside Lazarus Group’s DreamLoader Operation *

Caminho Loader (LaaS) Uses LSB Steganography to Hide .NET Payloads in Images *

Ubiquiti UniFi Access App Flaw Exposes Management API to Unauthenticated Access *

New SideWinder Attack Chain Uses ClickOnce to Compromise South Asian Diplomats *

Baohuo Android Backdoor Disguised as Telegram X Clone Uses Redis-Based C2 Infrastructure *

Apache Addresses Tomcat RCE and Log Escape Flaws Allowing File Upload and Hijack Server *

Prompt Injection Risk in ChatGPT Atlas via Malformed URLs *

Major HashiCorp Vault Vulnerabilities Expose Systems to Authentication Bypass and DoS Attacks *

Italian Spyware Vendor Memento Labs Linked to Chrome Zero-Day Exploits in Operation ForumTroll *

EDR-Redir Tool Bypasses EDR Protections (EDR-Redir) *

DDoS Attack Disrupts Russian Food-Safety Agency Rosselkhoznadzor’s Shipment Tracking Systems *

Smishing Triad 194,000+ Malicious Domains Power Global Phishing-as-a-Service Campaign *

WhatsApp Zero Click Exploit Disclosed to Meta *

North Korean Chollima Threat Actor Activity Surges in Crypto and Espionage Operations *

Qilin Ransomware Hybrid Attack Leverages Linux Payload & BYOVD Exploit *

BreachForums Returns Again with New Clearnet Domain *

Microsoft Adds Wi-Fi-Based Work Location Auto-Detection to Teams *

RedTiger Infostealer Used to Hijack Discord Accounts *

Unauthenticated API Bypass Flaw Exposes Dell Storage Manager to Remote Exploitation (CVE-2025-43995) *

OpenWrt patches ubusd RCE and ltq-ptm kernel memory leak *

Veeder-Root TLS4B Command Injection RCE (CVE-2025-58428) *

Datadog Reveals CoPhish Phishing Campaign Abusing Microsoft Copilot Studio Agents for OAuth Token Theft *

APT36 Deploys Golang-Based DeskRAT in Espionage Campaign Against Indian Government *

Critical ZYXEL ATP/USG Vulnerability (CVE-2025-9133) Exposes Sensitive Configurations *

Proofpoint Launches PDF Object Hashing Tool to Detect Malicious PDFs *

Samsung Galaxy S25 Zero-Day Vulnerability Allows Remote Camera and Location Access *

Multiple Oracle VM VirtualBox Vulnerabilities Enable Complete Takeover *

Self-Spreading GlassWorm Malware Infects VS Code Extensions in Global Supply Chain Attack *

SquareX Uncovers Cybercriminals Impersonating AI Sidebars in Browser Extensions *

Critical HP OneAgent Update Disrupts Microsoft Entra ID Access *

Toys “R” Us Canada Data Breach Exposes Customer Information *

Fileless Remcos RAT (Commercial RAT) Campaign Bypassing EDRs *

Lazarus Group Targets European UAV Firms in Sophisticated Cyberespionage Campaign *

CISA Alerts on Critical Raisecom Router Bug (CVE-2025-11534, CVSS 9.8) Allowing Root SSH Access Without Authentication *

PhantomCaptcha Spearphishing Campaign Uses Social Engineering and WebSocket RAT, Exploits Fake Captcha for Remote Access *

Critical NeuVector RCE Vulnerability (CVE-2025-54469) Enables Command Injection via Unsanitized Environment Variables *

Researchers Uncover Warlock Ransomware, A Chinese-Linked Threat Exploiting Microsoft Zero-Day *

Critical WSUS RCE via Unsafe AuthorizationCookie Deserialization — CVE-2025-59287 *

Critical Argument Injection Vulnerability in AI Agents Allows Remote Code Execution *

Security Bug in Perplexity’s Comet Screenshot Function Enables Prompt Injection Exploits *

Severe Smithery.ai Vulnerability Exposes Thousands of AI Servers and Credentials *

WinRAR RAR Archive Exploit Lets Attackers Drop Files *

SessionReaper Vulnerability Actively Exploited in Adobe Commerce and Magento *

Iranian APT MuddyWater Deploys Phoenix Backdoor in Attacks on 100+ Government Entities *

Critical BIND 9 Flaws Allow DNS Cache Poisoning and Denial-of-Service Attacks *

CISA Issues Warning as Hackers Exploit Major Lanscope Endpoint Manager Vulnerability *

Jingle Thief Hackers Target Cloud to Steal Gift Cards *

Jira Path Traversal Vulnerability (CVE-2025-22167) Enables Arbitrary File Write on Server and Data Center Instances *

Symantec Exposes Coordinated Chinese Cyber Espionage Campaign Targeting Global Organizations *

Malicious NuGet Typosquat “Nether?um.All” Targets Developers to Steal Crypto Wallet Keys via Solana-Themed C2 *

Bitter APT Launches Targeted Cyber-Espionage Campaign Using WinRAR Zero-Day and Malicious Office Files *

High-Severity V8 Vulnerability (CVE-2025-12036) Prompts Urgent Google Chrome Update *

GitLab Fixes High-Severity Runner Hijacking Bug (CVE-2025-11702) and Several Denial-of-Service Vulnerabilities *

New APT Campaign PassiveNeuron Deploys Novel Malware Across Three Continents *

Millions of User Credentials Compromised Daily by Stealer Malware *

SharkStealer Uses EtherHiding on BSC Testnet to Evade C2 Detection *

High-Severity TARmageddon Flaw Found in Popular Rust TAR Libraries *

Vidar Stealer Targets Browser Credentials with Direct Memory Attacks *

Muji Suspends Online Sales Following Ransomware Attack on Delivery Partner *

PolarEdge Router Botnet Expands: Cisco, ASUS, QNAP, Synology Targeted *

Sophisticated APT PassiveNeuron Returns, Escalates Attacks on Government and Finance *

Luma Infostealer Malware Targets Browser Data and Crypto Wallets *

Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Through Indirect Prompt Injection *

Critical Vulnerabilities in TP-Link Omada Gateways Prompt Urgent Firmware Update *

AdaptixC2 Targets Developers Through Malicious npm Supply-Chain Attack *

Remote Code Injection Vulnerability Discovered in Apache Syncope's Groovy Integration *

Critical Vulnerability in LANSCOPE Endpoint Manager Enables Remote Code Execution *

Critical Moxa Vulnerability (CVE-2025-6950, CVSS 9.9) Enables Unauthenticated Admin Access Through Hard-Coded JWT Secret *

Severe Squid Proxy Bug (CVE-2025-62168) Allows Credential and Token Leakage Through Error Pages *

Global Internet Disruption as AWS Outage Hits Key Services *

Clone Wave Hijacks WhatsApp via 131 Chrome Extensions *

PoC Published for High-Severity Linux-PAM Flaw Allowing Local Privilege Escalation *

Volkswagen Hit by Ransomware Group 8Base in Alleged Global Data Breach *

Zimbra Releases Urgent Update to Fix Critical SSRF Flaw in Chat Proxy *

Phishing Campaign Leveraging Microsoft Logos and Remote Access Fraud *

BlockNovas Threat Group Evolves with New OtterCandy Malware in ClickFake Interview Campaign *

Indiana City Acknowledges Ransomware Hackers Caused Widespread Disruption in September *

Advanced Winos 4.0 Toolset Powers Silver Fox Cyber Attacks in Asia Pacific *

Windows 11 24H2/25H2 Update Causes Mouse and Keyboard to Stop Working in Recovery Mode *

Dairy Farmers of America Confirms June Cyberattack Exposed Personal Information *

Phoenix Contact Patches QUINT4 UPS Flaws; One Vulnerability Remains Unfixable *

Microsoft Patches Most Severe ASP.NET Core Vulnerability to Date *

ConnectWise Automate Security Vulnerabilities Allow Injection of Malicious Code via Software Updates *

Misconfigured NetcoreCloud Server Leaked 40 Billion Records Across 13.4TB of Data *

Critical Security Flaws Found in Spring Cloud Gateway (CVE-2025-41253) and Spring Framework (CVE-2025-41254) *

LinkPro Rootkit Leverages eBPF on GNU/Linux to Conceal Malicious Activity *

Critical GDI Vulnerability in Windows Rust Kernel Module Causes System Instability *

Fake Microsoft Support Scam Tricks Users into Giving Up Credentials *

AI Used to Boost Cyberattacks and Create Malware, Report Finds *

VMware Workstation and Fusion 25H2 Update Introduces New Features and Expanded OS Compatibility *

Cisco IP Phone Bugs in CUCM-Registered Devices Allow Remote DoS and XSS Threatening Network and Device Stability *

Prosper Data Breach Exposes Personal Information of 17.6 Million Users *

North Korea-Linked Hackers Exploit EtherHiding Technique in Advanced Crypto Theft Campaign *

Log Poisoning Attack Exploits phpMyAdmin to Deliver Gh0st RAT *

Critical Deno Vulnerability Enables Command Injection via Batch Files on Windows *

Akka.NET TLS Vulnerability Exposes Clusters to Untrusted Access (CVE-2025-61778) *

Sotheby’s Confirms Data Breach Exposing Customer Financial and Personal Information *

Severe Samba Flaw Enables Unauthenticated Attackers to Execute Commands Remotely *

Windows Scheduled Tasks Used to Spread ValleyRAT *

TP-Link AX1800 Media-Sharing Vulnerability Leads to Root Shell *

Critical UEFI Shell Bug Exposes 200K Framework Laptops to Secure Boot Bypass *

Previously Removed Malicious Extensions Found Again on OpenVSX *

PhantomVAI Loader Uses Image Steganography to Deploy Katz Stealer and Bypass Sandboxes *

Critical Vulnerability in Apache ActiveMQ Allows Arbitrary Code Execution on Clients *

UK firm Capita Hit with Microsoft 365 Breach and Ransomware Attack Resulting in £14 Million Fine *

ScreenConnect Exploited in Campaign Granting Unauthorized Remote Access *

Android “Pixnapping” hijacks screen pixels to grab MFA codes *

Fake LastPass and Bitwarden Breach Alerts Used to Deliver PC-Hijacking Malware *

Adobe Releases Patch for Critical Vulnerability in Connect Collaboration Suite *

NSE Defends Against Record-Breaking Cyberattacks During Operation Sindoor Simulation *

Nation-State Hackers Breach F5 Networks, Steal BIG-IP Source Code and Vulnerability Data *

New Windows Server 2025 Update Disrupts Large Group AD Sync *

Jewelbug Campaign Targets Russian IT Provider and Software Supply Chain *

Clothing Brand MANGO Reports Unauthorized Access to Customer Info *

Security Risks Ahead: Microsoft Ends Support for Exchange 2016 and 2019 *

Two Critical Vulnerabilities in Red Lion RTUs Could Give Hackers Complete Industrial Control *

Veeam Issues Critical Security Patch to Prevent Remote Code Execution Attacks *

Supply Chain Vulnerability in Clevo UEFI Firmware Exposes Intel Boot Guard Private Keys (CVE-2025-11577) *

Authentication Bypass Vulnerability Identified in FortiPAM and FortiSwitch Manager *

New GhostBat Android Malware Posing as RTO Apps Targets Indian Bank Customers *

FortiOS CLI Vulnerability Lets Attackers Run Arbitrary System Commands *

Critical Vulnerability in IIS Allows System Level Access via Malicious COM Object Race *

Microsoft Patch Tuesday Security Advisory – October 2025 *

Rockwell Automation Fixes Critical Flaws in FactoryTalk and ArmorStart Systems *

Google Patches Use-After-Free Exploit in Chrome *

SAP NetWeaver Vulnerability Enables Remote Denial-of-Service via Malformed Logon Tickets *

Critical Flaw in Elastic Cloud Enterprise Enables Malicious Command Execution *

Colombian Court-themed SVG Smuggling Campaign Distributes AsyncRAT via Malicious HTA *

Pro-Russian Hacktivist Harvests Credentials from OT-ICS Networks *

Free Windows 10 ESU for One Year Comes with Mandatory Account and Cloud Backup Setup *

Critical Vulnerabilities Expose Ivanti Endpoint Manager to Deserialization, Path Traversal & SQL Injection Risks *

Massive International Botnet Targets U.S. RDP Services *

Migration from Windows 10 is Critical as EOL Status Creates Exploitable and Non-Compliant Systems *

Astaroth Banking Trojan Persists via GitHub After Disruption Attempts *

Kearney Cyberattack Highlights Growing Threat to Education Sector *

Better Auth Vulnerability Enables Complete Account Takeover via API Key Exploit *

MediaTek Warns of Multiple High-Severity Vulnerabilities Affecting Wi-Fi and GNSS Hardware *

Critical Zero-Click Vulnerability Found in Cherry Studio – CVE-2025-61929 *

New WhatsApp Worm Deploys Banking Malware, Exfiltrates Credentials *

SimonMed Imaging Data Breach Exposes Data of 1.2 Million Patients *

RealBlindingEDR: Kernel Callback-Based Tool for Disabling AV/EDR Permanently *

Massive Salesforce Data Breach Linked to Scattered Lapsus$ Hunters *

Microsoft Fixes Long-Standing Windows 11 ‘Update and Shut Down’ Glitch *

Critical DOM Vulnerability Enables Remote Code Execution, Impacting 2.7 Million Users *

Spanish Cybercrime Unit Shuts Down Sophisticated Phishing Network Using AI *

Axis Plugin Exposed Hardcoded Secrets in Signed DLLs Enabled Widespread Access to Sensitive Resources *

Critical Zero-Day in Gladinet/Triofox (CVE-2025-11371) Enables RCE via LFI *

Discord Webhooks Weaponized for Supply Chain Attacks Across Multiple Ecosystems *

Alert on Fake Homebrew Installer Sites Targeting macOS Developers with Malicious Payloads *

High-Severity Vulnerabilities Patched in NVIDIA GPU Drivers Across Windows, Linux, and vGPU *

TP Link Router (CVE 2023 28760) Writable USB Share Can Lead to Root RCE, PoC Out *

Antivirus Software Vulnerabilities Allow Backdoor Exploits by Hackers *

New Smishing Scam Targets New Yorkers with Fake Inflation Refund Messages *

High-Severity Oracle E-Business Suite Vulnerability (CVE-2025-61884) Enables Data Access Without Authentication *

ChaosBot Breaches Networks via CiscoVPN and AD Credentials *

Researchers Uncover 175 Malicious npm Packages Used to Redirect Victims to Phishing Sites *

Polymorphic Python RAT Evades Detection by Mutating on Every Execution *

Dell Power Manager Vulnerability Exposes Devices to Local Exploits *

Critical Flaw in Worldline Yomani XR Terminals Allows Root Access via Debug Port *

North Korean APT Contagious Interview Uses 338 Malicious npm Packages to Target Cryptocurrency Developers *

Apple now pays $2M for zero-click RCEs *

SentinelLabs Identifies MalTerminal as an Early LLM-Based Attack *

Stealit Uses Node.js SEA to Spread via Fake Game and VPN Installers *

GitHub Copilot Vulnerability Exposes Private Repositories to Source Code Theft *

Ransomware Actors Leverage Velociraptor in Sophisticated Storm-2603 Campaign *

Massive Data Breach Reported at KFC Venezuela—1 Million Affected *

APT Group 'Contagious Interview' Launches Massive npm Attack to Steal Cryptocurrency *

Massive Global Botnet Targets Remote Desktop Protocol Services *

Payment Terminal Breach Allows Remote Control *

Law Enforcement Shuts Down Newly Revived BreachForums Clearnet Marketplace *

RondoDox Botnet Uses ‘Exploit Shotgun’ to Target 50+ Flaws in Routers and IoT Devices *

Researchers Publish PoC Exploiting Nothing Phone Boot Chain Flaw *

Pro-Russian Group TwoNet Exploits XSS Flaw in Fake Water Treatment Plant *

SnakeKeylogger Malware Spreads via Fake Remittance Emails Using PowerShell and ISO Files with BAT Scripts *

Juniper Networks Issues Patches for Critical Vulnerabilities in Junos Space *

Chaos Ransomware’s New C++ Variant Combines File Deletion and Bitcoin Clipboard Hijacking *

Cybercriminals Target U.S. University Payrolls via HR Platform Phishing *

CrowdStrike Issues Updates to Resolve Two Windows Falcon Sensor Vulnerabilities Affecting System Stability *

GitLab Patches Two High-Severity Vulnerabilities in CE and EE Editions *

Flowise Vulnerability (CVE-2025-61913) Allows Remote Code Execution via Arbitrary File Write *

Microsoft Azure Suffers Major Outage, Disrupting Cloud Services Across Multiple Regions *

Tracing UTA0388s Espionage Malware from HealthKick Origins to GOVERSHELL Advancement *

7Zip Vulnerabilities Allow Remote Code Execution on Unpatched Systems *

SonicWall Confirms Breach of Customer Firewall Configuration Backups *

ClayRat Turns Phones into Spy Tools via Social Engineering *

GitLab Releases Critical Security Fixes for Multiple Denial-of-Service Vulnerabilities *

Hackers Use Cache Smuggling to Upgrade ClickFix, Silently Delivering Malware *

PoC Released for Vulnerability in ksmbd Filesystem of Linux Kernel *

Researchers Discover Python Malware Capable of Changing Its Code on Each Execution *

Critical OData Injection Flaw Found in Microsoft Events Exposing Registration and Waitlist Databases *

Attackers Target WordPress Plugin Vulnerability to Hijack Admin Accounts *

GlobalProtect Portals Under Siege: 2,200 IPs Launch Coordinated Attacks on Palo Alto PAN-OS Systems *

BK Technologies Reports Cybersecurity Incident Impacting IT Systems and Employee Data *

Figma Under Threat: MCP Vulnerability Allows Hackers Full Access *

“Mic-E-Mouse” Hack Turns Ordinary Mice Into Tools for Stealing Private Audio Data *

Crimson Collective Targets AWS Cloud Environments for Data Theft *

Open Source Tools Weaponization Marks New Phase in Cyber Warfare *

Google Chrome Update Fixes Critical Memory Vulnerabilities *

Nagios Vulnerability Exposes Administrative API Keys in Cleartext *

Critical Privilege Escalation Vulnerability Affects AWS Client VPN for macOS *

Shuyal Malware Compromises 19 Browsers to Steal Login Data *

ASCII Smuggling Vulnerability Exploiting Hidden Unicode Tags Exposes AI Systems to Spoofing and Poisoning *

CSS Hidden-Text Attacks: Salting Methods Used to Conceal Malware *

Suspected Chinese Hackers Launch Phishing Campaign Against Serbian Aviation Authority and EU Targets *

Qilin Ransomware Gang Hacks Mecklenburg County, VA Public Schools *

Go-Based Vampire Bot Malware Used in Job Scam by Vietnamese Threat Actor BatShadow *

FWMEP Data Breach Exposes Sensitive Info of 29,485 Individuals *

Avnet Confirms Data Breach Affecting EMEA Region, Says Most Data Unreadable Without Proprietary Tools *

CVE-2025-59159: Critical Flaw in SillyTavern Allows Remote Code Execution on Local AI Instances *

CISA Warns of Ongoing Exploitation of Microsoft Windows Privilege Escalation Vulnerability *

Trinity of Chaos Hackers Steal and Leak Data from 39 Companies, Including Cisco and Google *

Multiple Critical Vulnerabilities Fixed by Elastic in Kibana and Elasticsearch *

OpenSSH Clients Vulnerable to RCE via OpenSSH ProxyCommand Username Injection Using Malicious Git Submodules *

Snipe-IT Flaw Chain Enables Remote Code Execution and Complete Server Compromise *

Russian Cybercrime Group Deploys Latrodectus V2 Loader in New Ransomware Campaign *

Critical Qt Flaws in SVG Module Threaten Embedded and IoT Systems *

IBM Security Verify Access Vulnerability Enables Root Level Privilege Escalation CVE-2025-36356 *

Doctors Imaging Group Reports Data Breach Affecting Over 171,000 Patients *

WireTap Attack Circumvents Server SGX to Exfiltrate Sensitive Data *

FCC Accidentally Leaks Apple’s Confidential iPhone 16e Technical Data *

Severe Redis Vulnerability (CVE-2025-49844) Enables Remote Code Execution via Lua Scripting *

QNAP Patches Critical Vulnerabilities in NetBak Replicator and Qsync Central, Including RCE and SQL Injection *

Persistent WARMCOOKIE Threat Gains Advanced Execution and Campaign Tracking Capabilities *

Google Chrome Hit by WebAssembly Vulnerability Leading to Full Code Execution *

Hackers Reportedly Breach Huawei Technologies, Expose Source Code and Internal Tools *

Adobe Analytics Update Bug Results in Exposure of Client Data to Other Tenants *

PoC Exploit Released for Sudo Vulnerability That Grants Root Access *

Yurei Ransomware Spreads Through Network Shares and USB Drives to Lock Files *

Abuse of IT Administration Tools Enables Stealthy Ransomware Deployment *

WordPress Sites Silently Compromised Through Server-Side PHP Injections in Theme Files *

Red Hat Confirms Access to Internal Repositories by Unauthorized Party *

Zimbra Flaw Exploited in Zero-Day Attack via iCalendar Files *

Unauthenticated Remote Code Execution Threatens Oracle EBS *

Local Privilege Escalation in Zabbix Agent via OpenSSL DLL Injection CVE-2025-27237 *

Microsoft Identifies Bug Causing Outlook Classic to Crash on Startup *

CometJacking Attack Tricks Comet Browser into Email Theft *

Detour Dog Exploits DNS Infrastructure to Deploy Strela Stealer Malware *

Palo Alto Networks Login Portals See Massive Surge in Scanning Activity *

Severe Security Flaw in Unity Editor Enables Arbitrary Code Execution Across Major Operating Systems *

Critical Privacy and Security Flaws Found in Mobile VPN Solutions *

Apple EV Certificates Misused to Deliver Fully Undetectable macOS Malware *

OpenSSL Addresses Three Security Flaws: Memory Corruption and Timing Attacks Affect Numerous Versions *

XWorm V6.0: RAT Turned Ransomware Threat Targets Windows Systems *

New FreeIPA Flaw (CVE-2025-7493) Allows Attackers to Escalate Privileges to Domain Admin *

Critical flaw CVE 2025 6388 enables authentication bypass in WordPress plugin and is actively exploited *

Critical WebUI Vulnerability in DrayOS Routers Allows Unauthenticated Remote Code Execution *

Renault and Dacia UK Report Data Breach Affecting Customers *

DrayTek Fixes Major WebUI Flaw Allowing Remote Code Execution Without Authentication *

Cavalry Werewolf Phishing Campaign Delivers FoalShell and StallionRAT to Russian Agencies *

Yoast SEO Premium Vulnerability Exposes WordPress Sites to XSS Attacks *

Android Spyware Masquerades as Signal and ToTok to Target Users *

SORVEPOTEL Malware Spread via WhatsApp Targets Windows Systems *

Compromised Endpoints Weaponized by GhostSocks Proxy Malware Service *

Attackers Deploy Point and Click Phishing Tool That Evades Email Filters *

High-Value IIS Servers Compromised by Chinese Hackers to Influence Search Rankings *

SideWinder Targets Government Entities Across South Asia With Sophisticated Credential Phishing *

Coordinated Campaign Exploits Grafana CVE-2021-43798 in One-Day Global Surge *

Critical Security Vulnerabilities Discovered in Splunk Enterprise and Splunk Cloud Platform *

Google Chrome Patches Dozen Security Flaws in Major Stability Update *

Three Critical Vulnerabilities in TOTOLINK X6000R Routers Enable Remote Code Execution *

CABINETRAT Malware Spreads via Malicious Excel Add-ins in Ukraine *

Ransomware Attack on Dealership Software Firm Exposes Sensitive Data *

Termix Docker Image Leaking SSH Credentials(CVE-2025-59951) *

Apache Kylin Flaw (CVE-2025-61733) Allows Complete Authentication Bypass in OLAP Engine *

Critical NVIDIA Vulnerabilities Allow Privilege Escalation on Affected Systems *

Malicious PyPI Package SoopSocks Poses as SOCKS5 Proxy and Installs Backdoor on Windows Systems *

Datzbro Trojan Targets Seniors with Fake Facebook Scams to Steal Banking Data *

New Klopatra Android RAT Uses Stealth VNC and Paid Obfuscators to Hijack EU Banking Logins *

CVE-2025-10725: OpenShift AI Role-Binding Flaw Lets Low-Privileged Users Become Cluster Admins *

Phantom Taurus: New China-Connected Cyberespionage Group Deploys Stealth Malware Against Governments *

New China Linked APT Group Deploys NET STAR to Breach Government and Telecom Servers *

Patchwork APT Exploits Macros and Scheduled Tasks for Stealthy C2 and Exfiltration *

Cybercriminals Exploit Google Careers Branding in Sophisticated Phishing Attack *

Cyberattack Halts Production at Asahi Group, Disrupts Operations Nationwide *

Researchers Reveal Google Gemini AI Vulnerabilities Enabling Prompt Injection and Cloud Exploitation *

Western Digital My Cloud NAS Devices Affected by Critical Command Injection Vulnerability *

New Infostealer Hides Control Using BNB Smart Chain and Steam Profiles *

Broadcom Patches Critical Vulnerabilities in VMware vCenter and NSX *

Cisco ASA End of Life Devices Targeted by Persistent Bootkit RayInitiator and LINE VIPER *

Broadcom Releases Patches for VMware Tools and Aria Operations to Address Privilege Escalation and Information Disclosure Flaws *

New Spear-Phishing Campaign Deploys DarkCloud Infostealer for Credential Theft *

CVE-2025-58384 (CVSS 10): Watchdoc Print Management Software Hit by Severe RCE Flaw *

Critical Security Alert Apache Fory Pyfory Exposes Systems to RCE *

Malicious Actors Leveraging Dynamic DNS Services for Cyber Attacks *

Rhysida Ransomware Gang Claims Cyberattack on Maryland Transit Administration *

Medusa Ransomware Group Claims Massive Data Breach on Comcast, Demands $1.2 Million Ransom *

Harrods Suffers Major Data Leak as 430,000 Customer Records Stolen Through Vendor Breach *

Archer Health Breach Exposes 23GB of Patient Medical Records *

New Olymp Loader Malware-as-a-Service Enables Defender Bypass and Auto Certificate Signing *

ThreatBook Rolls Out Industry-Leading Threat Intelligence Technology *

WhatsApp 0-Click Vulnerability Exploited via Malicious DNG Image *

Windows Heap Record Update Flaw Enables Arbitrary Code Execution *

CVE-2025-59934: Formbricks Password Reset Vulnerability Enables Account Compromise *

Critical Rancher Vulnerability Enables Admin Lockout and Account Takeover via Username Manipulation *

Cybercriminals Exploit Facebook, Google Ads, and YouTube to Spread Crypto-Stealing Malware *

ASLR Bypass via NSDictionary Serialization on Apple Devices *

New DLL Hijack Flaw in Notepad++ Could Be Weaponized for Local Attacks *

XCSSETmacOS Malware Evolves Variant Exploits Firefox and Clipboard for Crypto Theft *

Cyberattack on Jaguar Land Rover Triggers Major Supply Chain Disruption *

Collins Aerospace Restores Airline Systems Following Cyberattack *

Thousands of Bank Transaction Records in India Leaked Due to Fintech Cloud Security Flaw *

Ransomware Attack on Kido International Exposes Data of 8,000 Children Across Global IT Infrastructure *

Fake Microsoft Teams Installers Spread Oyster Malware Through Malvertising *

New LNK-Based Attack Exploits Legitimate System Binaries *

Rust Dependency Attack Targets Solana and Ethereum Private Keys *

LockBit 5.0 Ransomware: Advanced Multi-Platform Variant Strikes Windows, Linux, and ESXi Systems *

High-Severity Vulnerability Found in Rack’s Query Parameter Handling *

Steam Acknowledges Malware Discovery in BlockBlasters Game *

CloudSEK Uncovers Sophisticated Botnet Campaign Targeting Routers and Enterprise Systems *

Arizona School District Alerts 35,000 Individuals of Data Breach After Ransomware Attack *

Unpatched Vulnerabilities in Legacy Cognex Cameras Pose Serious Industrial Security Risks *

Ransomware Attack on Union County, Ohio Exposes Data of 45,000 Residents and Employees *

JWT Validation Flaw in Formbricks Exposes Users to Full Account Takeover *

Attackers Exploit SVG Files in New Phishing Campaign Against Ukraine *

Nvidia Issues Critical Security Update for Megatron-LM Framework *

Sophisticated XCSSET macOS Variant Hijacks Cryptocurrency Payments *

Critical Apache Airflow Flaw (CVE-2025-54831) Exposes Secrets to Read-Only Users *

New Linux Kernel Vulnerability in ksmbd File-Sharing Server Enables High-Privilege Remote Attacks *

GitLab Patches High-Severity DoS Vulnerabilities Allowing Unauthenticated Attackers to Crash Instances *

RedNovember Group Targets Government and Tech Firms to Install Persistent Backdoor *

Mapped Links Identified Between Hacker Groups LAPSUS$, Scattered Spider, and ShinyHunters *

Critical Cisco Security Flaw Lets Hackers Gain Root Access via HTTP Services *

NTDS.dit Pulled from Active Directory Threat Actors Gain Domain Access *

Typosquatted Rust Crates Impersonate Logging Libraries to Steal Ethereum and Solana Wallet Keys *

Mass Exploitation of CVE-2017-7921 Highlights Need for Urgent Firmware Updates *

Zloader Reemerges as a Sophisticated Initial Access Broker for Ransomware Attacks *

BRICKSTORM Malware Campaign Targets US Legal, SaaS, BPO, and Tech Sectors in Stealthy Cyberattacks *

Emergency Cyber Directive Issued as Cisco ASA Faces Advanced Threat Campaign *

Hidden Backdoors Give Attackers WordPress Admin Control *

North Korean Hackers Target Crypto Devs with AkdoorTea Malware *

ZendTo Vulnerability Exposes System Files to Authenticated Users *

Two Major Security Bugs in Wondershare RepairIt Risk Data Leaks and AI Model Tampering *

Cisco IOS and XE Vulnerability Exposes Confidential Information *

Cisco Confirms In-The-Wild Exploitation of SNMP Stack Overflow in IOS and IOS XE Software *

NVIDIA Merlin Flaw Allows Attackers to Execute Code Remotely With Root Access *

Misconfigured Firebase Services in Mobile Apps Expose Sensitive Data to Unauthenticated Access *

New Phishing Campaign Targets PyPI Maintainers to Harvest Credentials *

YiBackdoor Malware Emerges as Strategic Backdoor Tool with Long-Term Persistence Capabilities *

Cisco Identifies New PlugX Malware Tied to Chinese APT Actors *

Chromium Extensions Exploited Through Silent Backdoors in Windows Domains *

Critical Unauthenticated Vulnerability Exposes WAGO Industrial Databases *

OnePlus OxygenOS Flaw Exposes SMS Data to Malicious Apps *

Chrome V8 Vulnerabilities Allow Data Exposure and Code Execution *

Attackers Evade EDR Detection Using In-Memory PE Loaders via Malicious Downloads *

Critical XSS Vulnerability in DNN Platform Flaw Enables Malicious Scripts Execution with Elevated Privileges *

Critical RCE Flaw in SolarWinds WHD Triggers Privilege Escalation *

Lectora Desktop and Online Vulnerable to Cross-Site Scripting Attacks *

Salesforce CLI Exploit Allows System Level Access on Affected Devices *

Hackers Target IMDS Service to Gain Initial Access in Cloud Environments *

BadIIS Module Lets Hackers Hijack IIS Servers to Serve Malware *

GitHub Strengthens npm Security with WebAuthn 2FA and Trusted Publishing Requirements *

Subtle Snail’s Silent Siege: Iran-Linked Cyber Espionage Uncovered *

AAPB Fixes IDOR Exploit That Allowed Unauthorized Access to Archived Content *

Active Exploitation of Command Injection Vulnerability (CVE-2025-59689) in Libraesva ESG *

Unpatched Security Flaws in Novakon HMIs Could Allow Remote Attacks on Industrial Systems *

Data Breach at Stellantis Affects Major Automotive Brands Across North America *

BlackLock ransomware targets Windows Linux ESXi encrypts data using ChaCha20 and ECDH *

Netcraft Uncovers 17,500 Lucid Phishing Domains Hitting Global Enterprises *

Windows Shortcut (LNK) Files Exploited via LNK Stomping to Bypass Security *

New Tool Silences EDRs and Antivirus with Freeze Mode *

GOLD SALEM: Global Attacks via SharePoint Flaws *

Critical BiDi Swap Vulnerability Allows URL Spoofing in Major Web Browsers *

Microsoft Entra ID Vulnerability (CVE-2025-55241) Enabled Global Admin Impersonation *

Massive Risk to Industrial IoT as Planet Gateways Found Vulnerable to Unauthenticated Remote Exploitation *

Cyberattack Cripples Russian Airline KrasAvia, Disrupts Booking and Operations *

CISA Uncovers Malware Toolkits Used in Ivanti EPMM Exploitation Campaigns *

FBI Warns Public of Fake IC3 Crime Reporting Portals Used in Scams *

'Shai-Halud' Malware Campaign Exploits Open-Source Supply Chains via 477 JavaScript Packages on NPM *

Cyberattack Disrupts Key Airport Systems Across Europe *

Advanced Threat Actors Exploit Router Vulnerabilities and DNS Flaws in Coordinated Attack *

Fortra Releases Urgent Patch for GoAnywhere MFT Vulnerability with Maximum Severity CVSS Score of 10.0 *

Tiffany & Co. Confirms External System Compromise Leading to Data Breach *

Nokia CBIS NCS Manager API Vulnerability: Critical Authentication Bypass *

Multiple High-Severity Vulnerabilities Discovered in ProGauge MagLink LX Devices *

AI-Driven Phishing Attacks Use Fake Captcha Pages to Bypass Security and Harvest Credentials *

Critical Sandbox Bypass in HubSpot’s Jinjava Engine Enables Full Remote Code Execution *

New iOS Tool Injects Deepfakes to Bypass Facial Verification via Jailbroken iOS Devices *

CISA: Hackers Leveraging Ivanti Endpoint Vulnerabilities to Deploy Malware *

KrasAvia Faces Major IT Outage After Suspected Cyber Intrusion *

Russian Hacking Groups Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor *

Critical Jenkins Vulnerabilities in Jetty Permission Checks and Log Handling *

Critical Greenshot Vulnerability Allows Local Code Execution Without Admin Rights *

CountLoader Expands Russian Ransomware Reach with Versatile Malware Loader *

SilentSync Strikes: Malicious PyPI Packages Target Python Ecosystem *

Stack Overflow in TP-Link CWMP Enables Ret2libc RCE, Bypassing ASLR Protections *

New Rowhammer Attack Bypasses DDR5 Mitigations in SK Hynix DRAM *

WatchGuard Firebox VPN Vulnerability Opens Door for Network-Based Remote Code Execution Attacks *

Everest Ransomware Targets BMW in Major Data Breach, Internal Documents Allegedly Stolen *

Firewall Misconfiguration in PureVPN Linux Clients Risks Data Leakage *

Russia’s CopyCop Disinfo Web Expands to 200+ Sites Targeting Western Democracies *

Warlock Ransomware Campaign Targets Global Enterprises via Exploited SharePoint and EDR Bypass *

Multiple High-Severity Vulnerabilities Patched in Aruba EdgeConnect SD-WAN *

New MuddyWater Campaign Reveals Strategic Pivot to Precision Malware and Cloud-Based C2 *

BeaverTail Malware Delivered via Fake Job Platforms and Repos *

Google Issues Urgent Chrome Patch for Actively Exploited V8 Zero-Day (CVE-2025-10585) *

Kubernetes C Hash Client Vulnerability Exposes Clusters to MiTM Attacks via Custom CA Misuse *

224 Malicious Apps With 38 Million Downloads Found on Google Play *

Critical Vulnerabilities in Chaos Mesh Grant Attackers Control Over Kubernetes Clusters *

LG WebOS TV Flaw Allows Full Device Takeover *

AI-Powered VenomRAT Targets Windows Users in RevengeHotels Campaign *

Apple Releases iOS 26 and iPadOS 26 Security Update Fixing 27 Vulnerabilities *

Spring Framework Fails to Enforce Security Annotations in Generic Superclass Methods *

Linux Kernel ksmbd Bugs Chained for 0-Click RCE: CVE-2023-52440 & CVE-2023-4130 Exploited. *

Kimsuky’s AI-Powered Phishing Targets South Korean Defense Sector *

Critical CUPS Flaws Expose Linux Systems to Remote Attacks *

Critical LangChainGo Vulnerability Exposes LLM Apps to SSTI Attacks *

FlowiseAI Password Reset Vulnerability Opens Door to Organization-Wide Breaches Through Insecure API Endpoint *

Critical Vulnerabilities in Digiever NVRs Allow Unauthenticated Remote Code Execution and Credential Disclosure *

IBM QRadar SIEM Affected by CWE-732 Misconfigured File Permissions in Version 7.5.0 UP13 IF01 *

Yurei Ransomware Uses PowerShell and ChaCha20 Encryption to Lock Victims' Files *

Financial Firms Targeted in New DarkCloud Stealer Campaign *

Great Firewall of China Suffers Unprecedented 500GB+ Data Leak *

Advanced Malware Campaign Uncovered from China-Aligned Threat Group Hive0154 *

Cloud Isolation Cracked VMSCAPE Exploit Targets AMD and Intel CPUs *

Phishing Wave Exploits Look-Alike Domains to Target Major U.S. Energy Companies *

EvilAI Campaign: Exfiltration via Legitimate-Looking Tools *

New Phishing Service Targets Microsoft, Google, and Okta Users *

Wayne Memorial Hospital Data Breach Exposes Personal Data of 160,000 Patients *

HackerOne Investigates Breach, Unauthorized Access to Salesforce Confirmed *

AI-Powered Pentesting Tool 'Villager' Raises Global Cybersecurity Concerns *

Reflected XSS Vulnerability Bypasses Amazon CloudFront Security in Safari Browser *

Panama Ministry of Economy Discloses Ransomware Breach *

Critical Threat from HybridPetya Ransomware Exploiting UEFI Secure Boot Vulnerability (CVE-2024-7344) *

Mustang Panda Deploys Advanced Malware in Targeted Southeast Asia Espionage Campaign *

Fortinet FortiDDoS Vulnerability (CVE-2024-45325) Allows Privileged Attackers to Execute Unauthorized OS Commands *

Sunshine for Windows Contains High-Severity Vulnerabilities Enabling Attackers to Gain SYSTEM Privileges *

Systemic SQL Injection Weakness in pREST Threatens PostgreSQL Deployments *

Adobe Issues Urgent Security Fixes for High-Risk Vulnerabilities Across Multiple Products *

Samsung Patches Actively Exploited Android Zero-Day CVE-2025-21043 *

Cornwell Quality Tools Data Breach Exposes Personal and Financial Information of Over 100,000 Individuals *

Daikin Security Gateway Flaw Enables Attackers to Bypass Authentication and Access Internal Systems *

Microsoft Patches Critical Windows Defender Firewall Flaws Allowing SYSTEM-Level Privilege Escalation *

Sidewinder APT in Rattlesnake Campaign Deploys Obfuscated JScript via Windows LNK Files *

SVG Email Attachments Used in Malware Campaign to Deliver XWorm and Remcos RAT *

Buterat Malware Exploits Enterprise Endpoints for Persistent Access *

Axios Vulnerability Allows Attackers to Crash Node.js Apps via Malicious Data URLs *

GitLab Urges Immediate Updates to Patch Critical Security Flaws in CE and EE Versions *

Stork UI Exposed to Unauthenticated Denial of Service Threat *

Sophisticated kkRAT Malware Campaign Hits Chinese Users via Fake Installers *

LNER Data Breach Highlights Supply Chain Vulnerabilities *

Palo Alto Networks Vulnerability Exposes Service Account Passwords in Cleartext *

Cisco Releases Fixes for High-Impact IOS XR Vulnerabilities Affecting Network Management and Control *

Critical Angular SSR Vulnerability (CVE-2025-59052) Exposes Sensitive Data *

CoreDNS Flaw (CVE-2025-58063) Enables Long-Term DNS Cache Poisoning and Service Disruption *

Critical RCE Vulnerability in Cursor AI Code Editor Enables Silent Remote Code Execution on Folder Open *

Massive UDP Flood Overwhelms DDoS Defense Provider with 1.5 Gpps Traffic *

PoisonSeed Threat Actor Leverages New Domains for Credential Theft *

NVIDIA NVDebug Tool Vulnerabilities Allow Privilege Escalation and Code Execution *

Critical Siemens UMC Flaws Enable Remote Code Execution and DoS Attacks *

EggStreme Malware Employs Multi-Stage In-Memory Attack Chain *

CHILLYHELL and ZynorRAT: Sophisticated New Malware Strains Target macOS, Windows, and Linux *

Siemens SIVaaS Vulnerability Exposes Network Share to Remote Attackers *

SAP Releases Security Updates for High-Risk NetWeaver and S 4HANA Bugs *

Critical Microsoft Office Flaws Allow Remote Code Execution *

Sophos Releases Patch for AP6 Access Points Flaw Allowing Admin Access *

Chrome 140 Update Resolves CVE-2025-10200 and CVE-2025-10201 Security Vulnerabilities *

SessionReaper Exploit Threatens Magento Ecosystem *

CVE-2025-41243 : Critical Vulnerability in Spring Cloud Gateway Server WebFlux Allows Property Modification Risk *

Microsoft Patch Tuesday Security Advisory – September 2025 *

Industrial Ethernet Vulnerability in Rockwell Stratix Devices Enables RCE via CSRF Exploitation *

Chess.com Discloses Data Breach via Third-Party File Transfer App, Affecting 4,500 Users *

iCloud Calendar Invites Weaponized in Callback Scam *

Lovesac Admits Data Breach After Ransomware Group's Claims *

Astro Cloudflare Adapter Vulnerability (CVE-2025-58179) Enables Attackers to Serve External Content and Execute Malicious Scripts *

Tenable Confirms Data Breach Impacting Customer Contact Information *

CVE 2025 9636 COOP Vulnerability in pgAdmin Version 9.7 and Earlier Enables OAuth Flow Manipulation *

Authorities in Australia Track and Uncover Ransomware Group Activities *

ImageMagick Vulnerability Enables Remote Code Execution Causing Heap Corruption via Seek-Write Flaw *

Salesloft & Drift Breach Highlights Risks of OAuth Token Abuse from GitHub Attacks *

Apache Jackrabbit Vulnerability Exposes Systems to Remote Code Execution (RCE) *

Stealthy NightshadeC2 Botnet Targets Windows Systems *

PoC Released for High-Severity cJSON JSON Pointer Parsing Bug (CVE-2025-57052) *

Critical Podman Flaw Exposes Host Files via Symlink Attack *

Remote Command Execution Flaw Patched in OpenEdge AdminServer by Progress *

Wealthsimple Confirms Data Breach via Compromised Third-Party Software *

Cloudflare Stops 11.5 Tbps Distributed Denial-of-Service Attack Amid Surge in Global DDoS Activity *

TAG-150 Ramps Up Attacks with Exclusive Malware Tools *

SafePay Ransomware Surge: A Rising Threat to Global Enterprises *

New macOS Malware Campaign Targets Enterprise Users with Data-Stealing Trojan *

Qualcomm Warns of Two Critical Modem Vulnerabilities with CVSS 9.8 *

School District Data Breach Exposes Personal and Financial Data of More Than 31,000 People in South Carolina *

Advanced GPUGate Malware Exploits Google Ads and GitHub in Delivery Chain *

Critical Argo CD Vulnerability Exposes Repository Credentials *

Kaspersky Blocks 10.7 Million Mobile Attacks Amid 143K Malware Packages *

North Korean Hackers Launch Coordinated Malware Campaign Using Facebook and Telegram *

Envoy Addresses Two Vulnerabilities Linked to DoS and Session Hijacking Risks *

Critical Argo CD Vulnerability (CVE-2025-55190) Exposes Git Repository Credentials *

Windows Driver Vulnerability Discovered Allowing Local Users to Escalate Privileges and Potentially Gain Full System Access *

Ruijie Networks Switches Affected by Critical CVE-2025-56752 Vulnerability Enabling Remote Admin Access *

SVG-Based Phishing and SWF Obfuscation Drive Colombian Cyber Campaign *

Stealthy Windows Attack Bypasses EDR, Uses Raw Disk Access to Evade Detection Targeting SAM and NTDS Credential Files *

AI-Powered Phishing Attacks Target Microsoft 365 Credentials *

Critical Zero-Click Email Vulnerability Exploits Unicode-Punycode Mismatch *

Chinese Cyber Units Weaponize Network Devices in Ongoing Espionage Operations *

New Cyber Threat Campaign Targets Windows Servers with Custom Malware and SEO Manipulation *

ZIP File Phishing Leads to Multi-Stage PowerShell Attack by NoisyBear *

CVE-2025-53690: Remote Code Execution via ASP.NET Machine Key Misuse *

CVE-2025-53187: ABB ASPECT BMS Exposed to Unauthenticated Remote Code Execution *

Sangoma Patches Actively Exploited Flaw Allowing Remote Code Execution in FreePBX *

Bridgestone Probes Cyberattack Disrupting North American Manufacturing *

CISA Flags Actively Exploited TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 *

New Django SQL Injection Bug (CVE-2025-57833) Threatens Web App Security *

CVE-2025-5086 (CVSS 9.0): Critical RCE Vulnerability in DELMIA Apriso Actively Exploited in the Wild *

Critical Flaw Could Allow Attackers to Exploit AI Model Namespaces *

Windows Users at Risk as Improper TLS Certificates for 1.1.1.1 Issuance Targets Cloudflare DNS *

Cloudflare Confirms Data Breach via Drift-Salesloft Supply Chain Attack *

Proofpoint Warns of Rising Threat from Stealerium Based Malware Campaigns *

Hackers Attempt $130M Heist on Evertec’s Brazilian Subsidiary via Pix Payment System *

NVIDIA Mitigates High-Risk Threats Across Networking Stack *

XWorm Malware Unveils New Infection Technique to Evade Security Detection *

Latest Chrome Update Fixes Critical Bugs, Including RCE in JavaScript Engine *

Apache DolphinScheduler Fixes File Permission Vulnerability CVE-2024-43166 *

Google Issues September 2025 Android Security Patch Addressing Actively Exploited 0-Day Vulnerabilities *

Cloud Security Alert on Azure AD Credential Exposure in ASP NET Core Applications *

Advanced Phishing Tactic Exploits OneDrive to Target Leadership *

Supply Chain Attack Hits Palo Alto Networks via Salesforce Integration *

Critical Vulnerabilities Found in MobSF 4.4.0 Allow Arbitrary File Writes and Data Exposure *

ESPHome Authentication Bypass Vulnerability Exposes Smart Devices to Attack *

CVE-2025-6203: Critical Denial-of-Service Vulnerability Discovered in HashiCorp Vault *

Multi-Stage Phishing Campaigns Abuse Email Marketing Domains and Cloud Infrastructure to Deliver Targeted Phishing Lures *

CSS Injection Flaw in Google Web Designer Enables Full System Takeover *

Malicious Ads Used to Launch Phishing Attacks on Hotel Systems *

MediaTek Addresses Critical Modem and System Vulnerabilities in September 2025 Security Bulletin *

IBM Issues Urgent Patch for Watsonx Orchestrate SQL Injection Vulnerability *

Zero-Day Flaw in Citrix NetScaler Devices Triggers Emergency Patching Effort *

Zscaler Confirms Data Breach Caused by Supply-Chain Attack Through Salesloft Drift *

Hackers Exploit macOS Security Features to Spread Malware *

New Sitecore Vulnerabilities Enable Remote Attacks on Fully Patched Systems *

Linux UDisks Vulnerability Grants Attackers Access to Privileged Data *

Cybersecurity News Roundup Highlighting WhatsApp, Chrome Flaws and Advanced AI Attacks *

AI Waifu RAT Targets Communities with Sophisticated Deception *

QNAP Issues Critical Security Patches for VioStor NVR Devices *

Critical ImageMagick 32-Bit RCE Exploit from Stride Miscalculation During Malicious BMP Image Processing *

Zero-Click Exploit Allowing Remote Code Execution on iOS and macOS Patched in Latest WhatsApp Update *

Amazon Disrupts Evolving APT29 Cyber Campaign Targeting Microsoft Authentication *

Google Advises 2.5 Billion Gmail Users to Change Passwords Following Salesforce Data Breach *

Google Ads Abuse Distributes TamperedChef via Rogue PDF Application *

MystRodX: Stealthy New Backdoor Evades Detection with Passive Triggers *

Brokewell Trojan Targets Android via Facebook ads, Hitting Banking and Crypto *

FreePBX Servers Targeted in Widespread Attacks Leveraging Unpatched Zero-Day in Endpoint Module *

Cisco IMC vKVM Flaw Lets Remote Attackers Redirect Users to Malicious Sites *

Hikvision Discloses Critical Security Vulnerabilities in HikCentral Software *

TransUnion Data Breach Compromises Over 4 Million Customers *

Cyberattack Disrupts Nevada State Systems, Offices Halt Operations *

Sophos Uncovers Intrusion Using Velociraptor and Visual Studio Code for Tunneling *

Anthropic Thwarts Attempts to Exploit Claude AI for Cybercrime *

Critical Cisco Nexus Vulnerability Allows DoS Attacks via Malformed IS-IS Packets *

Critical Security Flaws in Cisco UCS Manager Allow Root-Level Command Injection by Authenticated Users *

Hook v3 Malware The Next Generation of Android Banking Threats *

Google Issues Urgent Chrome Patch for AI-Discovered CVE-2025-9478 Vulnerability *

NVIDIA NeMo Curator Hit by High-Severity Security Flaw (CVE-2025-23307) *

Critical Code Injection Flaws Found in NVIDIA NeMo Framework *

Critical Flaws in Securden PAM Expose Enterprises to Remote Code Execution and Credential Theft *

Auchan Retail Breach Exposes Customer Loyalty Information *

Chinese Hackers Use VPNs and Proxies to Hide Their Tracks *

SpyNote RAT Masquerades as Google Play Apps in Sophisticated Malware Campaign *

Lab-Dookhtegan's Crippled Iranian Maritime Operations Through Satellite Vulnerabilities Targeting NITC and IRISL *

Proxyware Malware Poses as YouTube Video Download Site *

Zero-Click Exploit in Zendesk Android App Lets Attackers Hijack Accounts Using Predictable Token Generation *

Severe Security Flaws in vtenext CRM Put Thousands of Businesses at Risk Worldwide *

Ransomware Attack Disrupts Operations at Chip Programming Firm Data *

Data Breach at Aspire Rural Health System Affects 138,386 Individuals *

Cybercriminals Leverage SendGrid in New Phishing Scheme to Harvest User Login Credentials *

Microsoft Confirms NDI Streaming Issues After August 2025 Windows Update *

Tableau Server Vulnerabilities Allow Malicious File Uploads and Path Traversal *

BQTLock Ransomware Campaign Leverages Obfuscation and Credential Theft for Double Extortion Attacks *

Cybercriminals Deploy Android Malware Posing as Russian Intelligence Tool *

Fileless and Fearless: The Rise of Linux Filename Malware *

IBM Patches High-Risk Flaw in Jazz Team Server Vulnerability (CVE-2025-36157) *

UAE Authorities Urge Citizens to Avoid Public Wi-Fi Amid Massive Surge in Cyber Breaches *

SSH Brute-Force Tool in Go Found to Secretly Leak Successful Logins to Remote Attacker via Telegram *

Android Malware Targeting Russian Business Executives Through Fake Antivirus Apps *

Grok Chatbot Leak Exposes Hundreds of Thousands of Private Conversations *

Sophisticated Gmail Phishing Attack Leverages AI Prompt Injection *

New Android RATs Exploit Military Personnel Across South Asia *

Lumma Affiliates Drive Financial Fraud and Crypto Theft via Phishing, Malvertising, and Fake Listings *

Help TDS Campaign Exploits WordPress Sites in Global Redirect Scam *

Threat Actors Leverage VPS and Anonymized Networks to Launch Sophisticated SaaS Exploits *

GeoServer Instances Targeted Through CVE-2024-36401 Remote Code Execution *

Anatsa Android Malware Targets Banks and Crypto Platforms *

Fake Microsoft Security Alerts Spread via TDS on Legit Sites *

Global Web Security Alert: Critical Bug in sha.js Library *

Critical Docker Desktop Vulnerability (CVE-2025-9074) Allows Full Host Takeover on Windows and Mac *

Data Breach at CPAP Medical Supplies Exposes Sensitive Information of 90,000+ Individuals *

Kubernetes Capsule Security Flaw Allows Unauthorized Label Manipulation *

UAC-0057 Exploits PDF Invitations to Deploy Shell Script Attacks *

DaVita Breach Exposes Sensitive Records of Nearly 2.7 Million Individuals *

CVE-2025-55746: Severe Directus Vulnerability Allows Unauthenticated File Uploads and Remote Code Execution on Servers *

Temporary Exposure of AMD’s FSR 4 Source Code Could Fuel Unofficial Builds *

Critical Plex Media Server Vulnerability (CVE-2025-34158) – Immediate Patch Urged *

Commvault Bugs Allow Attackers to Bypass Authentication Controls *

Apple Releases Emergency Patch for Zero-Day Exploited in Targeted Attacks *

Memory Corruption and Sandbox Escape Vulnerabilities Addressed in Firefox 142 *

MITM6 and NTLM Relay Attack Exposes Active Directory Weaknesses *

SHAMOS macOS Malware Poses as Tech Support to Capture User Logins *

IBM Researchers Track QuirkyLoader Campaigns Targeting Taiwan and Mexico *

Paper Werewolf Unleashed: Phishing, Payloads, and WinRAR Exploits *

Apache Tika PDF Parser XXE Flaw Enables Data Exposure via Malicious PDFs *

Kudelski Security Uncovers Critical CodeRabbit Vulnerability Allowing RCE and Access to 1M GitHub Repositories *

Security Flaws in Lenovo’s AI Chatbot Raise Concerns Over Enterprise AI Deployments *

Microsoft M365 Copilot Flaw Lets Attackers Bypass Audit Logs and Access Sensitive Data Undetected *

Salty 2FA: A Rising Threat in the Phishing-as-a-Service Landscape *

CVE-2023-46604 Exploited: Hackers Secure Linux Servers with Post-Intrusion Patching *

CERT CC Alerts Municipalities to Critical Workhorse Software Flaws *

Data Breach at Business Council of New York State with External System Intrusion Exposes Over 47,000 Records *

Google Fixes High-Risk V8 Bug in Latest Chrome Release *

Spies in Your Skype: GodRAT Malware Campaign Targets Financial Sector *

SAP NetWeaver Metadata Unauthenticated Uploader Exploited for JSP shell, RCE via Visual Composer *

Ransomware Attack on Inotiv Disrupts Systems, Impacts Business Processes *

Phishing Operation Uses Fake Government App to Deploy Banking Malware on Android Devices *

PyPI Introduces Domain Expiry Checks to Strengthen Account Security *

Bragg Gaming Group Reports Cybersecurity Breach, Ensures Operational Continuity *

HijackLoader Unleashed: Malware Hidden in Pirated Games Bypasses SmartScreen & Adblockers *

XenoRAT Malware Campaign Hits Multiple Embassies in South Korea *

Netfilter Bug Exposes Linux Infrastructure to Privilege Escalation Threats *

Critical Vulnerability Found in Palo Alto Networks GlobalProtect *

Rockwell Automation Patches Critical Security Bugs in Key Industrial Systems *

Blue Locker Ransomware Targets Critical Infrastructure in Pakistan *

Fraudsters Hijack Back-to-School Bargains to Trap Online Shoppers *

Workday Discloses Data Breach Linked to Widespread CRM Attacks *

Advanced Threats in Hybrid Environments: CrossC2 and ReadNimeLoader Exposed *

PostgreSQL Issues Urgent Patches for Critical Remote Code Execution Vulnerabilities *

Millions of Downloads Impacted by Critical tar-fs Directory Traversal Vulnerability *

Critical AMI Aptio UEFI Flaw CVE-2025-33043 Exposes PCs to Stealth Firmware Attacks *

Zero-Day in Elastic Endpoint Agent Allows Attackers to Evade Detection and Crash Windows Systems *

High-Severity ImageMagick Vulnerabilities Discovered via Google AI Tool *

EncryptHub Hackers Leverage MSC EvilTwin Flaw to Spread Fickle Stealer Malware *

ERMAC 3.0 Banking Trojan Exposed: Expanded Capabilities and Security Flaws Uncovered *

Compromised npm Package Used in Dependency Automation Attack *

Critical Authentication Bypass Vulnerability in FortiWeb (CVE-2025-52970) *

Colt Technology Services Battles Cyberattack Disrupting Operations *

Cisco Issues Security Patches for IKEv2 DoS Vulnerabilities Affecting IOS, IOS XE, ASA, and FTD Systems *

Booking.com Users Targeted by Unicode-Based Homograph Phishing Campaign *

Taiwan's Web Infrastructure Compromised by UAT-7237 Using Modified Hacking Utilities *

US Sanctions Garantex, Grinex, and Affiliates for Facilitating Illicit Transactions *

Critical CVE-2025-20265 RADIUS Vulnerability in Cisco FMC Could Allow Remote Code Execution *

Hackers Leverage Microsoft Flaw to Breach Canadian House of Commons Systems *

Microsoft Web Deploy Vulnerability Exposes Enterprise Servers to Remote Attacks *

FireWood Malware Targets Linux for Remote Command Execution and Data Theft *

Malicious Proxyware Spread Through Fake Freeware and YouTube Downloader Sites *

Critical Xerox FreeFlow Core Vulnerabilities Exposed — Public PoC Enables Unauthenticated RCE *

VexTrio Viper: Cybercriminals Exploit CAPTCHAs and App Stores in Global Scam Network *

Hackers Exploit FIDO Authentication Downgrade via Custom Phishlet in AiTM Attacks *

ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration *

Intel, AMD, and Nvidia Disclose Dozens of Security Flaws *

Adobe Fixes Dozens of Vulnerabilities in Creative and Commerce Tools *

Zoom Fixes Critical Windows Vulnerabilities Allowing Privilege Escalation *

SmartLoader Malware Distribution campaign Targets Windows Exploiting GitHub Through Fake Game Hacks and Cracks *

Charon Ransomware: APT-Level Tactics with Devastating Encryption Payloads *

Critical FortiSIEM Vulnerability (CVE-2025-25256) Enables Remote Command Injection *

Chrome 139 Update Fixes Critical Security Flaws in V8, libaom, and ANGLE *

Microsoft Patch Tuesday Security Advisory – August 2025 *

SAP Issues Critical Security Updates for Multiple Product Vulnerabilities *

Royal Enfield Hit by Ransomware Attack: Hackers Claim Full System Breach and Data Encryption *

CVE-2025-53652: Critical Command Injection Discovered in Jenkins Git Parameter Plugin *

Critical Flaw in Dealer Portal Allowed Remote Vehicle Takeover *

Eclypsium Uncovers Critical BadUSB Vulnerability in Lenovo Devices, Hijacked via Firmware Exploit *

Google Issues Highest-Ever Bug Bounty for Critical Chrome Sandbox Escape *

Millions at Risk from SSH Vulnerabilities Uncovered by SSHamble *

TETRA Networks Compromised by Weak Encryption, Replay, and Injection Vulnerabilities *

Connex Credit Union Confirms Data Breach Triggered by Undisclosed Intrusion Vector *

Critical Vulnerability in Smart Bus Systems Exposes Fleet Control and Tracking Risks *

Critical Zero Trust Flaws Expose Zscaler, Netskope, and Check Point to Authentication Bypasses *

Efimer Malware Campaign Exploits Legal Scams and Fake Torrents to Steal Cryptocurrency *

Critical 7-Zip Flaw (CVE-2025-55188) Exposes Linux and Windows Systems to Arbitrary File Writes *

CVE-2025-5095 (CVSS 9.8): Critical Security Vulnerability in ARC Solo Broadcasting Devices Allows Unauthorized Remote Access and Control *

Severe RCE and SSRF Vulnerabilities Discovered in Xerox FreeFlow Core *

APT Sidewinder Uses Fake Government Portals to Harvest Military Credentials *

New ClickFix Malware Campaign Exploits macOS Terminal to Steal Crypto and Personal Data *

Security Risks and Escrow Vulnerabilities in Darknet Market Transactions *

CISA Identifies Critical EG4 Inverter Bugs Enabling Remote Exploitation *

PyPI Blocks Malicious ZIP Uploads to Prevent Parser Confusion Attacks *

Customer Data Compromised in Air France–KLM Breach Tied to Broader Salesforce Exploitation by Cybercrime Group *

IBM X-Force Uncovers CastleBot Malware-as-a-Service Powering Multi-Stage Ransomware Campaigns *

DarkCloud Malware Resurfaces with Advanced Capabilities in Global Windows Attack Campaign *

Severe Linux Kernel Flaw Enables Full Kernel Access via Chrome Sandbox Exploit *

PBS Employee Data Leaked on Discord Fan Servers Following Breach *

Personal Data of 6.4 Million Leaked in Bouygues Telecom Hack *

WinRAR Zero-Day Exploited to Install RomCom Malware via Malicious Archives *

Critical Flaws Discovered in Axis Communications Surveillance Systems *

Columbia University Reports Cyberattack Impacting Over 860,000 Individuals *

Pandora Jewelry Targeted in Supply Chain Cyberattack via External Vendor *

New CISA ICS Advisories Reveal High-Risk Flaws Across Industrial Platforms *

CISA Issues Urgent Alert: Federal Agencies Must Patch Exchange Server Flaw by Monday *

Ruby JWE Security Breach (CVE-2025-54887) Undermines AES-GCM Authentication *

Critical Hybrid Exchange Vulnerability (CVE-2025-53786) Enables Cloud Privilege Escalation *

SocGholish Malware Exploits Hacked Websites for Initial Access *

Malicious Go Modules Identified 11 GitHub Packages Deploy Stealthy Malware *

Phishing Campaign Leverages Microsoft 365 Direct Send to Mimic Internal Email Traffic *

North Korean ScarCruft Group Deploys Advanced Malware and Ransomware Against South Korea *

Malicious npm Packages Target WhatsApp API Developers with Remote Kill Switch and Data Exfiltration Capabilities *

Severe HTTP Flaw Threatens Millions of Websites with Takeover *

1.2 Million Medical Devices and Systems Exposed in Major Data Breach *

Akira Ransomware Launches BYOVD Attack with CPU Tuning Driver *

Lazarus Group Deploys PyLangGhost RAT Using Fake Camera and Mic Errors *

MedusaLocker Ransomware Uses Vulnerable ThrottleStop Driver, exploits RDP and Disables AV in Kernel-Level Attack *

PHP Object Injection Vulnerability in Everest Forms Plugin (CVE-2025-52709) Threatens 100K Sites *

CVE-2025-22470: Critical Vulnerability in SATO Printers Enables Remote Root Control *

Rockwell Automation Patches High-Severity Memory Corruption Flaws in Arena Simulation Software *

Trend Micro Apex One Under Active Attack from Critical RCE Vulnerabilities *

Project AK47: A Hybrid Threat Linking Financial Cybercrime to State-Sponsored Activity *

10,000+ Fake TikTok Domains Target Users with Spyware and Credential Theft *

Kimsuky APT Launches Malware Attack Using LNK Files to Evade Windows Defender *

Adobe Issues Emergency Priority 1 Update for High-Risk AEM Forms Vulnerabilities *

GitHub Action Vulnerability CVE-2025-54594: React Native Bottom Tabs Targeted in RCE Attack *

CISA Urges Action on Exploited D-Link IP Camera Vulnerabilities *

Critical Flaws Discovered in MediaTek Chipsets Across Android and IoT Platforms *

Cisco Discloses Data Breach via Vishing Attack Leading to Unauthorized CRM Access *

Critical SQL Injection Vulnerability Found in ADOdb SQLite3 Driver *

North Korea’s Famous Chollima APT Targets Job Seekers with Malicious GitHub Packages *

PXA Stealer Campaign Targets 62 Countries with DLL Sideloading *

Android Malware Mimics Indian Banks to Steal Data and Mine Crypto *

Critical Android System Vulnerability (CVE-2025-48530) Patched in Latest Security Update *

Royal Ransomware Took Down Wilhelm Einhaus’s Mobile German Insurance Giant *

Critical Vulnerabilities Found in Dahua Security Cameras, Patches Released *

Massive Data Breach at Northwest Radiologists Exposes Sensitive Information of 348,000 Patients *

Nvidia Triton Vulnerabilities Enable Remote Code Execution in AI Servers *

Critical Squid Proxy Vulnerability Allows Remote Code Execution and Data Leaks *

Severe HashiCorp Flaw Lets Hackers Execute Code on Host Systems *

FUJIFILM Printer Vulnerability Exposes Devices to Denial-of-Service Attacks *

North Korean Hackers Hide Malware in Images to Bypass Windows Security *

Interlock Ransomware and ClickFix Social Engineering Exposed *

APT37 Targets South Korean Systems with Steganography and Backdoor Malware *

Phishing Through Wrapped Links Exploiting Proofpoint and Intermedia for Microsoft Credential Theft *

Remote Code Execution Vulnerability Found in NestJS DevTools (CVE-2025-54782) *

Critical Security Flaws in Partner Web: Default Credentials & XSS *

Digital Certificate Leak Undermines PlayReady DRM Security Across Platforms *

Cyberattack on Seychelles Commercial Bank Involving Data Breach and Potential Espionage Activity *

Decryptor for FunkSec Ransomware Released: Victims Can Recover Files at No Cost *

ApolloShadow Malware Installs Root Certificates to Legitimize Malicious Websites *

Chinese-Linked Group Launches Prolonged Cyberattack on Telecom Infrastructure *

Qilin Affiliate Hastalamuerte used for Cryptocurrency Integration,Money Laundering Operations *

Lazarus Group Exploits Software Supply Chains Through npm and PyPI in Advanced Espionage Operation *

AI-Crafted npm Package Conceals Advanced Crypto Wallet Drainer *

Targeted Ransomware Attacks by SafePay Disrupt Key Global Industries *

Undetectable ‘Plague’ Malware Targets Linux for Long-Term SSH Access *

Akira Ransomware Exploits SonicWall SSL VPNs Amid Surge in Attacks *

Hackers Exploit Unauthenticated Relay in Microsoft 365 for Phishing *

Chinese-Backed PlayPraetor Malware-as-a-Service Expands Globally, Targets Mobile Banking Apps *

Critical Security Flaw in Cursor IDE Lets Attackers Execute Code via Malicious Prompts *

Luxembourg Probes Cyberattack That Crippled National Telecom Network *

Pi-hole Data Breach Exposes Donor Information Through WordPress Plugin Vulnerability *

Cybercriminals Exploit EDR Trial Versions to Evade Detection *

$1 Million Bounty Offered for WhatsApp 0-Click RCE Exploit at Pwn2Own Ireland 2025 *

Singapore Battles Advanced Cyber Espionage with Forensic Precision *

Hackers Use TrickBot Malware to Steal $724 Million in Cryptocurrency *

Silver Fox Group Exploits Trusted Tools for Malicious Windows Attacks *

DoubleTrouble Banking Trojan: A New Threat Exploiting Android Accessibility Services *

Critical BIOS Vulnerabilities Discovered in Lenovo Desktops *

Nokia Suffers Data Breach Affecting 94,500 Employees via Third-Party Vendor *

Russian Healthcare Sector Targeted in Cyberattack, Hundreds of Pharmacies Affected *

Critical Zero-Day Vulnerability in CrushFTP (CVE-2025-54309) Enables Unauthenticated Remote Code Execution *

Critical SUSE Manager Flaw Allows Remote Root Access Without Authentication *

Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment *

Qilin Ransomware Exploits Vulnerable TPwSav.sys Driver to Evade EDR and Target Industrial Sector *

NOVABLIGHT: NodeJS Infostealer Disguised as Games and Educational Apps *

New RedLoader Variant Delivered via Sophisticated Multi-Stage Execution by GOLD BLADE *

Critical Privilege Escalation Flaw Found in BeyondTrust Windows Agent *

Critical RCE in WordPress Alone Theme Actively Exploited by Hackers *

Apple Deploys Urgent Security Updates Across All Platforms to Counter Active Threats *

Enterprise LLMs at Risk: Prompt Injection Attacks Expose Critical Security Flaws in AI Systems *

ToxicPanda Android Malware Infects 4,500+ Devices to Steal Banking Data *

Unauthorized Access Uncovered in Base44’s Vibe Coding Ecosystem *

Microsoft Addressed Privacy Breaching TCC Bypass flaw in Unsigned Importers Plugins in Spotlight macOS *

French Telecom Leader Orange Hit by Cybersecurity Breach *

Multiple Critical Firmware Flaws Found in Lenovo All-in-One Desktops *

Critical CodeIgniter Flaw Exposes Millions of Web Apps to ImageMagick File Upload Attacks *

ArmouryLoader: A Sophisticated Multi-Stage Malware Loader Exploiting ASUS Software *

Multi-Stage PowerShell Attack Uses LNK Files to Deploy REMCOS RAT *

XWorm 6.0 Uses AMSI Bypass and Critical Process Tactics to Stay Hidden *

RedHook Android Banking Trojan Targets Vietnamese Users with Phishing, RAT, and Keylogging *

Hackers Exploit SAML Response Mismatch to Bypass Logins in Node-SAML-Driven Apps *

1TB of Sensitive Data Leaked from Naval Group in Major Cybersecurity Scare *

LG Innotek LNV5110R CCTV Cameras Remain Vulnerable to Unauthorized Access Due to Unpatched Flaw *

Indian Payment Gateway Airpay Faces Data Breach Claims Amid Rising Cyberattacks *

Aeroflot IT System Breach Shuts Down Flights at Moscow Airport *

22 Million IPs and Locations Exposed in Leak Zone Dark Web Forum Breach *

Critical Niagara Framework and Industrial System Flaws Expose Infrastructure to Full Takeover *

Scattered Spider Hijacks Virtual Infrastructure to Paralyze U.S. Retail and Transportation Sectors *

Critical Privilege Escalation Vulnerability Found in Lakeside SysTrack (CVE-2025-6241) *

VMware Under Fire: Fire Ant Hackers Exploit ESXi and vCenter Vulnerabilities *

Chaos RaaS Targets Global Businesses in Sophisticated Ransomware Campaign *

Salesforce Released latest version of Tableau Server patching Critical Vulnerabilities Including RCE and SSRF *

GitHub Action Vulnerability CVE-2025-54416 Could Compromise Over 5,000 GitHub Repositories *

Supply Chain Attack Hits Major Open Source JavaScript Dependencies *

CastleLoader Malware Loader Actively Targeting Systems via Phishing and Fake Repositories *

Security Vulnerability in Post SMTP Plugin Puts 200,000 WordPress Sites at Risk of Hijacking *

Allianz Life Announces Data Breach Affecting Most of Its 1.4 Million Customers *

Endgame Gear Hit by Software Supply Chain Attack via Malware Embedded in OP1w 4k v2 Installer *

Microsoft Probes Possible Leak Behind SharePoint Exploits by Chinese State Hackers *

Google Forms Hijacked in Escalating Phishing Campaigns Aimed at Crypto Investors *

Cloud Environments Compromised by Soco404 and Koske Malware Campaigns Leveraging Fileless Techniques *

Cargo-Themed Phishing Emails Deliver EAGLET Malware in Russian Espionage Operation *

Turkish Defense Companies Targeted by Patchwork in Spear-Phishing Campaign Using Malicious Shortcut Files *

Gunra Ransomware Emerges Amid Surge in Dark Web Activity *

Scammers Use Google Forms to Bypass Security and Steal Crypto via Phishing *

Hackers Use Fake Sites and .HTA Scripts to Spread Red Ransomware *

Sophisticated Android Malware Masquerades as Indian Banking Apps to Steal Credentials and Evade Detection *

Mitel Releases Emergency Patches for High-Risk MiVoice MX-ONE Vulnerability *

VMware Patches Critical Security Flaws in Guest Authentication Service VGAuth *

Early Access Steam Game Used as Vehicle for Infostealer Malware by Hacker *

AI-Driven Koske Malware Exploits Image Files to Infect Linux with Cryptominers *

Critical Axios Vulnerability (CVE-2025-54371) Exposes Applications to HTTP Manipulation via Form-Data Flaw *

Cloud-Based Cryptojacking Campaign 'Soco404' Discovered by Researchers *

Stealthy Spyware Found in Popular 4 Open-Source Packages, Impacts 56,000+ Downloads *

Supply Chain Attack Hits Toptal: npm Packages Used for Token Theft & Data Wipe *

New GitLab Security Updates Address Six Vulnerabilities Including Two High-Risk XSS Flaws *

Critical Flaw in AWS Client VPN for Windows Enables Privilege Escalation *

SonicWall Patches Critical Arbitrary File Upload Flaw (CVE-2025-40599) in SMA 100 Series *

Ghost RAT and PhantomNet Malware Used in Targeted Windows Attacks by Chinese Hackers *

Stealthy WordPress Mu-Plugin Backdoor Grants Persistent Admin Access to Hackers *

Critical Security Flaws Found in Synology BeeDrive for Windows *

Critical Command Injection Vulnerabilities Discovered in TP-Link NVR Devices *

EdskManager RAT Uses HVNC to Enable Hidden Remote Access and Evade Detection *

SonicWall SMA 100 Under Threat: Patch Buffer Overflow and XSS Vulnerabilities ASAP *

Mozilla Fixes Critical JavaScript and Memory Flaws in Firefox 141 Release *

Critical Vulnerability in form-data JavaScript Library Exposes Applications to Remote Attacks *

Coyote Trojan Leverages Windows UI Automation to Swipe Bank and Crypto Logins *

Ransomware Groups Exploit RMM Tools for Network Intrusion and Data Theft *

Unauthenticated SSRF in Manager.io (CVE-2025-54122) Enables Full Cloud Compromise *

Google Chrome Fixes Two High-Risk V8 JavaScript Engine Flaws CVE-2025-8010 and CVE-2025-8011 *

Malicious npm Package Update Distributes Scavenger Malware *

New Apache Jena Security Bugs Could Lead to System Compromise via Admin Abuse *

Kubernetes Image Builder Vulnerability Enables Remote Admin Access on Windows VMs *

Dark Web Travel Agencies: The Cybercrime Syndicates Undermining Hospitality *

Fake Facebook & TikTok Apps Spread Android Malware for Data Theft and Monetization *

Critical Security Bug in Nokia WaveSuite NOC Could Allow Remote Attacks on Telecom Systems *

Critical Fixes in wolfSSL: Apple Certificate Bypass and Weak Randomness Patched *

Sophos Issues Urgent Hotfixes for Firewall Vulnerabilities in Older Firmware Versions causing RCE *

Authentication Bypass and Command Injection Vulnerabilities found in HPE Networking Devices *

VanHelsing Ransomware Group Strikes Compumedics, Leaks Patient Health Data *

Radiology Associates of Richmond Confirms Data Breach Affecting 1.4 Million *

The Texas Alcohol & Drug Testing Service Confirms Major Data Breach Impacting Over 748,000 Individuals *

Microsoft Urges Immediate Patching of Actively Exploited SharePoint Vulnerability *

QR Phishing Attack Lets PoisonSeed Hackers Bypass FIDO Protections *

SilentRoute: Malicious SonicWall VPN Client Compromises Enterprise Login Data *

Malicious RAR5 Archives Exploit 7-Zip Vulnerability *

Critical Livewire RCE Vulnerability (CVE-2025-54068) Puts Laravel Apps at Risk *

Katz Stealer Malware Is a One Hundred Dollar Per Month Threat That Steals Digital Identities *

APT28 Exploits Outlook, WinRAR, and Webmail Flaws for Espionage Operations *

Lumma Infostealer Campaign Monetizes Stolen Credentials on Cybercrime Forums *

Deceptive Voicemail Malware Campaign Impersonating Veeam Targets Enterprise Users *

2,800 Domains Linked to Ongoing Chinese Malware Attacks on Windows Users *

Threat Actors Exploit CrushFTP Vulnerability to Gain Unauthorized Admin Control *

Attackers Leverage Ivanti Zero-Days to Inject Cobalt Strike Using MDifyLoader *

CERT-UA Uncovers LAMEHUG Malware Using AI in Phishing Attacks Linked to APT28 *

TeleMessage SGNL Exposed via Unsecured Spring Boot Endpoint *

Official Ransomware Decryptor Restores Phobos and 8Base Files at No Cost *

Arch Linux AUR Compromised by Malicious Packages Distributing CHAOS RAT Malware *

Sophisticated Cyber Espionage Campaign Targets Asia: UNG0002 Behind Attacks *

Massistant Spy Tool Used by Chinese Authorities to Access Private Data from Mobile Phones *

Massive Data Breach Hits Anne Arundel Dermatology, 1.9 Million Impacted *

Security Flaws in Grafana Allow Redirects and Code Execution *

Critical Buffer Overflow in Lenovo Protection Driver Exposes Systems to Privilege Escalation *

Local Privilege Escalation Bugs Found in Sophos Intercept X Components *

High Severity Security Flaw Identified in NVIDIA Container Toolkit Affecting AI Workloads *

NoName057(16) Hacktivist Network Dismantled by Europol Over DDoS Campaigns *

Amadey Malware Campaign Leverages GitHub Repositories to Evade Detection *

Major Russian Drone Supplier Targeted by Ukrainian Cyberattack *

Critical Unauthenticated Stack Overflow flaw in D-Link DIR-825 Router Leads to Remote DoS *

H2Miner Malware Targets Linux, Windows, and Containers to Illegally Mine Monero *

Microsoft Teams Exploited to Deliver Encrypted Matanbuchus Malware *

Oracle Addresses 200 Security Flaws in July 2025 Critical Patch Update *

Cisco Addresses New Critical Vulnerability in ISE System *

Critical RCE Vulnerability in SharePoint's Deserialization Logic *

Protestware Spreads Through 28+ Malicious Software Packages *

DNS Tunneling Exploits: A Growing Risk for Enterprise Network Security *

Android Malware campaign employs Typosquat-Domains, Telegram APKs to Spread Malware via Phishing *

New Malware Campaign Targets WordPress Sites with ZIP Archive Exploit *

Google’s AI ‘Big Sleep’ Uncovers Critical SQLite 0-Day, Stops Active Exploits *

Lenovo Vantage Vulnerabilities Allow Local Attackers to Escalate to SYSTEM Privileges *

Unprecedented Cyber Siege: DDoS Hits 7.3 Tbps with Billions of Packets *

Polyglot File Trick Bypasses Email Filters in New Malware Attacks *

Konfety Malware Exploits APK ZIP Structure for Silent Infiltration *

Ransomware Breach in Albemarle County Exploits On-Premises Infrastructure *

Google Issues Emergency Chrome Patch Zero-Day Exploit and Two More High-Severity Vulnerabilities *

VMXNET3, VMCI, and PVSCSI Vulnerabilities in VMware Receive Critical Fixes from Broadcom *

Node.js Security Fixes CVE-2025-27210 (Path Traversal), CVE-2025-27209 (HashDoS) flaws in latest release *

Century Support Services Suffers Major Data Breach Involving Financial and Health Data *

DragonForce Targets U.S. Retailer Belk in May 2025 Breach *

Critical Security Vulnerability in Kafbat UI Allows Remote Code Execution Without Authentication *

High-Severity Git Vulnerability Affects DevOps Pipelines and CI-CD Tools *

Espionage in the Cloud: CL-STA-1020's Use of AWS Lambda for Covert Government Surveillance *

Cybercriminals Clone Major News Sites in Global Investment Fraud Scheme *

The Apache Tomcat Coyote Flaw Enable Attackers to Cause DoS Attacks *

Interlock Ransomware Campaign Leverages FileFix for RAT Deployment *

Open VSX Marketplace Abused to Breach Cursor AI, Steal $500K in Digital Assets *

BlackSuit Ransomware Strikes with Speed, Stealth, and Data Theft *

HazyBeacon Backdoor Exploits AWS Lambda for Covert C2, Aims at Government Targets *

North Korean XORIndex Malware Targets Developers via npm Supply Chain through Multi-staging *

Fortinet FortiWeb Hit by Severe SQLi to RCE Flaw — Patch Immediately *

Gigabyte UEFI Bugs Threaten System Integrity with Persistent Exploits *

Bitcoin Depot Suffers Major Security Breach, Exposing 27,000 Users' Data *

Louis Vuitton Reports Data Breach Affecting Global Customers *

Red Bull Job Scam Masks Sophisticated Phishing Campaign *

Cyber Weapons, A The New Frontier of Modern Warfare *

Zero Click RenderShock Attacks: Exploiting File Previews and Indexing Services *

Billions of IoT Devices Vulnerable Due to Kigen eUICC Card Exploit *

Invisible Email Prompts Hijack Gemini to Spread Phishing *

Critical IP Camera Vulnerability (CVE-2025-7503) Exposes Devices to Full Remote Takeover *

DoNot APT Exploits Cloud Services in Attack on European Diplomatic Networks *

Helm Security Update Fixes Critical Local Code Execution Vulnerability *

GitHub Repositories Masquerading as Free VPNs Spread Lumma Stealer Malware *

Interlock RAT new PHP Variant Targets Windows via Fake CAPTCHA and PowerShell Execution *

Gravity Forms Plugin Hit by WordPress Supply Chain Attack Through Official Downloads *

Stealthy Cyber Campaign Exploits ASP.NET Servers Using Leaked Machine Keys *

GPUHammer Attack Exposes AI Model Vulnerabilities in NVIDIA GPUs *

Fox Kitten Linked Pay2Key I2P RaaS backed by Iran Targets US and Israel, attacks Critical Infrastructure *

Active macOS Infostealer Campaigns Aim to Extract Sensitive User Data *

Critical IAM Policy Misconfiguration Exposes Delegation Risk in AWS Organizations *

Customer Data at Risk as Arkana Claims Major Breach in Telecom Industry *

New Malware Variant Spreads Through ISO File with Hidden Payload *

Massive McHire Data Exposure Affects Over 64 Million Job Applicants *

Critical Laravel Flaw: Leaked public APP_KEY Enables Remote Code Execution *

Denial-of-Service Risk Found in Juniper Junos OS *

Critical Remote Vulnerability in D-Link DIR-825 Routers Enables Unauthenticated DoS Attacks *

Arbitrary File Deletion Bug in WordPress Plugin Allows Remote Code Execution *

Vulnerabilities in RapidFire Tools Network Detective Put Global IT Environments at Risk *

Malicious Actors Leverage Fake Tech Companies to Target Crypto Users on Telegram and Discord *

Severe Vulnerabilities in MCP Tools Expose AI Systems to Remote Code Execution *

PerfektBlue Exploit Demonstrated on Volkswagen, Skoda, Mercedes Head Units *

AI-Powered Extension Used by Hackers to Steal $500,000 in Crypto Assets *

Palo Alto Networks Patched Critical Privilege Escalation Vulnerability in GlobalProtect VPN *

Schneider Electric Vulnerabilities Open Door to OS-Level Attacks *

Hackers Use GitHub to Spread Fake VPN Malware *

Siemens, Schneider Electric, and Phoenix Contact Address ICS Security Issues on Patch Tuesday *

Unpatched Ruckus Flaws Expose Wireless Networks to Full Compromise *

Qilin-Driven Ransomware Wave Triggers Global Security Concerns *

Remote Code Execution Bug in GeoServer Used to Spread Cryptocurrency Miners *

GreyNoise Uncovers 3,600+ Device Botnet Scraping US and UK Web Servers *

Chinese Cyber Group Exploits Exchange Server Flaws to Exfiltrate COVID-19 Research *

SparkKitty Malware Targets iOS and Android to Steal Photos *

Microsoft Fixes Wormable Remote Code Execution Flaw Affecting Windows Client and Server Systems *

Adobe Releases Patches for Critical Code Execution Vulnerabilities *

SAP Releases Security Updates to Address Remote Code Execution and System Takeover Risks *

XwormRAT Malware Campaign Leverages Code Injection for Stealthy System Compromise *

Google Play Apps Deliver Anatsa Banking Malware to Users in the U.S. and Canada *

CVE-2025-48818: BitLocker TOCTOU Flaw Allows Physical Bypass of Disk Encryption Protections *

Vulnerabilities in Zoom Windows Clients Could Allow Denial of Service (DoS) Attacks *

Nippon Steel Solutions 0-Day Network Flaw Exposes Sensitive User Data *

11 Google-Verified Chrome Extensions Spread Malware to Over 1.7 Million Users *

Microsoft Patch Tuesday Security Advisory – July 2025 *

FortiOS Heap Overflow Bug in Wireless Client Setup Raises RCE Concerns *

Critical Security Update for Ivanti Connect Secure and Policy Secure Products *

NTLM Credential Theft Enabled by Unicode Bypass Vulnerability in DNN CMS *

NordDragonScan Uses LNK and HTA Scripts to Deploy Infostealer on Windows *

CVE-2025-24269: Severe macOS SMBClient Flaw Allows RCE and Kernel Crashes *

Critical Security Flaw Forces Call of Duty: WWII Offline on PC *

Batavia Spyware Infects Employees Through Malicious Word Documents *

Slopsquatting Rise of AI Supply Chain Attacks exploiting Hallucinated Dependencies *

Android Malware Attacks Surge in Q2, Fueled by Banking Trojans and Spyware *

Linux Initial RAM Filesystem Vulnerability Grants Root Access During Encrypted Boot Process *

Remote Code Execution Risk Found in Comodo Internet Security 2025 *

Ransomware Disrupts Ingram Micro's Tech Distribution and Logistics Network *

Gaming-Themed Firefox Add-ons Used as Trojan Horses for OAuth and Data Theft *

Rising Threat: Malicious Drivers Exploit Windows Signing to Bypass Security *

CVE-2025-47227 & CVE-2025-47228: ScriptCase Bugs Threaten Server Security. *

RingReaper: Exploiting io_uring for Stealthy Linux EDR Evasion *

TAG-140 Strikes Indian Infrastructure Using Advanced Remote Access Trojan *

XWorm RAT Transforms into LockBit Ransomware Delivery Vector *

Hpingbot Botnet targets Windows, Linux, IoT systems via Pastebin, hping3 *

PoC Published for Linux Privilege Escalation Flaw Affecting udisksd and libblockdev *

Sophisticated XWorm RAT Exploits Advanced Evasion and Persistence Techniques *

Cybercriminals Launch Fake DWP Alert Scheme to Steal Financial Data *

Cybercriminals Turn Job Boards and Messaging Apps into Fraud Channels *

New Citrix Vulnerability Enables Session Hijacking and MFA Bypass *

Massive Data Breach Hits CIEE: 248K+ Records Exposed by Threat Actor 888 *

Cybercriminals Weaponized Inno Setup for Stealthy Malware Delivery *

Caution: Fraudulent MBAs and Degree Scams Thrive via Misleading .edu.eu European Domains *

NightEagle APT Exploits Zero-Day Vulnerability to Target Microsoft Exchange Servers in China *

Hpingbot and Crypto Miners Exploit Java and SSH Vulnerabilities in Coordinated Campaigns *

NSB Flags Chinese Apps for Excessive Data Collection and Privacy Risks *

Ingram Micro Experiences Global Outage, Cause Still Unknown *

Hellcat Ransomware Group Targets Telefónica Again via Jira Flaw *

PHP Vulnerabilities Identified – Potential for SQL Injection and DoS Attacks *

Fake SEO Plugins Compromise WordPress Sites Through Search Engine Spam *

Beware of Fake Online Stores Copying Big Brands and Stealing Payments *

High Severity Cache Poisoning Vulnerability in Next.js (CVE-2025-49826) Affects Self-Hosted and On-Prem Deployments *

New Apache APISIX Vulnerability Impacts Federated Identity Environments *

Kelly Benefits Notifies 553,000 Affected After Major Data Compromise *

HUMAN Satori Uncovers Sophisticated Mobile Ad Fraud Scheme: IconAds *

HIKVISION applyCT Exposed: Fastjson Flaw Enables Critical Remote Code Execution *

Lenovo System File Flaw Enables AppLocker Evasion Tactics *

Sudo Vulnerabilities Expose Root Privilege Escalation Risk Across Major Linux Distros *

Cybercriminals Exploit VPNs, Cisco Faces Surge in Password Spray Attacks *

Hpingbot Leverages Pastebin for Payload Delivery and Launches DDoS via Hping3 *

Cybercriminals Exploit Trust in .COM: Dominates Credential Phishing Landscape *

Qantas Data Breach Exposes Information of Up to 6 Million Customers *

Azure API Vulnerabilities Expose VPN Keys, Enable Over-Privileged Access *

ModSecurity Vulnerability CVE-2025-52891 Exposes Web Servers to XML-Based DoS Attacks *

Cisco Unified CM Vulnerability Enables Remote System Control *

Wing FTP Server Critical RCE Vulnerability (CVE-2025-47812) Allows Full Server Takeover *

Qwizzserial Android Malware Poses as Legit Apps to Steal Banking Info and 2FA Codes *

Malicious IDE Extensions Bypass Trust Checks, Target Developers Globally *

Security Flaw in YONO SBI App Puts Users at Risk of Man-in-the-Middle Attacks *

Critical Flaw in Forminator Plugin Threatens Over 400,000 WordPress Sites *

DCRat Malware Exploits Windows for Stealth Control and Information Extraction *

Exploiting Nessus Vulnerabilities on Windows Arbitrary System File Overwrites *

Chinese Houken Group Exploits Ivanti Zero-Days to Deploy Advanced Linux Rootkits *

FileFix Exploit Abuses Windows Browser Functions to Evade Mark-of-the-Web Security *

New DEVMAN Ransomware from DragonForce Targets Windows 10 and 11 Users *

Kimsuky Hackers Leverage ClickFix Tactic to Deploy Malicious Scripts Globally *

Critical Remote Code Execution Vulnerability Discovered in Anthropic MCP Inspector Tool *

Patient Data Compromised in Esse Health Cybersecurity Incident *

Multiple Security Issues in IBM Cloud Pak Put Enterprise Data at Risk *

Django Framework Exposed: Path Traversal and RCE Vulnerabilities Identified *

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories. *

Blind Eagle Targets Colombian Banks with Proton66 Hosting for Phishing and RAT Attacks *

Escalating Iranian Cyber Campaigns Target U.S. Defense and Industrial Networks *

Hackers Exploit UAC Bypass and .PIF Files to Spread Remcos Malware on Windows Devices *

Google Releases Emergency Patch for Actively Exploited Chrome Zero-Day Vulnerability *

Threat Actors Leverage Facebook Ads for Widespread Malware Distribution *

Sarcoma Ransomware Group Breaches Swiss Nonprofit Health Organization Radix *

High-Risk Flaws in D-Link Router Allow Unauthenticated Remote Code Execution *

Evasive Payload Generator ‘Zig Strike’ Raises Red Flags Across Security Industry *

Critical Synology Backup Flaw Exposes Microsoft 365 Data Worldwide *

IBM WebSphere Application Server Flaw Permits Remote Code Execution *

Critical Langflow Vulnerability Exploited to Launch Flodrix Botnet Attacks *

Hackers Use Snake Keylogger in Spearphishing Attacks Amid Rising Oil Geopolitics *

WordPress Sites Compromised by Stealthy RAT Campaign Using header.php Dropper *

RansomHub Ransomware Targets RDP Servers with Mimikatz and Advanced IP Scanner Tools *

Cloudflare Enhances Orange Meets with End-to-End Encryption and Open Source Access *

Bluetooth Vulnerabilities in Airoha Chipsets Expose Audio Devices to Attacks *

APT42 Spear-Phishing Campaign Targets Israeli Experts with Social Engineering *

Glasgow City Council Hit by Cybersecurity Breach *

Updated GIFTEDCROOK Malware Targets Ukrainian Government Entities *

Scattered Spider Expands Attacks to Aviation Sector Using Social Engineering *

Citrix NetScaler CVE-2025-6543 Flaw (CVSS 9.2) Exploited in Real-World Attacks *

Hackers Leak Data of Paraguay’s Citizens, Demand $7.4 Million Ransom *

Trojanized Software Installers Deliver Sainbox RAT to Windows Systems *

CapCut-Inspired Phishing Lures Users Into Sharing Sensitive Data *

TikTok Exploited in Global Malware Scheme Targeting PowerShell Users *

Open VSX Exploit Could Let Attackers Push Malicious VS Code Extensions *

Pre-Authentication DoS Vulnerability (CVE-2025-6709) Impacts MongoDB Server *

Hunt Electronics DVR Flaw Exposes Admin Passwords *

APT-C-36 Uses WebDAV Malware Delivery and Dynamic DNS to Evade *

Cyber Incident Hits Hawaiian Airlines, No Impact on Travel or Safety *

UNFI Recovers Core Systems Following Cyberattack on Whole Foods Supplier *

Massive Data Breach at Ahold Delhaize Hits 2.2 Million Individuals *

Critical Mitsubishi Electric AC Vulnerability Enables Remote Control Without Authentication *

Microsoft 365 Direct Send Abuse Enables Internal-Looking Phishing Attacks *

APT35 Intensifies Cyberwarfare with High-Tech Phishing on Israeli Security Experts *

Microsoft Teams Introduces Admin Controls to Manage M365 Apps for Improved Security *

HPE OneView for VMware vCenter Security Flaw Enables Privilege Escalation *

Critical Cisco ISE Flaws Enable Remote Execution of Malicious Commands *

Authentication Bypass Vulnerability Reported in ControlID iDSecure Software *

Pubload Malware Campaign Targets Tibetan Groups with Spear Phishing *

Realtek Bluetooth Vulnerability Enables DoS Attacks During Device Pairing *

CISA Issues Alert on MICROSENS NMP Web+ Vulnerabilities Allowing Full System Access *

Vulnerabilities in Brother Devices Allow Execution of Unauthorized HTTP Requests *

Chrome Releases Security Update to Fix 11 Code Execution Flaws *

Firefox 140 Released with Fix for Critical Code Execution Vulnerability – Immediate Update Advised *

TeamViewer Flaw Exposes Windows Systems to High-Risk File Deletion Attacks *

Critical Vulnerability in NVIDIA Megatron-LM Enables Malicious Code Injection *

FileFix Exploit Uses File Explorer to Run Hidden PowerShell Commands *

More Than 2,000 Devices Infected in Phishing Attacks Using Weaponized Social Security Statements *

TAG-140 targets Indian Govt. through DRAT V2 RAT, Exploiting Ministry of Defence Portal *

Hackers Inject Fake Customer Support Numbers into Bank of America, Netflix, and Microsoft Services *

SHOE RACK Malware Exploits Fortinet Firewalls Using DNS-over-HTTPS and SSH *

Critical Flaw in OPPO Clone Phone App Threatens User Data Security *

Critical Security Flaw CVE-2025-52562 Identified in Performave Convoy Management Panel *

Zimbra Issues Urgent Patch for High-Risk Stored XSS Vulnerability *

Silent Werewolf Exploits Windows LNK Flaw to Deploy XDigo Malware Across Eastern Europe *

WhatsApp Ban Enforced on U.S. House Devices for Security Reasons *

U.S. DHS Issues Warning on Rising Iranian Cyberattack Threats Amid Escalating Tensions *

SOHO Under Siege: LapDogs Malware Campaign Redefines Stealth Attacks *

CERT-UA Uncovers APT28 Targeting Ukrainian Government ICS with BEARDSHELL and COVENANT Malware *

IBM patches Critical vulnerabilities causing RCE and Data leakage in UP12 IF02 release. *

REvil Hackers Freed After Convictions on Carding and Malware *

New Malware Strains Delivered Through Signal in APT28 Attacks on Ukraine *

Critical Notepad++ Flaw Allows Full System Takeover – PoC Now Public *

TikTok Mods Weaponized: SparkKitty Spyware Hunts Crypto Wallets *

Cyberattack on McLaren Health Exposes Critical Patient Data *

Critical Vulnerabilities in Amazon EKS Lead to AWS Credential Exposure and Privilege Escalation *

Critical Teleport Vulnerability Allows SSH Authentication Bypass *

Mocha Manakin Exploits PowerShell and Node.js in Sophisticated Malware Chain *

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks *

Colombian Phishing Scheme Exploits SVG Files to Distribute AsyncRAT and RemcosRAT *

Critical RCE Vulnerability in Mattermost (CVE-2025-4981, CVSS 9.9) Exploited via Path Traversal *

Fraudulent Pop-Ups on CoinTelegraph Site Trick Users in Crypto Theft *

CoinMarketCap Hacked via Supply Chain Attack to Steal Crypto Through Fake Web3 Popup *

RapperBot Strikes Again: 50,000 Devices affected by DDOS Demanding Monero *

Confucius APT Unveils New Modular Backdoor Anondoor in Advanced Espionage Campaign *

Severe Meshtastic Vulnerability Exposes Private Messages to Attackers *

Google Flags New Tactic for MFA Bypass in Gmail by Russian Hackers *

Oxford City Council Suffers Data Breach Impacting Legacy Systems and Staff Records *

Aflac Reports Network Breach, Potential Data Exposure Under Investigation *

Unpatched Mattermost Servers Exposed to High-Risk Exploits *

OpenVPN 2.7_alpha2 Released with Major Upgrades and Critical Security Patch *

Paste-and-Run Scheme Powers Mocha Manakin Malware Attacks *

Trojanized WhatsApp Installer Targets East and Southeast Asia with XWorm RAT *

Prometei Botnet Update Targets Linux Infrastructure with Mining and Credential Theft *

Russia Faces Cyberattack Targeting Critical Veterinary Certification System *

UK Retail Giants Hit by Coordinated Cyberattack, CMC Labels It ‘Systemic Event’ *

Pickai Backdoor Exploits ComfyUI Flaws in Global AI Infrastructure Attack *

Hackers Seize Iranian Broadcast and Crypto in Sophisticated Cyber Strike *

Tonga's NHIS targeted in Ransomware attack, impacting digital functions *

Personal Data Exposed in Cyberattack on Oxford City Council *

Donut Giant Krispy Kreme Discloses Massive Data Breach After Ransomware Attack *

Critical Privilege Escalation Vulnerability in Motors WordPress Theme *

Cloudflare Tunnel Exploited in Global Malware Distribution Campaign *

Trojanized Python Tools Discovered in Massive GitHub Malware Campaign *

Record-Breaking 7.3 Tbps DDoS Attack Floods Hosting Provider with 37.4 TB in Under a Minute *

DuckDuckGo Boosts Scam Blocker to Block Fake Stores, Crypto Scams & Malvertising *

Godfather Android Trojan Now Operates Inside Fake App Environments *

MCP AI Engine Exploit Threatens More Than 100,000 WordPress Sites *

North Korean Hackers Use Social Engineering and Calendly to Deliver AppleScript Malware *

Silver Fox APT Exploits Trojanized Medical Software in Multi-Stage Cyber Espionage Attacks *

Cyberattackers impersonate MineCraft Mods targteting players via Multi-stage Malware *

The Pervasive Threat of the 16 Billion Record Data Leak *

Apache Traffic Server Vulnerability Enables Denial-of-Service via Memory Exhaustion *

Cisco AnyConnect VPN Vulnerability Enables Unauthenticated DoS Attacks *

LogMeIn Remote Access Exploited in Targeted System Breach *

Sophisticated Phishing Attack Using ASP Pages Targets Prominent Critics of Russia *

Hackers Use Cloudflare Tunnels to Deploy Python Malware on Windows Systems *

North Korean Chollima Hackers Deploy GolangGhost RAT Against Windows and macOS *

Sorillus RAT Campaign Abuses Cloud Services to Target European Organizations *

Critical Remote Code Execution Flaw Discovered in Cisco ClamAV (CVE-2025-20260, CVSS 9.8) *

Critical WordPress Plugin Flaw Allows Subscriber-Level Privilege Escalation *

Chrome 137 Update Fixes Multiple High-Severity Security Flaws *

Citrix NetScaler Receives Patch for Critical Security Flaw *

Hackers Bypass Security in Apple Pay and Google Pay Using Transit Mode *

Evasive Winos 4.0 Malware Campaign Hits Taiwan with Targeted Phishing Attacks *

Scania Suffers Insurance Data Breach in Cyber Extortion Attack *

KimJongRAT Uses Legitimate CDNs and Windows Utilities in Updated Multistage Attack Campaign *

Linux Kernel Vulnerability Allows Privilege Escalation via Namespace Abuse *

Critical Linux Root Exploit Chain Discovered in PAM and UDisks *

Flodrix Botnet Deployed via Active Exploitation of Langflow RCE Vulnerability *

Freedman HealthCare Targeted in Significant Data Breach *

Critical SSTI Vulnerability (CVE-2025-5309) in BeyondTrust RS and PRA Enables Remote Code Execution *

Chrome Users Targeted via Zero-Day Exploit in Ongoing Phishing Attacks *

RapiPlata SpyLoan App Exposes Over 150,000 Users to Severe Data Breach *

Critical Vulnerabilities in sslh Lead to Remote Denial-of-Service Attacks *

Critical TP-Link and Zyxel Flaws Exploited in the Wild, CISA and GreyNoise Warn *

Scattered Spider Hackers Escalate Attacks on U.S. Insurance Industry *

Vulnerability in ASUS Armoury Crate Allows Elevation to Admin on Windows *

Washington Post Hacked – Journalists' Email Accounts Breached in Targeted Cyberattack *

Gunra Ransomware group targets American Hospital Dubai in Major Data Breach *

Zoomcar Data Breach Exposes Personal Information of 8.4 Million Users *

Asheville Eye Associates Reports Data Breach Impacting 147,000 Individuals *

Spring Framework Vulnerability Exposes Applications to Reflected File Download Attacks *

Over 20 Fake Crypto Wallet Apps on Google Play Steal Users’ Login Details *

IBM Warns of High-Risk Privilege Escalation Vulnerability in BRMS for iSeries *

Malicious PyPI Package Targets Developers: Chimera-Sandbox-Extensions Exposed *

Tenable Patches Critical Agent Software Privilege Access Flaws Impacting Windows Systems *

AI-Powered Discovery of Zero-Day Vulnerabilities in .NET Assemblies *

KIA Vehicles in Ecuador at Risk Due to Outdated Keyless Entry Technology *

Critical Bug in Grafana Leaves Thousands of Monitoring Systems Open to Takeover *

High-Risk Vulnerability in Mitel OpenScape Accounting Management – CVE-2025-23092 *

Security Flaw in Grafana Lets Low-Level Users Access DingDing Webhook URLs *

Cybercriminals Exploit DeepSeek-R1 Chatbot Hype to Spread BrowserVenom Malware *

APT Tactics Observed in Fog Ransomware Attack on Asian Finance Sector *

Critical Windows SMB Client Flaw Enables SYSTEM-Level Privilege Escalation via Kerberos Abuse *

U.S. Sharp Healthcare Patients Impacted by Episource Data Breach in Ransomware attack *

Cyberattacks Disrupt Government Services in North Carolina and Georgia *

Quasar RAT Uses Batch Scripts and Sandbox Evasion to Stay Undetected *

Anubis Ransomware Evolves with Destructive Wiping Feature *

Cyber Intrusion at WestJet Affects App and Backend Services *

New TokenBreak Attack Outsmarts AI Moderation with One-Character Tweaks *

Weaponizing WordPress: Inside VexTrio’s Global Scam Network and Affiliate TDS Ecosystem *

Cloudflare, Google Workspace services impacted by Google Cloud's outage *

Critical Security Vulnerability Puts Mitel MiCollab Deployments at Risk *

New JavaScript Injection Campaign Using JSFireTruck Threatens Web Users *

New Ransomware Campaigns Leverage Unpatched SimpleHelp for Double Extortion *

Microsoft 365 MFA Service Disruption Due to Internal Configuration Update *

Discord Invitation Vulnerability Abused in Ongoing Malware Campaign *

Apple’s iMessage Used as Spyware Gateway in Targeted Attacks *

ACL Policy Misconfiguration in Nomad Opens Door to Job Hijacking *

OAuth Exploited: Phishing Attacks Hijack GitHub Tokens via Device Code Flow *

Acer ControlCenter Security Flaw Exposes Windows to Remote Code Execution *

OpenPGP.js Vulnerability Permits Evasion of Message Signature Validation *

OneLogin AD Connector Flaw Exposes User Authentication Credentials *

Malware Attack via Expired Discord Invite Links *

CVE-2025-49146: PostgreSQL JDBC Driver Bug Opens Door to Man-in-the-Middle Attacks *

Amazon Cloud Cam Vulnerability Could Be Leveraged for Network Reconnaissance *

Microsoft Outlook Vulnerability Could Allow Remote Code Execution by Hackers *

Trend Micro Issues Urgent Patches for Critical Apex One Vulnerabilities *

Palo Alto Networks Addresses Privilege Escalation Vulnerabilities with New Patches *

Graphite Spyware Exploited in Apple iOS Zero-Click Attacks Targeting Journalists *

Proofpoint Uncovers Entra ID Breach Campaign Using Legitimate Security Tool *

Reflective Kerberos Relay Attack: A New Zero-Day Threat to Windows SMB Client *

Critical Vulnerabilities in Weidmueller IE-SR-2TX Routers Enable Remote Root Exploits *

GitLab Urgent Update: Critical Security Flaws Fixed – Immediate Upgrade Required *

Adobe Issues Security Update to Resolve 254 Vulnerabilities *

SinoTrack GPS Devices Found Vulnerable to Unauthorized Remote Access *

Chrome and Firefox Updates Patch Critical Memory Vulnerabilities *

Zero-click AI Data Leak Vulnerability Discovered in Microsoft 365 Copilot *

Privilege Escalation and Secret Key Exposure Fixed in Apache CloudStack LTS Releases *

Ivanti Addresses Critical Credential Security Vulnerabilities in Workspace Control *

Critical Kibana Vulnerability: Synthetic Monitoring at Risk of Unauthorized Entry *

Firmware-Level Privilege Escalation Through Insyde’s Insecure NVRAM Variable SecureFlashCertData *

HPE Aruba Patches Sensitive Data Exposure Vulnerability in Private 5G Core *

Microsoft Patch Tuesday Security Advisory- June 2025 *

TxDOT Data Breach Exposes Sensitive Driver Information *

Ongoing Heroku Outage Impacts Developers and Online Services *

FIN6 Leverages Fake Resumes and Cloud Infrastructure to Deliver More_eggs Malware *

Roundcube Webmail Vulnerability CVE-2025-49113 Enables Remote Code Execution via PHP Object Injection *

Misconfigured DanaBot C2 API Endpoint Discloses Sensitive Attacker Information *

Critical Remote Code Execution Flaw in ManageEngine Exchange Reporter Plus *

Security Flaw Threatens Over 33,000 RealHomes WordPress Sites with Admin Hijacking *

OpenAI Cracks Down on Misuse of ChatGPT by Russian, Chinese, and North Korean Actors *

Critical QNAP Vulnerabilities Enable Remote Account Hijacking *

Chinese Hackers Target SentinelOne in Failed Breach Attempt, Report Finds *

Operation DRAGONCLONE: China-Aligned APT Targets China Mobile Tietong with Advanced Malware and Exploits *

Critical Authentication Bypass in RevPi Webstatus (CVE-2025-41646) Exposes Industrial Systems to Remote Attacks *

Critical Vulnerability in Lovable Platform Exposes User Data *

Phishing Campaign Targets Legacy Office Users with FormBook-Infested Excel Files *

Chinese Nation-State Hackers Launch Coordinated Attacks Across 70+ Entities *

Wazuh Servers Hit by Mirai Botnets Exploiting Critical RCE Flaw *

Cyberattack Disrupts United Natural Foods Inc. (UNFI), Operations Across U.S. and Canada *

Sensata Technologies Data Breach Exposes Employee Information After Ransomware Attack *

Socket Uncovers npm Malware Designed to Annihilate Production Systems *

Salesforce Aura Controller Hit by Critical SOQL Injection Vulnerability *

Millions of Devices Compromised by HelloTDS Malware Through Fake Captcha Networks *

Encoded Malware and Social Engineering Used in Recent Kimsuky Operation *

GitHub Hosts Emerging C# Malware Toolkit DuplexSpy RAT *

Blitz Malware Spreads Through Backdoored Standoff 2 Cheats *

North Korea Hit by Widespread Internet Outage, Internal Cause Suspected *

Malware Discovered in NPM Packages with Over 1 Million Weekly Downloads *

Malicious Android App Posing as Government Tool Distributes Stealer Malware *

Malicious Actors Exploit ChatGPT to Generate Fake IT Resumes and Spread Disinformation *

Operation Phantom Enigma: Browser Extension Malware Campaign Hits Brazil *

Fake Microsoft Support Centers in India Scammed Thousands in Japan *

Backdoor Vulnerabilities in npm Modules Allow Complete File Deletion *

DragonForce Targets Critical Industries in Sophisticated Ransomware Attacks *

Rust-Coded Infostealer Targets Chromium Profiles and Bypasses EDR *

ClickFix Phishing Attack Leverages Cloudflare CAPTCHA Spoofing *

Single User Behind Hundreds of Malicious GitHub Repos Aimed at Novice Cybercriminals *

BladedFeline Cyber Group Intensifies Espionage Against Iraqi and Kurdish Targets *

Optima Tax Relief Hit by Chaos Ransomware in Double-Extortion Attack *

Modified Mirai Botnet Targets Legacy Surveillance Systems *

Cybersecurity Researchers Discovered Critical Flaws in Popular Chrome Extensions *

Unpatched Fortinet Systems Targeted in New Qilin Ransomware Surge *

Kettering Health Confirms Major Ransomware Attack by Interlock Group *

Amplify Codegen Vulnerability Allows Remote Code Execution *

Critical FreeRTOS-Plus-TCP Vulnerability Enables Remote Code Execution or System Crash *

BadBox 2.0 Malware Targets Over Million Android Devices in Global Cyber Threat *

Paste ee Exploited as Malware Delivery Vector for XWorm and AsyncRAT *

TA397 targets China and Europe organizations exploit scheduled tasks, deploy RAT via SpearPhishing *

New Wireshark Vulnerability Enables DoS Exploits *

Dark Web Listing Claims Sale of Exposed Odoo Employee Database *

PathWiper destructive Malware deployed to obstruct Ukrainian operations *

Dell PowerScale Flaw Lets Attackers Gain Unauthorized Access to Filesystem *

VMware NSX XSS Flaw Allows Remote Attackers to Inject Malicious Code into Systems *

WordPress Administrators Alerted to Credential-Stealing Cache Plugin *

Data Breach at Media Giant Lee Enterprises Impacts 39,000 Individuals *

Critical Cisco ISE Vulnerability Impacts AWS, Azure, and OCI Cloud Environments *

Eleven11bot Botnet Hijacks 86,000 IP Cameras for Massive DDoS Assault *

Stealthy ‘Sleeper Agent’ Browser Extensions Found on Over 1.5 Million Devices Worldwide *

SCATTERED SPIDER Hackers Exploit IT Teams, Bypass MFA with Social Engineering *

Crocodilus Android Trojan Expands to Eight Countries, Targeting Banks and Crypto Wallets *

Chaos RAT disguised as Network tool targets Windows, Linux systems via Phishing *

AMOS macOS Stealer Uses Clickfix Exploit to Sneak Malicious Code Past Defenses *

35,000 Internet-Exposed Solar Power Systems at Risk of Cyberattacks *

Luxury Retail Giant Cartier Discloses Customer Data Breach *

Thousands Affected by Credential Stuffing Attack on The North Face *

AI-Powered Microsoft Defender Blocks 120,000 Attacks in Six Months *

Sensitive Configuration Files at Risk Due to IBM QRadar Vulnerabilities *

Google Fixes Third Actively Exploited Chrome Zero-Day Vulnerability of 2025 (CVE-2025-5419) *

CISA Warns of Active Exploitation of ConnectWise ScreenConnect and Other Critical Flaws *

Cyberattackers impersonate Gitcode and Docusign sites to spread NetSupport RAT through Multi-staging Powershell scripting *

Android Devices Receive Critical Patch for GPU and Kernel Vulnerabilities *

10-Year-Old Roundcube RCE Vulnerability Threatens Millions of Servers *

Exploiting Safari’s JavaScript TypeError Vulnerability for Cross-Site Scripting (XSS) *

Black Owl Hacktivists Escalate Cyber Attacks on Russian Infrastructure *

Unauthenticated XML Injection Found in Apple’s iOS Activation Flaw *

Unpatched iOS Activation Flaw Exposes Devices to Silent Pre-Setup Attacks *

MainStreet Bank Data Breach Affects Customer Payment Cards *

Authentication Flaw in Instantel Micromate Puts Critical Infrastructure at Risk *

ModSecurity Bug Lets Attackers Exhaust Memory and Disrupt Web Services *

New Lyrix Ransomware Strain Exploits Advanced Evasion to Attack Windows Users *

Cybercriminals Exploit CAPTCHA Bypass to Automate Microsoft Account Creation *

Dameware Vulnerability Could Let Low-Level Users Gain Admin Access *

Critical HPE StoreOnce Vulnerabilities Expose Systems to Remote Code Execution and Authentication Bypass *

JINX-0132 Cryptojacking Campaign Exploits Devops Webservers via XMRig Mining Malware *

Android CVEs Reveal How Preinstalled Apps Compromise User Security *

EddieStealer Malware Spread Through ClickFix CAPTCHA Scam *

Critical Vulnerabilities Found in MediaTek Chipsets *

Realtek Bluetooth HCI Adaptor Vulnerability Poses Privilege Escalation Risk *

Urgent Patch Required for IBM InfoSphere DataStage Cleartext Vulnerability *

Qualcomm Urges Immediate Patching Amidst Active Adreno GPU Exploitation *

JavaScript Bundle Flaw Grants Unauthorized Access to Azure AD Tokens *

Severe Vulnerability in Denodo Scheduler Enables Remote Code Execution by Threat Actors *

Attackers Exploit Critical Remote Code Execution Flaw in Roundcube *

Critical Security Flaw in Open-Source Code Exposes GitHub Repositories *

Critical Security Flaws Leave CS5000 Fire Systems Vulnerable Worldwide *

Two Critical Linux Vulnerabilities Allow Credential Exposure via Core Dump Handlers *

Blockchain Technology Implementation to Defend Digtital threats *

Exploit Details for Critical Cisco IOS XE Flaw Now Public *

Conti Ransomware Gang Exposed Key Leaders Unmasked and Operations Revealed *

The Changing Landscape of DDoS Defense in 2025 *

UK Healthcare Organizations Targeted in Broad Cyber Campaign Exploiting Ivanti Flaw *

Major DDoS Attack on ASVT Causes Widespread Internet Outages in Moscow *

Massive Office 365 Breach Campaign Tied to Dadsec and Tycoon2FA Phishing Network *

Firebase and Google Apps Script Exploited in New Phishing Campaigns *

Maine and New Hampshire Hospitals Cut Services Following Cyber Incident *

Interlock Ransomware Strikes UK Using Newly Deployed NodeSnake RAT *

New Ubuntu and Red Hat Bugs Allow SUID Binary Memory Leaks *

LexisNexis Risk Solutions Reports Unauthorized Data Access Impacting Over 360,000 Individuals *

CISA Advised to Include CVE Origin and Exploit Conditions in KEV Entries *

Critical RCE and API Vulnerabilities discovered in vBulletin Template Engine *

Pure Crypter Bypasses Windows 11 24H2 Security Using Advanced Evasion Techniques *

Critical Icinga 2 Flaw Enables Certificate Forgery and Trust Bypass by Attackers *

Meta Blocks Foreign Influence Campaigns Exploiting Facebook and Instagram *

ConnectWise ScreenConnect Hit by Nation-State Cyberattack *

U.S. Sanctions Philippines-Based Funnull for Enabling Crypto Investment Scams *

Firefox 139.0.1 Hotfix Resolves NVIDIA Graphics Glitches on Windows *

Microsoft Entra Billing Roles Exploited by Attackers to Gain Elevated Access in Enterprises *

China-Linked Threat Actor Earth Lamia Targets Enterprise Platforms Across Asia *

Malicious PyPI Package Launches a Supply Chain Attack to Steal Solana Private Keys *

New Malware Exploit Evades Antivirus by Skipping PE Header in Windows *

Safari Fullscreen Exploit Enables Stealth Phishing Attacks to Capture User Credential *

Vulnerability in Nextjs Dev Server Results in Exposure of Developer Information *

EDDIESTEALER Malware Exploits Fake CAPTCHA to Target Windows Users *

North Korean IT Workers Use Legitimate Tools and Network Techniques to Bypass EDR Detection *

PumaBot Compromises IoT Devices Through SSH Credential Attacks *

Critical Argo CD Flaw Lets Attackers Manipulate Kubernetes Resources *

Phishing Campaign Exploits Nifty infrastructure Targets Corporate Users *

Apache Tomcat Vulnerability Exposes Weakness in CGI Servlet Access Controls *

SimpleHelp Flaws Exploited by DragonForce to Launch Widespread Ransomware Attacks *

Stealthy Windows RAT Avoids Detection for Weeks by Abusing Corrupted DOS and PE Headers *

Cybercriminals Use Malware Loaded Installers Posing as Popular AI Tools to Target Users *

ChoiceJacking A New USB-Based Threat to Mobile Device Security *

Woodpecker Tool to Find Security Issues in AI, Kubernetes, and APIs *

Massive Brute-Force Attack UTG-Q-015 Hits Government Web Infrastructure *

Exploitation of Supply Chain Vulnerabilities by APTs in Enterprise Environments *

Phishing Operation Exploits NetBird and OpenSSH to Breach Global Financial Leaders *

Dell Urges Immediate Update for PowerStore T Systems to Patch Critical Vulnerability *

Zanubis Android Malware Steals Banking Data and Enables Remote Device Control *

ChoiceJacking Flaw Lets Hackers Exploit Malicious Chargers on Android and iOS *

Hackers Exploit Craft CMS Flaw to Deploy Cryptocurrency Mining Malware *

XenServer VM Tools Security Flaws Allow Attackers to Execute Arbitrary Code *

OneDrive File Picker Flaw Exposes Full Cloud Access via OAuth Misuse *

AyySSHush Botnet Compromises 9,000 ASUS Routers via Persistent SSH Backdoor *

Silver RAT Malware Leveraging New Anti-Virus Evasion Methods to Execute Malicious Activities *

Firefox's Zero-Interaction libvpx Flaw: A Gateway for Arbitrary Code Execution *

Ransomware Attack Disrupts MathWorks Operations, Impacts MATLAB Users Globally *

Chrome 137 Launches with High-Severity Security Fixes and On-Device AI for Scam Detection *

Hackers Imitate OneNote Login Page to Steal Office 365 and Outlook Credentials *

DragonForce Ransomware Exploits SimpleHelp Vulnerabilities in MSP Supply Chain Breach *

Payroll Portal Phishing Scam Targets Employees via Google Searches *

TAG-110 Shifts to Macro-Enabled Word Templates in Espionage Campaign Targeting Tajikistan *

Critical Unpatched Vulnerability in TI WooCommerce Wishlist Plugin (CVE-2025-47577) *

Cybercriminals Exploit Fake DocuSign Alerts to Steal Corporate Information *

Luna Moth (Chatty Spider) Callback Phishing Campaign Targeting U.S. Organizations *

Service Outages at MathWorks Traced to Ransomware Breach *

Microsoft 365-Based Cyberattack Exploiting OAuth Redirection for Unauthorized Account Access *

Google Meet Impersonation Leads to Cross-Platform Malware via PowerShell Commands *

Critical GIMP Vulnerabilities Allow Remote Code Execution via Malicious Image Files *

Unsecured Firmware in Hardy Barth EV Stations Enables Full System Takeover *

Silver RAT Malware Uses Process Hollowing and Obfuscation to Evade Detection *

Adidas Data Breach Highlights Growing Threat of Third-Party Cyber Attacks in Retail Sector *

Oracle TNS Vulnerability Allows Unauthenticated Access to Sensitive System Memory *

vBulletin RCE Vulnerability Exposes Forums to Remote Attacks *

FBI Warns of Silent Ransom Group Impersonating IT Support to Infiltrate Victims *

Threat Actors Use Database Client Tools to Steal Sensitive Data from Compromised Systems *

Katz Stealer Malware Infects Systems via Phishing and Malicious Downloads *

Malicious Phishing Site Targeting DigiYatra Users *

Remote Command Injection Vulnerability Found in Meteobridge Web Interface *

Malicious npm and VS Code Extensions Exploit Open-Source Ecosystems *

DOUBLELOADER Malware Uses Game-Hacking Obfuscator ALCATRAZ to Evade Detection and Deliver RHADAMANTHYS *

Hacker Sells 500+ Databases on Dark Web, Exposing Sensitive User Data *

Critical Apache Tomcat Remote Code Execution Flaw Exposed with PoC *

Bitwarden Vulnerability Exposes Users to Malicious PDF Attacks *

Tenable Network Monitor Update Fixes Critical Privilege Escalation Vulnerabilities *

Thousands of Systems Compromised in Massive Cyber Campaign by TA-ShadowCricket *

Security Flaw in D-Link Routers, Update to Firmware 1.1.00.26 to Protect Against Exploits *

Ransomware Disrupts Nova Scotia Power Services and Leaks Sensitive Data *

Severe Security Bug in WSO2 Allows Arbitrary User Password Resets *

Over 184 Million User Passwords Exposed in Hacker-Managed Open Directory Leak *

Chihuahua Malware Exploits .NET to Steal Credentials and Exfiltrate Through Phishing *

Zero Trust Policy Flaw Allows Exploitation of Vulnerabilities and Tampering with NHI Secrets *

Critical Flaw in AutomationDirect MB-Gateway Exposes Industrial Networks *

Atlassian and GitLab Address Multiple High-Risk Flaws Admins Urged to Apply Updates *

Ransomware Hits Marlboro-Chesterfield Pathology, Exposing Over 235K Health Records *

Rapid7 Uncovers Stealthy Malware Campaign Delivering Winos 4.0 via Fake Apps *

Denial-of-Service in BIND DNS Paves Way for Critical Security Policy Bypass *

GitLab Duo AI Vulnerability Let Hackers Hijack Responses Using Hidden Prompts *

CISA Issues Warning on Widespread SaaS Exploits Using App Secrets, Cloud Flaws *

Critical ModSecurity Flaw Threatens Web Servers with DoS Attacks *

Critical Backdoor Vulnerability in NETGEAR DGND3700v2 Routers (CVE-2025-4978) Enables Full Remote Access Without Authentication *

Critical Flaws Exposed in ABB ASPECT Building Management System *

Threat Actor Sells Burger King Spain Backup System Exploit for $4,000 *

Chinese Nexus Hackers Exploit Critical Flaw in Ivanti Endpoint Manager Mobile *

TikTok Videos Exploited to Spread Vidar and StealC Malware via ClickFix Method *

Smart Contract Vulnerability Leads to Massive $223M Breach on Cetus Protocol *

Widespread Malicious NPM Packages Discovered Exfiltrating Data and Destroying Systems *

Apple Patches Critical XNU Kernel Vulnerability CVE-2025-31219 *

Operation Endgame II Disrupts DanaBot’s Global Malware Network *

New Windows Server 2025 Vulnerability Threatens Active Directory Environments *

Critical Vulnerability Found in GitLab Duo AI Assistant *

Leaked LockBit Data Reveals Affiliate Strategies and Ransomware Tactics *

Newly Discovered Fortinet Flaw Allows Attackers to Take Control Remotely *

Qakbot Malware Developer Allegedly Behind Widespread Ransomware Attacks *

Cybercriminals Compromise more than 50 brands to turn 5,500 Edge Devices into Honeypots *

CISA Warns of Threat Actors Exploiting Commvault Azure App to Exfiltrate Sensitive Data *

Severe Flaw in Netwrix Password Manager Allows Remote Code Execution by Authenticated Users *

AI-Assisted Discovery: SMB 0-Day Found in Linux Kernel via ChatGPT *

Versa Concerto Authentication Bypass Leads to Remote Code Execution *

Cisco Webex Vulnerability Exposes Users to HTTP Cache Poisoning Attacks *

Chinese Threat Actor Exploits Cityworks Vulnerability to Target U.S. Local Governments *

Fake Ledger Apps on macOS Stealing Crypto Wallet Seed Phrases *

Security Flaws in Chrome Allow Remote Execution of Malicious Code *

Malicious JavaScript Injected into PWAs to Target Mobile Users *

23 Million Coca-Cola Records Stolen in Major Data Breach, Everest Hacking Group Involved *

Cisco RADIUS Process Flaw in Identity Services Could Let Attackers Cause DoS *

Cellcom Acknowledges Cyberattack Behind Five-Day Network Outage *

Severe Security Flaw in Lexmark Printers Allows Remote Code Execution *

Self-Replicating Malware Targets Docker Containers for Crypto Mining and Persistent Infections *

Leaked 'Accenture Files' Reveal Global Projects Handling Billions of User Data *

PureRAT Malware Surges in 2025, Leveraging PureLogs to Target Russian Businesses *

Evolving 3AM Ransomware Tactics Mirror Black Basta and FIN7 Playbooks *

Kettering Health experiences a widespread system outage due to a ransomware attack *

Palo Alto Networks Discloses XSS Flaw Impacting GlobalProtect VPN Users *

Fake Kling AI Scam Exposes 6 Million Users to Sophisticated Malware in Global Cyberattack *

More Eggs Malware Exploits Job Applications to Distribute Malicious Payloads *

Hackers Exploit TikTok and Instagram APIs to Confirm Stolen Account Details *

Kimsuky threat group delivers XWorm RAT via powershell payloads *

AWS Default IAM Roles Expose Pathways for Lateral Movement and Cross-Service Exploitation *

Broadcom Patches Critical VMware Vulnerabilities Affecting ESXi vCenter and Workstation *

SideWinder Targets South Asian Governments with Geofenced StealerBot Malware Campaign *

Malicious Chrome Extensions Masquerade as Legitimate Tools to Exfiltrate Data and Hijack Sessions *

Hazy Hawk Campaign Exploits Dormant DNS CNAME Records to Hijack Trusted Subdomains *

SK Telecom Data Breach Malware Campaign Compromises USIM Data of 27 Million Users *

Critical DoS Vulnerability in Multer Threatens Millions of Node.js Applications *

Microsoft Patches High-Severity Bug in Windows 11 Admin Tools *

Security Flaw in O2 VoLTE Allows Geolocation of Call Recipients *

Microsoft Releases Emergency Update to Fix BitLocker Recovery Key Issue on Windows 10 *

Malicious npm Package Targets Koishi Chatbots, Stealing Sensitive Data Instantly *

The W3LL Phishing Kit initiates a widespread campaign targeting Outlook login credentials *

Prompt Injection Techniques Used to Evade AI-Powered Web Application Firewalls *

Chinese APT Mustang Panda Unveils Advanced EDR Bypassing Techniques *

Phishing Scam Tricks Users with Fake Zoom Invitations from Deceptive Domains *

Ivanti EPMM 0-day Vulnerability Actively Exploited in the Wild *

Cybercriminals Exploit AutoIT to Deploy Advanced Malware on Windows Systems *

Trojanised KeePass Installer Used to Deliver Cobalt Strike and Steal Credentials in Sophisticated Malware Campaign *

Critical Vulnerability in Auth0-PHP SDK Enables Brute Force Attacks on Session Cookies (CVE-2025-47275) *

Sophisticated Phishing Campaign Targets Kuwaiti and Gulf Sectors with Over 230 Deceptive Domains *

New Apple Kernel Vulnerability Affects Multiple iOS and iPadOS Versions *

Dairy Giant Arla Foods Suffers Cyber Disruption at German Plant *

Major Data Breach at UK Legal Aid Agency Compromises Sensitive Applicant Information *

Volkswagen Data Breach Major Security Flaws in Connected Car App Expose Personal and Vehicle Information *

Zero Day Attacks at Pwn2Own Trigger Firefox Security Update *

Trusted VMware Tool RVTools Compromised to Deliver Bumblebee Loader Malware *

Multi Stage Cyberattack Exploits Unpatched Confluence Servers via RCE and RDP Access *

ModiLoader Malware Campaign Strikes Windows PCs to Steal User Credentials *

BreachForums Admin Faces 700000 Penalty for Health Care Data Breach *

glibc Flaw Exposes Linux Systems to Local Code Execution Threats *

Critical UAF Vulnerability in Windows RD Gateway Enables Remote Code Execution *

PowerShell Driven Ransomware Targets Elon Musk Fans in Satirical CyberAttack *

High-Risk XXE Vulnerability Impacts WebDriverManager Java Library *

Critical Security Flaws Found in OpenText OBM CVE-2025-3476 and CVE-2025-3272 Require Immediate Patching *

Google Chrome Hit by Active Exploits: Urgent Patches Released *

Enterprise Platforms Fall as VMware Firefox Red Hatand SharePoint Hacked at Pwn2Own *

Cybercriminal Group INC Admits to Breaching South African Airways *

Duo Broadband Customer Data Exposed in CDG Ransomware Attack *

Critical Security Vulnerability in Rockwell Automation FactoryTalk Historian-ThingWorx Connector *

Critical Privilege Escalation Vulnerability Impacts Over 10,000 WordPress Eventin Sites *

Chinese Hackers Target Drone Supply Chain in Sophisticated Cyber Attacks *

Sophisticated NPM Malware Uses Google Calendar for Stealthy Command-and-Control *

Severe Vulnerability in Eventin Plugin Exposes 10000 WordPress Sites to Attack *

Procolored Software Update Contained RAT and Crypto Stealer *

Skitnet Malware Emerges as Powerful Post-Exploitation Tool for Ransomware Gangs *

Fileless PowerShell Attacks Use LNK Shortcuts and MSHTA to Deliver Remcos RAT *

New Branch Privilege Injection (BPI) Vulnerability in Intel CPUs *

HTTPBot Botnet Targets China's Gaming and Tech Sectors with Precision DDoS Attacks *

APT Group 123 Continues Targeting Windows Systems with Malicious Payload Campaign *

FrigidStealer Malware Targets macOS Users with Sophisticated Credential Theft *

VanHelsing Simulation Details How Affiliates Launch Coordinated Attacks *

Commit Stomping How Hackers Manipulate Git Timestamps to Rewrite Code History *

SonicWall SMA1000 SSRF Flaw Allows Remote Attackers to Exploit Encoded URLs *

Jenkins releases security update addressing vulnerabilities that threaten CI-CD pipelines *

Nucor Halts Operations at Multiple Facilities After Cybersecurity Breach *

Hackers Use Open Source Packages to Spread Malware in Supply Chain Attacks *

Hackers Use Google Services to Send Fake Law Enforcement Requests *

CISA Issues Warning on Five Actively Exploited Zero-Day Vulnerabilities in Windows Systems *

Fileless PowerShell Malware Evades Detection by Antivirus and EDR Tools *

Advanced .NET Multi-Stage Loader Targets Windows to Deliver Malware Payloads *

Hackers Exploit Coinbase Employees, Leading to $400 Million Data Exposure *

Nova Scotia Power Confirms Data Breach, Offers Credit Monitoring to Affected Customers *

Google Patches Actively Exploited Chrome Vulnerability CVE-2025-4664 *

BitLocker Threat: Bitpixie Vulnerability Enables Fast Encryption Bypass *

Node.js Vulnerability Exposes Systems to Process Crashes and Service Disruptions *

Russian hackers are using a new security flaw in MDaemon to attack webmail servers *

Hackers Turn to Xanthorox AI for Automated Phishing and Malware Campaigns *

Horabot Malware Campaign Targets Latin America Through HTML Phishing *

Google Alerts U.S. Retailers of Rising Threat from Scattered Spider Tactics *

Critical Adobe Illustrator Flaw Allows Remote Code Execution by Attackers *

Remote Code Execution Vulnerability in Outlook Could Enable Code Execution *

Earth Ammit Cyber Campaigns Target Taiwan and South Korea’s Defense and Tech Sectors *

Cyberattack Disrupts Operations at Nucor, Largest U.S. Steel Producer *

Australian Human Rights Commission Exposes Documents to Search Engines *

BianLian and RansomExx Exploit SAP NetWeaver Vulnerability to Deploy PipeMagic Trojan *

Samsung Fixes CVE-2025-4632 Vulnerability Exploited by Mirai Botnet Through MagicINFO 9 *

Microsoft Alerts Users to AD CS Vulnerability Enabling Network-Wide Denial-of-Service Attacks *

Microsoft Issues Patch for Defender Vulnerability Allowing Local Privilege Escalation *

Exploiting GovDelivery for TxTag Toll Charge Phishing Scam *

Swan Vector APT Targets East Asian Organizations Using Spear-Phishing and Stealthy DLL Implants *

Marks & Spencer Confirms Data Breach Following Cyberattack on Customer Systems *

Hackers Exploit KeePass to Distribute Malware and Steal User Credentials *

Threat Actor Used Fake Solana Tool on PyPI to Extract Source Code from 761 Downloads *

Critical Fortinet RCE Flaw (CVE-2025-32756) Actively Exploited in FortiVoice and Other Devices *

Microsoft Patch Tuesday Security advisory- May 2025 *

Ongoing North Korean Cyber Campaigns Targeting Ukraine and South Korea *

Dior Alerts Chinese Customers After Cyberattack *

Intel CPUs Affected by New Branch Privilege Injection Vulnerability *

Public Alert on Fraudulent Online Investment Scheme Dismantled by Authorities *

North Korean Nationals Indicted for Massive Remote IT Job Fraud *

Ivanti Releases Critical Security Update for EPMM After Limited Exploits Discovered *

Persistent Firmware Key Management Failures Weaken Intel Boot Guard and UEFI Secure Boot *

CISA Warns of Stealth Functionality Flaw in TeleMessage TM SGNL *

XSS Vulnerability in VMware Aria May Lead to Access Token Theft *

Hackers Exploit PyInstaller to Deliver Stealthy Info-Stealing Malware on macOS *

DriverHub Vulnerability in ASUS Software Exposes Systems to Privilege Escalation Attacks *

DDoS Attacks Used as Cover for Data Breaches by Cybercriminals *

Apple Issues Security Updates to Address Severe Data Exposure Vulnerabilities *

North Korean Attackers Use Malicious LNK Files to Target Activists *

Lumma Stealer Adopts PowerShell and Sophisticated Tactics in Latest Evolution *

iClicker Website Compromised to Deliver Malware to Students via Fake CAPTCHA Page *

Hackers Begin Testing ClickFix Attacks on Linux Systems *

Zero-Day Flaw in Output Messenger Exploited in Espionage Campaigns *

Fake AI Tools Used to Spread Malware *

Threat Actors Use JPEG Images to Deliver Undetectable Ransomware Payloads *

Hackers Leverage Cobalt Strike Beacon to Obtain Microsoft Entra Refresh Tokens in New Exploit *

RATty Malware Campaign Targets Southern Europe via Sophisticated Phishing Scheme *

ASUS DriverHub Patches Critical Remote Code Execution Vulnerabilities *

New Phishing Technique Exploits Blob URLs to Bypass Secure Email Gateways and Evade Detection *

Google Researchers Highlight Critical Mach IPC Flaws in macOS Sandbox *

Hackers Leverage Copilot AI to Access Restricted SharePoint Content *

Hackers Exploiting Microsoft Entra ID Legacy Protocols to Bypass MFA and Conditional Access Controls *

Critical Vulnerabilities In Mitel SIP Phones Allows Attackers to Inject Arbitrary Commands *

Metasploit Update Introduces Erlang/OTP SSH Exploit and OPNSense Vulnerability Scanner *

Wormable Linux Rootkit Spreads Across Systems to Steal SSH Keys and Escalate Privileges *

Threat Actors Target Job Seekers with Sophisticated Recruitment Scams *

Advanced PhaaS Toolkits Now Generating Highly Realistic Phishing Pages *

PupkinStealer Malware Exploits .NET to Steal Credentials and Exfiltrate Through Telegram *

Critical Azure and Power Apps Flaws Enable Privilege Escalation and Data Exposure *

Mitel SIP Phones Exposed to Critical Vulnerabilities: Command Injection and File Upload Risks *

DOGE Employee's System Breached by Info-Stealer Malware, Data Security at Risk *

Google Search and Chrome Get AI Upgrade to Detect Sophisticated Scam Tactics *

Critical CloudVision ZTP Vulnerability Patched by Arista, Earning CVSS 10 Score *

Helpdesk Under Siege: Hackers Exploit IT Support Portals for Initial Access *

Stealthy .NET Malware Embeds Payloads in Bitmap Files to Evade Detection *

SAP Systems Under Attack: Chinese Hackers Exploit Critical RCE Vulnerability *

Brazilian Executives Targeted by Initial Access Brokers Using NF e Spam and Legit RMM Trials *

OtterCookie v4 Now Detects Virtual Machines and Steals Chrome, MetaMask Credentials *

U.S.-Dutch Operation Dismantles 7,000-Device Proxy Botnet Leveraging IoT and End-of-Life Systems *

Malicious npm Packages Backdoor Over 3,200 Cursor Users, Steal Credentials *

Threat Actors Exploit WinRM to Evade Security Measures in Active Directory Networks *

SEO Poisoning Attack Uses Trusted IT Tools to Distribute Malware to Professionals *

Security Flaw in Apache ActiveMQ Immediate Action Required to Prevent DoS Attacks *

Critical macOS Vulnerability CVE-2024-44236 Enables Remote Code Execution via Malicious ICC Profiles *

Attackers Leverage Host Header Injection for Web Application Breaches *

Severe Flaw in Ubiquiti UniFi Protect Cameras Enables Remote Code Execution *

New Spam Campaign Exploits Remote Monitoring Software to Infiltrate Organizations *

New Scam Exploits X Twitter Ad URL Display Flaw to Deceive Users *

Critical Flaws in Radware Cloud WAF Enable Bypass of Security Filters *

38,000+ FreeDrain Subdomains Used in SEO Scam to Steal Crypto Wallet Seed Phrases *

Insight Partners Confirms Data Breach Exposing Investor Information *

Kickidler Employee Monitoring Software Exploited in Ransomware Attacks *

Critical Microsoft Bookings Flaw Allowed HTML Injection and Meeting Manipulation *

LockBit Ransomware’s Internal Data, Wallets, and Passwords Leaked in Major Breach *

Remote Reboot Vulnerability in Cisco IOS, IOS XE, and IOS XR *

Critical Cisco IOS XE Wireless Controllers Flaw Grants Attackers Full Device Control *

Healthcare Sector Becomes Leading Target for Cyber Attacks in 2025 *

CoGUI Phishing Platform Sent 580 Million Emails in Massive Credential Theft Campaign *

Europol Dismantles Six DDoS-for-Hire Platforms Involved in Worldwide Cyberattacks *

OttoKit WordPress Plugin with Over 100K Installs Targeted by Exploits Leveraging Multiple Vulnerabilities *

Lampion Malware Exploits ClickFix Tactics to Steal Banking Information *

North Korean Hackers Exploit Trusted Vendor in $1B Crypto Theft, Researchers Reveal *

Critical CVE-2025-25014 Vulnerability in Kibana Allows Remote Code Execution via Prototype Pollution *

Samsung MagicINFO 9 Server RCE Vulnerability (CVE-2024-7399) Under Active Exploitation *

Hackers Target Educational Institutions in New Mexico with Cyber Attacks *

Apache Parquet Exploit Tool Identifies Servers Vulnerable to Critical Flaw *

Exploitation of Remote Code Execution Flaw in Samsung MagicINFO 9 Server Confirmed in Recent Attacks *

Hackers Use Fake Chrome Error Pages to Deliver Malicious Scripts to Windows Systems *

Hackers Target HR Teams with Fake Resumes to Spread More_eggs Malware *

Microsoft Warns Default Helm Charts May Expose Kubernetes Applications to Data Leaks *

CISA Warns of Active Exploits in Critical Langflow API Vulnerability *

Unauthorized Messaging App Used by Trump Aide Compromised in Data Breach *

Babuk Ransomware Deployed via SentinelOne Evasion by Stealthy Threat Actor *

Hackers Exploit 21 Popular Extensions to Seize Control of Ecommerce Servers *

Critical Zero Click Vulnerability in Microsoft Telnet Exposes Windows Systems to Credential Theft *

Ransomware Group DragonForce Targets UK Retailers in Major Data Breaches *

Email Validation Flaws Lead to XSS and SSRF in Major Web Apps *

Darcula PhaaS Leverages Phishing Texts to Steal 884000 Credit Cards *

Commvault CVE-2025-34028 Added to CISA KEV Following Confirmed Active Exploitation *

Zero-Click AirPlay Vulnerabilities Allow Wormable RCE on Apple Devices Over Public Wi-Fi *

Claude AI Misused in Coordinated Influence-as-a-Service Campaigns *

Luna Moth Launches New Social Engineering Attacks via Phony Helpdesk Sites *

Critical Bugs in SonicWall SMA Let Hackers Steal Data and Execute Admin Commands *

National Cyber Security Centre Alerts UK Organisations to Ransomware Risks *

Critical Webmin Flaw Allows Remote Privilege Escalation to Root Access *

Remote Code Execution Risk in Apache Parquet Java Through Malicious Avro Schemas *

SocGholish Toolset Powers RansomHub’s Web-Based Credential Attacks *

Stealerium Malware Campaign Leverages Tax Documents to Infiltrate U.S. Systems *

TerraStealer Campaign Exposes Users to Widespread Data Exfiltration *

CISA Warns of Critical Auth Bypass Flaws in KUNBUS Revolution Pi Devices *

Black Kingdom Ransomware Operator Charged in U.S. for Hacking Microsoft Exchange Servers *

Hackers Exploit Malicious PDFs to Deploy Remcos RAT on Windows Systems *

Disk-Wiping Linux Malware Spread Through Malicious Go Modules in Supply Chain *

Luna Moth Launches Callback Phishing Attacks on U.S. Legal and Financial Sectors *

Corporate Insider Threat: North Korean IT Workers Embedded in Major Companies *

New MintsLoader Campaign Delivers GhostWeaver Malware Through Phishing and ClickFix Exploits *

Magento Supply Chain Attack Hits Hundreds of E-Commerce Stores *

DragonForce Ransomware Hits Co-op, Customer Data Stolen *

Ascension Reveals Data Breach Possibly Connected to Cleo Cyberattack *

Cyberattack Disrupts Nova Scotia Power IT Systems *

SonicWall Issues Urgent Patch for SMA1000 Series Due to SSRF Flaw *

NVIDIA Patches Critical Vulnerability in TensorRT-LLM *

Malicious Python Packages on PyPI Leverage Gmail SMTP for Unauthorized Access *

LFI Vulnerability Detected in Multiple Windows Versions of Couchbase Server *

Ukrainian Suspect Extradited to U.S. in Connection with Nefilim Ransomware Campaigns *

Dutch Public Organizations Targeted by DDoS Attacks from Pro-Russia Hacktivists *

Cyberattack Targets Harrods in Latest UK Retail Breach *

Critical Use-After-Free Vulnerability (CVE-2025-47154) in Ladybird’s LibJS Engine Enables Arbitrary Code Execution *

Commvault Admits Hackers Used CVE-2025-3928 Zero-Day in Azure Environment Breach *

WordPress Sites Compromised by Fake Security Plugin in Global Attack *

DarkWatchman and Sheriff Malware Secretly Attack Russia and Ukraine Using Advanced Hacking Methods *

High-Severity RCE Vulnerability Found in Apache ActiveMQ NMS *

SonicWall Appliances Face High Risk as Critical Vulnerability is Actively Exploited by Threat Actors *

SonicWall Connect Tunnel Flaw Exposes Systems to DoS and File Corruption Attacks *

Nitrogen Ransomware Deploys Cobalt Strike and Log Wipers in Targeted Organizational Attacks *

Investment Scam Actors Employ Sophisticated DNS Tactics and RDGAs *

Fake CAPTCHA Lures Used to Deploy Stealthy NodeJS RAT in Evolving KongTuke Campaign *

TheWizards APT Leverages Spellbinder Tool for IPv6-Based Software Update Hijacking *

Malicious WordPress Plugin Masquerading as Security Tool Installs Backdoor *

IPv6 Vulnerability Enables Attackers to Hijack Software Updates *

AiTM Phishing Campaigns Bypass MFA with Credential and Session Token Hijacking *

Security Fixes Released by Mozilla for Firefox should be updated by Users *

Privilege Escalation Vulnerability Discovered in Avast Antivirus *

OrbitShade: Cyber Shadows in Space – The Rise of Satellite Sabotage *

PowerDNS DNSdist Flaw Enables Remote Denial-of-Service Attacks *

Tsunami Malware Wave Hits Harder with Stealthy Miners and Info-Stealers *

Unpatched Windows LNK Flaw Allows Silent Remote Code Execution – Proof of Concept Available *

Scattered Spider Suspected Behind Major Cyberattack on Marks & Spencer *

PurpleHaze Cyber Espionage Targets SentinelOne and South Asian Government *

Uyghur Activists Targeted by Windows Malware in Sophisticated Campaign *

Zero-Day Exploits Rise in 2024, Over Half Tied to Spyware Attacks *

Hitachi Vantara Targeted in Akira Ransomware Attack, Systems Taken Offline *

Apple 'AirBorne' Vulnerabilities Enable Zero-Click Remote Code Execution via AirPlay *

France Links Russian APT28 Hackers to 12 Cyberattacks on French Organizations *

SK Telecom Offers Free SIM Replacements to 25 Million Customers After Cyberattack *

Google Reports 75 Zero-Day Exploits in 2024, with 44 percent Targeting Enterprise Security Tools *

Apache Tomcat Vulnerability Allows DoS Attacks by Skipping Security Validations *

High-Severity Linux Kernel Vulnerability Enables Privilege Escalation *

4800 IP Addresses Linked to Global Campaign Against Git Configurations *

Cloudflare Defends Against Unprecedented Number of DDoS Attacks in 2025 *

Kali Linux Update Failure Imminent Due to Repository Signing Key Change: Users Must Manually Install New Key *

RansomHub Deploys Malware to Compromise Business Networks *

Threat Actors Exploit Valid Account Access Through Phishing Attack *

CISA Alerts on Active Exploitation of Commvault Web Server Vulnerability *

CISA Flags Critical Broadcom Brocade Fabric OS Vulnerability in Exploited Flaws Catalog *

Earth Kurma APT Targets Southeast Asian Governments and Telecoms with Sophisticated Malware *

Hackers Exploit Major Craft CMS Vulnerabilities, Potentially Compromising Hundreds of Servers *

Over 1,200 SAP NetWeaver Servers at Risk Due to Actively Exploited Vulnerability *

Phishing Campaign Impersonates WooCommerce Updates to Install Site Backdoors *

Zero-Day Vulnerability in Viasat Modems Allows Remote Code Execution by Attackers *

The Hidden Cyber Risks Behind Australia’s Election Spotlight *

Critical FastCGI Library Flaw Puts Embedded Devices at Risk of Remote Code Execution *

React Router Patch Urged as Spoofing and Data Injection Flaws Surface *

CISA Issues Alert on Major Security Risks in Planet Technology Devices *

Cybercriminals Market Advanced HiddenMiner Malware on Dark Web Forums *

Leveraging Digital Forensics to Enhance Organizational Cybersecurity Resilience *

Planet Technology Industrial Switch Vulnerabilities Expose Systems to Full Takeover *

Weekly Cyber Intelligence Report Attacks and Vulnerability Highlights *

Two Ransomware Attacks Expose Data of 1.1 Million Patients *

Critical IXON VPN Flaws Allow Attackers to Compromise Windows and Linux Systems *

Storm-1977 Exploits Education Cloud, Deploys 200+ Crypto Miners with AzureChecker *

Massive Data Breach Hits 4chan, Exposing Internal Systems and User Information *

Major API Security Lapse Exposes Confidential Employee Information *

Lazarus Group Launches 'Operation SyncHole' Against South Korean Industries *

Python h11 HTTP Library Vulnerable to Request Smuggling (CVE-2025-43859) *

ToyMaker Uses LAGTOY to Help CACTUS Ransomware Gangs in Double Extortion *

Fake WooCommerce Security Patches Hijack Admin Sites *

Two Major Jailbreaks Reveal Widespread Security Flaws in Generative AI Systems *

Warning to Gamers: New AgeoStealer Malware Targets Gaming Community *

Threat Actors Launch Ransomware Attacks Against Organizations in Thailand *

Microsoft Defender XDR False Positive Incident Exposes Over 1,700 Sensitive Documents *

MTN Confirms Cyberattack Exposed Customer Data *

Zero-Day Attack Leveraging Craft CMS RCE Vulnerability for Data Exfiltration *

North Korean Actors Use Fake Crypto Firms to Spread Malware in Job Scams *

Hackers Exploit OAuth 2.0 Flows to Hijack Microsoft 365 Accounts *

MTN Reports Cyberattack That Exposed Customer Data *

DslogdRAT Malware Exploits Ivanti ICS Zero-Day (CVE-2025-0282) in Japan-Based Attacks *

Static Vulnerability Discovered in Ruby Servers, Posing Data Breach Risks *

Hackers Target MS-SQL Servers to Deploy Malware and Gain Remote Access *

Google Chrome Affected by Actively Exploited Use-After-Free Vulnerabilities *

Yale New Haven Health Suffers Major Data Breach Impacting 5.5 Million Patients *

New Android Malware Disguised as Mapping App Targets Russian Military *

Frederick Health Confirms Cyberattack Impacting Over 930000 Patients *

Lazarus Group Targets Six South Korean Companies Using CrossEX, Innorix Bugs and ThreatNeedle Malware *

New Linux Rootkit Exploits io_uring to Bypass Syscall-Based Threat Detection *

Critical SAP NetWeaver Zero-Day Exploited in the Wild to Deploy Webshells and C2 Frameworks *

SVG Files Weaponized in Sophisticated Script in the Shadows Phishing Attacks *

Stego-Campaign Exploits Office Flaw and Steganography to Deliver AsyncRAT Covertly *

Hackers Leverage Ivanti Connect Secure 0-Day to Deliver DslogdRAT and Web Shell Payloads *

Google Alerts of Rising Cyber Threats as Sophisticated Attackers Exploit Zero-Days and Target Cloud Systems *

Redis DoS Vulnerability Can Lead to Server Crashes and Memory Exhaustion *

North Korean Hackers Pull Off $137M TRON Heist in One-Day Phishing Scam *

WhatsApp Boosts Privacy as Meta Faces EU Fine *

Critical Unauthenticated RCE Vulnerability Discovered in Commvault Command Center (CVE-2025-34028) *

Threat Actors Exploit TAG-124 Infrastructure to Distribute Malware *

Iran Aligned Hackers Deploy MURKYTOUR Malware in Fake Job Scheme Targeting Israel *

New SMS Phishing Scam Uses Google AMP Links to Bypass Security Filters *

Critical Synology DSM NFS Vulnerability Allows Unauthorized File Access *

Official Ripple XRPL NPM Package Compromised to Spread Private Key-Stealing Malware *

Security Researchers Reveal Major Design Flaws in Crypto Wallet Extensions *

Critical Vulnerability in FireEye EDR Enables Unauthorized Code Execution *

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Supporters Through Signal and WhatsApp *

Security Flaws in Zyxel USG FLEX H Series Firewalls Expose Devices to Privilege Escalation Attacks *

SK Telecom Cyberattack Exposes Sensitive USIM Data *

Docker Malware Exploits Teneo Node for Crypto via Fake Heartbeats *

IBM HMC Flaws Allow Local Privilege Escalation, Patches Released *

Critical Active Mail Zero Day Exploited in Widespread Attacks Across Japan 2 2 *

Marks Spencer Confirms Cyberattack Amid Order Delays for Customers *

Sophisticated Google Phishing Attack Exploits Infrastructure for Credential Theft *

Microsoft Enhances Security with Azure Confidential VMs and New Resilience Measures *

GCP Cloud Composer Vulnerability Allowed Privilege Escalation Through Malicious PyPI Packages *

Conduent Cyberattack Exposes Personal Data, Impacts Government Services *

Japan Raises Alert Over Hackers Draining Millions from Online Trading Accounts *

Cracked and BreachForums Attempt Comebacks Amid Cybercrime Market Turmoil *

FBI Warns of Impersonation Scam Involving Fake IC3 Officials *

WinZip Vulnerability Allows Silent Execution of Malicious Code by Bypassing Mark-of-the-Web *

Major Security Flaw in Windows Update Stack Allows Code Execution and Privilege Escalation *

Cybercriminals Exploit Russian Host Proton66 for Malware Delivery *

Critical Vulnerability in HPE Performance Cluster Manager Allows Unauthorized Access *

Lotus Panda Deploys Stealth Malware Attacks on Southeast Asian Governments *

SuperCard X Android Malware Facilitates Contactless ATM and PoS Fraud Using NFC Relay Attacks *

Hackers Leverage Stolen Credentials and Private Keys for Organizational Breaches *

New Obfuscation Technique Helps Hackers Bypass Antivirus and EDR *

Hackers Advertise ‘Baldwin Killer’ Malware Designed to Bypass Antivirus and EDR Systems *

Infostealer Attacks via Phishing Emails Surge Weekly *

Cybercriminals Disguise FOG Ransomware as DOGE Cryptocurrency in Malicious Email Campaigns *

Akira Ransomware Escalates Attacks Leveraging Stolen Credentials and Legitimate IT Tools *

Critical Speedify VPN Vulnerability on macOS (CVE-2025-25364) Allows Root Command Injection and System Takeover *

APT41’s RedGolf Infrastructure Briefly Exposed in Fortinet Zero-Day Attacks on Shiseido *

Yokogawa Recorders at Risk from Critical Flaw in Default Security Settings *

Critical Remote Code Execution Vulnerability in PyTorch (CVE-2025-32434) *

Kimsuky APT Leveraging RDP Flaws and Office Exploits in Precision Cyber Operations *

Cisco Webex Vulnerability Under Attack as ‘Voldemort’ Malware Spreads Globally *

Phishers Exploit Google OAuth in DKIM Replay to Impersonate Official Google Emails *

Threat Actors Exploit Zoom Remote Control Feature to Gain System Access *

Phishers Exploit Google OAuth for DKIM Replay Attacks, Spoofing Google *

APT29 Uses GRAPELOADER Malware in Wine-Tasting-Themed Attacks on European Diplomats *

Ransomware Attack on Harvest SAS Goes Public with Data Leak *

Nation-State Hackers Ramp Up Espionage Efforts Using ClickFix Exploit Technique *

ASUS Urges Firmware Update as Critical AiCloud Router Vulnerability Confirmed *

Malicious NPM Packages Imitate Telegram Bot API to Install SSH Backdoors on Linux Machines *

Gorilla Android Malware Steals OTPs by Intercepting SMS *

Malicious Android App Steals Credit Card Data via NFC Relay Attacks *

DOGE Accused of Breaching U.S. Security and Leaking Sensitive Documents *

KeyPlug Malware Infrastructure Leak Exposes Tools for Fortinet Firewall and VPN Exploitation *

Microsoft Warns of Sophisticated Attacks Targeting Exchange and SharePoint Servers *

GitHub Patches Critical Vulnerabilities in Enterprise Server, Urges Immediate Updates *

Upgraded MysterySnail RAT Targets Russian and Mongolian Governments *

Critical RCE Vulnerability Discovered in AnythingLLM *

CISA Alerts on Ongoing Exploitation of Critical Windows NTLM Flaw *

Interlock Ransomware Gang Distributes Fake IT Utilities in ClickFix Campaign *

Cisco Webex Vulnerability Allows Remote Code Execution via Meeting URLs *

Critical Auth Bypass Vulnerability Found in ASUS Routers with AiCloud *

GoDaddy Registry Error Causes Global Disruption of Zoom Services *

Over 6 Million Chrome Extensions Can Run Remote Commands on Users Browsers *

Legends International Reports Security Breach – Customer Data Compromised *

Hackers from CrazyHunter Group Exploit GitHub Resources to Breach Organizations *

Advanced Phishing Attack Uses Layered Techniques to Spread Malware *

Critical Flaw in GenAI Integration Protocol Exposes Systems to Attacks *

Ghost Ransomware Campaign Hits Organizations in Over 70 Countries *

CISA Urges Immediate Action on Exploited SonicWall Vulnerability *

Google Cracks Down on AI-Powered Ad Scams, Suspends 700K Accounts *

Advanced Malware Threat: Agent Tesla Delivered Using Script-Based Attack Vectors *

Chinese APT Group Mustang Panda Utilizes Advanced Techniques to Bypass EDR *

Unsecured API Endpoints Result in 33K Employee Record Breach *

Data Breach Hits Landmark Admin, Over 1.6 Million Users Affected *

Symlink Backdoor Found on Over 16,000 Compromised Fortinet Devices *

Apple Confirms Active Exploitation of Two iOS Zero-Day Flaws in Complex Attacks *

Windows Task Scheduler Bugs Let Attackers Evade UAC and Modify Logs *

Firefox 137.0.2 Patches High-Severity Race Condition Vulnerability Leading to Memory Corruption *

Gamma AI Platform Exploited in Sophisticated Phishing Campaign to Spoof Microsoft SharePoint Logins *

New Server Side Phishing Scam Targets Employee Portals *

Fake PDFCandy Converter Sites Distribute Info-Stealing Malware *

Erlang or OTP SSH Server Hit by Severe RCE Vulnerability (CVE-2025-32433) *

Hacktivists Turn Sophisticated, Deploy Ransomware Against Critical Infrastructure *

Critical Windows 11 Vulnerability Enables Rapid Privilege Escalation *

Turkish IT Firm Linked to ‘Araneida’ Web Hacking Service *

Emerging Threats: Unconventional Malware Trends *

Python Malware Masquerading as Coding Challenges Targets Crypto Developers *

Rising Cloud Threats: Attackers Intensify Focus on IAM and Data Exfiltration *

Major European Operation Targets Organized Crime Networks *

Malicious PyPI Package Hijacks MEXC API to Steal Credentials and Manipulate Trades *

Chinese APT UNC5174 Targets Linux and macOS with SNOWLIGHT Malware and VShell Tool in Stealthy Cyber Espionage Campaign *

Landmark Admin Data Breach Exposes Information of 1.6 Million People *

Russia-Linked Hackers Use New GrapeLoader Malware in Embassy Phishing Scam *

Google Chrome Flaws Expose Users to Data Theft and System Compromise *

AI Exploit Enables Creating Realistic Fake Passports with ChatGPT Image Generation *

BPFDoor: The Hidden Malware Spying on Networks *

Vulnerability in Apache Roller Allows Unauthorized Access *

DOGE 'Big Balls' Ransomware Employs ZIP LNK Shortcuts and BYOVD for Stealth *

Critical Flaws Found in Crush FTP Server *

Cloud Misconfigurations: A Major Driver Behind Data Breaches *

Microsoft Teams File Sharing Disruption Users Facing File Sharing Issues *

Galaxy S24 Quick Share Vulnerability Allows Attackers to Create Arbitrary Files *

WordPress Plugin with 100K+ Installs Targeted in Cyberattack 4 Hours Post-Disclosure *

Educational Institutions Emerging as Prime Targets for Cyber Threats *

NVIDIA Toolkit's Incomplete Fix for CVE-2024-0132 Still Enables Container Escape Attacks *

Cybercriminals Exploit Microsoft Teams Chats to Spread Malware to Windows Systems *

Threat Actor Claims to Sell Zero-Day Exploit Targeting Fortinet Firewalls *

AI-Generated Package Hallucinations Pose Emerging Threat to Software Supply Chains *

Morocco Probes Major Data Breach Allegedly Orchestrated by Algerian Hackers *

European’s GDPR Article 7 Poses New Challenges for Businesses to Secure AI-Generated Image Data *

SSL/TLS Certificates Set to Expire Every 47 Days by 2029 *

DaVita Hit by Weekend Ransomware Attack, Patient Care Continues Amid Investigation *

Conduent Confirms Client Data Breach from January Cyberattack *

Critical Ivanti VPN Flaws Exploited by Chinese APT Group *

Hertz Confirms Data Breach Involving Sensitive Customer Information *

Slow Pisces Hackers Target Developers with Python Malware and Coding Challenges *

Cyber risks in aviation are increased by vulnerable software and aging technology *

IBM Aspera Faspex Bug Lets Hackers Inject Harmful Code into Website Interface *

ResolverRAT Malware Campaign Strikes Global Pharma and Healthcare Sectors *

NASCAR Urged to Enhance Cybersecurity After Medusa Ransomware Strike *

Windows Server 2025 Restart Issue Disrupts Active Directory Domain Controller Connectivity *

Pakistan-Backed Threat Group Broadens Attacks in India Using CurlBack and Spark RATs *

Severe Security Flaw in Langflow Allows Remote Takeover of Servers *

Urgent Security Flaw in Yii 2 PHP Framework Affects Millions of Websites *

CVE-2025-27840: ESP32 Exploit Threatens Bitcoin Wallet Security Worldwide *

Gladinet’s CentreStack File sharing platform under zero-day Attack *

Houthi-Linked Influence Campaign Targets Israel and Gulf States via Facebook Disinformation *

Apache SeaTunnel Bug Allows Unauthenticated File Access & Code Execution *

Ransomware and Hacktivist Threats Targeting Satellite and Space Industries *

Smishing Triad eCrime Group Targets 121+ Countries with Advanced Smishing *

FortiGuard Labs Warns of Malicious NPM Packages Targeting PayPal Users *

Critical Heap Buffer Overflow Found in Perl – CVE-2024-56406 *

Jupyter Remote Desktop Proxy Vulnerability Allows Unauthorized Network Access to TigerVNC *

Npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transactions *

TROX Stealer MaaS Campaign Exploits Urgency Themes to Exfiltrate Consumer Data *

Widespread Smishing Scam Targets Toll Road Users Payment Information *

Cyberattack Forces Shutdown of Oregon Environmental Agency's Network *

Data Breach Confirmed by South African Telecom Provider Serving 7.7 million Subscribers *

Chrome 136 Patches Two-Decade-Old Browser History Privacy Flaw *

HelloKitty Ransomware Resurfaces, Now Targeting Windows, Linux, and ESXi Systems *

Massive Data Breach Hits Morocco’s Social Security Systems *

AI-Generated Code Dependencies Emerge as a New Supply Chain Threat *

Cyber Attackers Replicate Google Chrome Install Page to Spread Android Malware on Fake Google Play Sites *

Massive Health Data Breach Hits 1.6 Million at US Lab Testing Company *

Cybercriminals Alter Search Results to Direct Users to Malicious Sites *

Tycoon2FA Phishing Kit Unleashes New Tactics to Target Microsoft 365 Accounts *

Zero-Day Exploits Used in Ongoing Attacks Targeting Semiconductor Companies *

Western Sydney University Reports Cybersecurity Incident Involving Data Leak *

Hackers Attack Business Networks Via Router Vulnerabilities *

Palo Alto Networks Alerts on Brute-Force Attacks Aimed at PAN-OS GlobalProtect Portals *

Fortinet Issues Urgent Warning Over Ongoing FortiGate Exploitation *

Microsoft Warns: Do Not Delete 'inetpub' Folder Created by Windows Security Update *

GOFFEE Launches Coordinated Attacks Using PowerModul on Government and Energy Systems *

WordPress Sites at Risk Due to Critical InstaWP Connect Plugin Vulnerability *

Ransomware Attack Disrupts Sensata Technologies' Operations *

High-Severity Flaw in Popular WordPress Plugin OttoKit Under Active Exploitation *

AkiraBot: AI-Powered Spam Framework Targets 400K+ Websites with Sophisticated SEO Scam *

Gamaredon Breached a Western Military Mission in Ukraine *

Trend Micro Uncovers Incomplete Fix for Critical NVIDIA Container Toolkit Flaw *

TP-Link Smart Hub Security Flaw Leaks Wi-Fi Credentials *

Pakistan-Linked SideCopy Group Escalates Cyber Campaign Against Indian Ministries *

Jenkins Docker Vulnerability Exposes Network Traffic to Hacker Interception *

Operation Endgame: Authorities Arrest SmokeLoader Botnet Users in International Crackdown *

Licensing Glitch Disrupts Services for Microsoft 365 Family Subscribers *

Cybercriminals Turn Messaging Apps into Money-Making Tools *

Dell PowerScale OneFS Vulnerabilities Could Lead to User Account Hijacking *

AkiraBot Targets 80,000 Websites Using CAPTCHA Bypass and Network Evasion Techniques *

Shuckworm Group Utilizes GammaSteel Malware in PowerShell Attacks *

ViperSoftX Malware Campaign Targets Korean Users with Advanced Distribution Tactics *

Hackers Allegedly Breach WooCommerce, Exposing Data of 4.4 Million Customers *

APT32 Leverages GitHub to Infect Chinese Cybersecurity Professionals with Backdoored Tools *

Microsoft Exchange Admin Center Experiencing Worldwide Downtime *

Oracle Confirms Hack of Legacy Servers, Dismisses Cloud Breach Claims *

Critical USB Audio Driver Vulnerability Patched in Linux Kernel to Prevent Code Execution via Malicious USB Devices *

CISA Issues Alert on Active Exploitation of CentreStack Hard-Coded Encryption Key Flaw *

Hackers Exploit SSRF Vulnerabilities in EC2 to Steal AWS Credentials *

Hackers Spied on Over 100 Bank Regulators' Emails for More Than a Year *

Critical FortiSwitch Flaw Allows Remote Admin Password Changes *

Windows Active Directory Flaw Allows Unauthorized Privilege Escalation *

Windows Kerberos Flaw Facilitates Security Feature Bypass *

Ransomware Groups Target Data with Double Extortion and Leak Threats *

Fortinet Patches Critical Vulnerabilities in FortiAnalyzer, FortiManager, and Other Products *

Over 26,000 Discussions on Dark Web Forums Targeting Financial Organizations *

XSS Flaws in Zoom Workplace Apps Enable Malicious Script Injection *

CLFS Zero-Day Vulnerability Exploited by Storm-2460 Ransomware Group *

New Red Team Technique 'RemoteMonologue' Leverages DCOM to Harvest NTLM Authentication Remotely *

Microsoft Patch Tuesday Security advisory- April 2025 *

Shopware Releases Patch for Critical SQL Injection Vulnerability *

Security Breach at Oracle: Hackers Steal Client Login Information *

CISA Warns of Ongoing Attacks Exploiting CrushFTP Auth Bypass Flaw *

WhatsApp Vulnerability Allows Attackers to Execute Malicious Code Through Attachments *

Hackers Abuse Windows .RDP Files to Establish Rogue Remote Desktop Connections *

Threat Actors Using VPS Hosting to Distribute Malware and Bypass Detection *

Threat Actors Exploit Toll Payment Services in Widespread Cyberattack *

Kellogg Announces Data Breach Linked to Clop Ransomware Attack *

Google Patches Android Zero-Days Exploited in Attacks, Alongside 60 Other Vulnerabilities *

NEPTUNE RAT Targets Windows Systems, Harvests Credentials from Over 270 Applications *

Cybercriminals Leverage Fake CAPTCHAs and Cloudflare Turnstile to Spread LegionLoader Malware *

Sophisticated Phishing Campaign Uses Screensavers to Distribute Malware *

New Sakura RAT Released on GitHub Capable of Bypassing Antivirus and EDR Defenses *

PHP Vulnerability in Bitdefender GravityZone Console Allows Hackers to Execute Arbitrary Commands *

China-Linked APT Strikes Ivanti Users in Fresh Wave of Espionage Attacks *

PoC Released for Python JSON Logger Vulnerability Allowing Remote Code Execution *

Critical Vulnerability in pgAdmin Enables Remote Code Execution *

Dell PowerProtect Vulnerability Enables Remote Command Execution *

Europcar GitLab breach exposes data of up to 200,000 customers *

IngressNightmare: Critical RCE Flaws in Kubernetes NGINX Clusters Allow Full System Takeover by Attackers *

State Bar of Texas Acknowledges Data Breach, Initiates Consumer Notifications *

CISA Lists Actively Exploited Ivanti Connect Secure Flaw in Known Exploited Vulnerabilities Catalog *

Ransomware Attack at Port of Seattle Exposes Data of 90,000 Individuals *

Severe Security Vulnerability in Apache Parquet Library Exposes Systems to Remote Code Attacks *

Hackers Targeting Juniper Smart Routers Using Default Passwords *

AI-Driven Gray Bots Launch Relentless Web App Assaults at 17K+ Requests Hourly *

Verizon iOS App Flaw Exposed Call Logs of Millions of Users *

Hunters International Collaborates with Hive Ransomware to Target Windows, Linux, and ESXi Systems *

Qilin Operators Mimic ScreenConnect Login Page to Deploy Ransomware & Gain Admin Access *

Jenkins Plugin Vulnerabilities Expose Sensitive Data to Cyber Threats *

Cyberattackers Exploit Apache Tomcat Flaw to Steal SSH Credentials and Compromise Servers *

DarkCloud Stealer Exploits Weaponized .TAR Archives to Harvest Passwords from Targeted Organizations *

Cisco AnyConnect VPN Flaw Lets Attackers Trigger Denial-of-Service (DoS) Attacks *

SonicWall Firewall Vulnerability Allows Unauthorized Access *

Hackers Exploit DeepSeek and Remote Desktop Apps to Deploy TookPS Malware *

North Korean Cyberattack Campaign Targeting European Organizations to Breach Corporate Infrastructure *

Privilege Escalation Vulnerability in Google Cloud Platform Grants Unauthorized Access to Sensitive Data *

Royal Mail Probes Data Leak Claims, Confirms Operations Remain Unaffected *

Global ChatGPT Outage Affects Thousands of Users – Latest Security Advisory Updates *

Critical WordPress Vulnerabilities Expose 20,000 Sites to Takeover Risks *

Cybercriminals Use Microsoft Teams for Malware Delivery in Phishing Campaign *

New Outlaw Linux Malware Leverages SSH Brute-Forcing for Extended Botnet Management *

Gootloader Malware Distributes Weaponized Documents Through Google Ads *

Vulnerability in Plantronics Hub Enables Attackers to Escalate Privileges *

KoiLoader Uses PowerShell Scripts to Deploy Malicious Payloads *

Massive 400GB Twitter (X) Data Breach Exposes 2.8 Billion Records *

Ransomware Poses a Risk to 93% of Industries—Building Resilience Is Essential *

Sliver Framework Customization Enhances Evasion and Bypasses EDR Detection *

APT34 Targets Finance and Telecom Sectors with Custom Malware *

Critical XSS Vulnerability in Kentico Xperience CMS Leads to Remote Code Execution *

Check Point Responds to Misinformation About Recent Data Leak *

Vulnerability in Rockwell Automation Enables Attackers to Execute Arbitrary Commands *

Hackers Exploit WordPress MU-Plugins to Conceal Malicious Code *

Hackers Use SVG Files to Spread Phishing Malware and Avoid Detection *

VMware Workstation Auto-Update Failure Caused by Broadcom URL Redirect *

Lucid Phishing Service Exploits iOS & Android for Global Smishing Surge *

Microsoft Leverages AI to Identify Vulnerabilities in GRUB2, U-Boot, and Barebox Bootloaders *

Hacker Breach Exposes Samsung Customer Data *

CISA Warns of RESURGE Malware Exploiting Critical Vulnerability in Ivanti Connect Secure Devices *

Dell Unity Vulnerabilities Enable Attackers to Breach Systems *

Canon Printer Flaw Exposes Devices to Arbitrary Code Execution Risk *

Splunk Addresses Multiple Vulnerabilities with Latest Patches *

Russia-Linked Gamaredon APT Deploys Remcos RAT in Ukraine Using Military Lures *

Legacy Medical Devices: A Vulnerable Target for Ransomware Attacks *

Lotus Blossom APT Abuses WMI for Stealthy Post-Exploitation *

New Ubuntu Linux Vulnerabilities Enable Kernel Component Exploitation *

UK ‘Unprepared’ for Cyberattacks Amid Rising State-Sponsored Threats, Public Infrastructure Vulnerable *

TsarBot Android Trojan Targets 750 Banking and Finance Apps for Credential Theft *

Hackers Leverage DNS MX Records to Spoof Logins for 100+ Brands *

46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Manipulate Settings *

RESURGE Malware Exploits Ivanti Vulnerability with Advanced Rootkit and Web Shell Capabilities *

CVE-2025-2294 Exploits Vulnerability in Popular WordPress Plugin with Over 90,000 Active Installations *

Oracle Health Data Breach Exposes Patient Information in US Hospitals *

PlayBoy Locker Ransomware Targets Windows, NAS, and ESXi Systems *

Cyberattack Disrupts Kuala Lumpur Airport, Hackers Demand $10M Ransom *

Dozens of Vulnerabilities in Solar Inverters Could Be Exploited to Target Power Grids *

Mozilla Issues Critical Patch for Windows Following Chrome Zero-Day Exploit *

Cybercriminals Hijack 150,000 Websites to Push Chinese Gambling Sites *

CoffeeLoader Malware Overcomes Endpoint Security to Deploy Rhadamanthys Shellcode *

New macOS Malware ‘ReaderUpdate’ Evolves with Nim and Rust Variants *

Blacklock Ransomware Infrastructure Compromised, Exposing Upcoming Attacks *

Arkana Ransomware Group Claims Attack on US Telecom Companies *

Mozilla Patches Critical Sandbox Escape Vulnerability in Firefox 136.0.4 *

Hijacked Microsoft Stream Domain Causes Spam Issues on SharePoint *

Security Flaw in GitHub CodeQL Workflow Reveals Potential for Large-Scale Supply Chain Attack *

Exim Use-After-Free Vulnerability Enables Privilege Escalation *

CryptoLib Vulnerability: Heap Overflow Puts Space Communications at Risk *

Severe CrushFTP Vulnerability Puts Servers at Risk of Unauthenticated Access *

StreamElements Reveals Third-Party Data Breach Following Hacker Leak *

YouTube Creators Targeted by Fake Brand Deals in ‘Clickflix’ Attack Scheme *

Critical Vulnerabilities in Production Line Cameras Enable Attackers to Disable Recordings *

Splunk RCE Vulnerability Enables Arbitrary Code Execution via File Upload *

Google Chrome Zero-Day Vulnerability Under Active Exploitation *

NetApp SnapCenter Vulnerability Enables Attackers to Gain Admin Privileges *

UPI Service Outage Disrupts Financial Operations Across India *

CISA Warns of ICS Vulnerabilities and Offers Essential Security Tips *

New Malware Exploits Cross-Platform Framework to Evade Detection on Android *

Apache VCL Vulnerable to SQL Injection (CVE-2024-53678) and XSS (CVE-2024-53679) Flaws *

Multistage Info-Stealer Snake Keylogger Aims at Individuals and Businesses to Harvest Login Credentials *

Banking Malware Targets 248,000 Mobile Users via Social Engineering Tactics *

Hackers Leverage Windows MMC Zero-Day Flaw to Execute Malicious Code *

VMware Tools for Windows Vulnerability Allows Attackers to Bypass Authentication *

Huge Cyberattack Disrupts Ukrainian Railway's Online Services *

Chrome and Edge Users Targeted by Rilide Malware Posing as Legitimate Browser Extension *

ShibaCoin Ransomware Targets Developers Through Malicious VS Code Extensions *

Specter Insight C2 Tool Enhances ClickFix-Driven Hacking Campaigns *

Sophisticated Phishing Campaign Targets Pocket Card Users *

Critical Ingress NGINX Vulnerabilities (CVE-2025-1974) Threaten Kubernetes Security *

Hackers Deploying Fake Semrush Ads to Steal Google Account Credentials *

New Phishing Attack Targets Gamers with Browser-in-the-Browser Technique *

Next.js Flaw Allows Attackers to Bypass Middleware Auth Checks *

Chrome Security Update Patches Critical Code Execution Vulnerability *

Hackers Can Deliver Teams Malware Using Browser Cache Smuggling *

Critical Remote Code Execution Vulnerability in vLLM via Mooncake (CVE-2025-29783) Patched *

Chinese 'Web Shell Whisperer' Uses Shells and Tunnels for Stealthy Persistence *

Critical WordPress Plugin Vulnerability Threatens Over 200,000 Sites with Potential Code Execution *

Cybercriminals Leverage Gamma AI to Develop Advanced Microsoft-Themed Phishing Redirectors *

Hacker Group Behind 90 Global Data Breaches Exposed, Four Members Identified *

VanHelsingRaaS Targets Linux, BSD, ARM, and ESXi Systems *

Revolutionary Browser-Based RDP Solution Redefines Secure Remote Access *

Baidu Faces Data Breach, Compromising User Information *

Apache Druid Vulnerability (CVE-2025-27888) Exposes Real-Time Analytics Systems to SSRF and XSS Threats *

Steam Pulls Game Demo After Reports of Info-Stealing Malware on Windows *

MacOS Vulnerability CVE-2024-54471: Critical Security Flaw Exposed and Patched *

Kaspersky Links Head Mare to Twelve, Using Shared C2 Servers to Target Russian Entities *

Albabat Ransomware Targets Windows, Linux, and macOS Through GitHub Exploitation *

Cybercriminals Target Meta Users with Phishing Emails to Steal Ad Account Credentials *

JumpServer Vulnerabilities Enable Attackers to Bypass Authentication and Seize Full Contro *

Oracle Denies Data Breach After Hacker Says 6 Million Records Stolen *

FBI Warning: Fake File Converters Are Spreading Malware *

Coinbase Identified as Primary Target in Recent GitHub Actions Supply Chain Attack *

Cloudflare Enforces Encryption, Blocking All Unsecured API Traffic *

Microsoft Trust Signing Service Exploited to Code-Sign Malware *

Researchers Discover FIN7’s Stealthy Python-Based Anubis Backdoor *

UAT-5918 Threat Group Targets Taiwan's Critical Infrastructure with Web Shells and Open-Source Tools *

Attackers Exploit CAPTCHAs to Trigger PowerShell and Deliver Malware *

I-SOON’s ‘Chinese Fishmonger’ APT Targets Governments and NGOs *

VanHelsing Ransomware Hits Windows with New Evasion Tactics *

Infosys to Settle 2023 Data Breach for $17.5 Million *

Pennsylvania Teachers Union Data Breach Exposes 500,000 Individuals *

AI-Powered Phishing the Growing Threat to Browser Security *

VSCode Extensions Discovered Distributing Early-Stage Ransomware *

IBM AIX Vulnerability Allows Attackers to Execute Arbitrary Commands *

Swiss Telecom Firm Ascom Confirms Cyberattack by HellCat Group *

Dell SmartFabric OS10 Software Patches Multiple Security Vulnerabilities *

CISA Warns U.S. Federal Agencies of Active Exploitation of NAKIVO Backup Vulnerability *

Veeam Backup & Replication Vulnerability Allows Critical RCE *

Signal Messenger Exploited in Targeted Attacks on Defense Sector Employees *

Scareware-Phishing Campaign Targets macOS Users *

Critical AMI BMC Vulnerability (CVE-2024-54085) Allows Remote Authentication Bypass *

DollyWay Malware Campaign Compromises 20,000 WordPress Sites *

Orion Security Secures $6M Funding to Combat Insider Threats with AI-Powered DLP *

Cyber Threats Surge During March Madness as Scammers Exploit Fan Frenzy *

Zero-Day Windows Vulnerability Under Active Exploitation by 11 State-Sponsored Groups Since 2017 *

VPN Vulnerabilities Become a Key Weapon for Cybercriminals Exploiting Organizations *

ClearFake Infected 9,300 Sites with Impersonated reCAPTCHA and Turnstile to Distribute Malware *

Critical PHP Vulnerability (CVE-2024-4577) Exposes Systems to Cryptocurrency Miners and RATs *

Cybercriminals Steal 3.2 Billion Login Credentials and Compromise 23 Million Devices Globally *

Critical Bug in AMI MegaRAC Allows Attackers to Hijack and Brick Servers *

Exploitation of ChatGPT Vulnerability Targets US Government Organizations *

Western Alliance Bank Alerts 21,899 Customers About Data Breach *

Severe mySCADA myPRO Vulnerabilities Could Allow Attackers to Hijack Industrial Control Systems *

Microsoft March Updates Unintentionally Remove Copilot *

New 'Rules File Backdoor' Attack Allows Hackers to Inject Malicious Code Through AI Code Editors *

New ClearFake Variant Uses Fake reCAPTCHA to Run Malicious PowerShell Code *

Scammers Use Fake Coinbase Migration Messages to Steal Wallet Credentials *

Ransomware Group Develops Tool to Automate VPN Brute-Force Attacks *

Jaguar Land Rover Breached by HELLCAT Ransomware Using Stolen Jira Credentials *

Millions of RSA Keys Expose Serious Vulnerabilities to Exploitation *

Researchers Demonstrate Remote Hacking of Commercial Trucks & Buses *

GitHub Action Breach Exposes CI-CD Secrets in 23,000+ Repositories *

Apache Tomcat Vulnerability Exploited Within 30 Hours of Public Disclosure *

Hospitality and Recreation Sectors See Rise in Cyberattacks, Warns ReliaQuest *

Critical TP-Link Router Vulnerability Allows Hackers to Achieve Full System Takeover *

AWS SNS Exploited by Cybercriminals for Data Exfiltration and Phishing Attacks *

Fake 'Security Alert' on GitHub Exploits OAuth App to Hijack Accounts *

Hackers Using CSS to Bypass Spam Filters and Monitor User Activity *

Adobe Acrobat Reader Vulnerabilities Allow Attackers to Execute Arbitrary Code *

Grafana Vulnerabilities Exploited in Widespread SSRF Attack Campaign *

Critical Vulnerabilities in Bitdefender BOX v1 Expose Smart Homes to CyberAttacks *

RedCurl APT Exploits Active Directory Explorer and 7-Zip for Data Exfiltration *

Over 100 Auto Dealers Hacked via ClickFix Webpage, Leading to SectopRAT Malware Installation *

Critical Memory Corruption Vulnerabilities Discovered in Delphi, Undermining Its Safety Claims *

Critical ruby-saml Flaws Allow Attackers to Bypass Authentication *

DeepSeek R1 Manipulated to Generate Malware, Including Keyloggers and Ransomware *

Hackers Leverage Exposed Jupyter Notebooks to Launch Cryptominers *

Hackers Apparently Selling 3.17 Million Honda Cars India Customer Records *

PHP XXE Injection Vulnerability Exposes Config Files & Private Keys *

Undetected Anubis Malware Allows Hackers to Execute Remote Commands *

Hackers Exploit Microsoft Copilot in Advanced Phishing Scheme *

Phishing Attacks Target Microsoft 365 Users Using OAuth Vulnerabilities *

CISA Alerts About Apple WebKit Out-of-Bounds Write Vulnerability Being Actively Exploited *

Apache NiFi Vulnerability Leaks MongoDB Credentials to Unauthorized Users *

Cybercriminals Leveraging JSPSpy to Orchestrate Malicious Webshell Networks *

Siemens SINAMICS S200 Bootloader Vulnerability Allows Attackers to Compromise Devices *

GitLab Discovers Security Vulnerabilities Allowing Attacker Logins as Valid Users *

Misconfigured AWS S3 Bucket Exposes Over 86,000 Healthcare Worker Records *

Medusa Ransomware Strikes Over 300 Global Organizations, Targeting Critical Sectors *

Cisco Reveals Critical Privilege Escalation Vulnerability in IOS XR Software *

Fortinet Addresses Critical Vulnerabilities Across Multiple Products *

Hackers Employ Advanced MFA-Bypassing Techniques to Compromise User Accounts *

Massive Cyber Attack: Over 400 IPs Exploit Multiple SSRF Vulnerabilities in Coordinated Effort *

Facebook Reveals Exploited FreeType 2 Vulnerability in Recent Attacks *

Users Targeted by DCRat Malware Through YouTube to Steal Login Credentials *

Chinese Hackers Compromise Juniper Networks Routers Using Custom Backdoors and Rootkits *

NVIDIA Riva Security Flaws Allow Privilege Escalation *

CISA Warns of Critical Windows NTFS Vulnerability (CVE-2025-24991) *

MirrorFace APT Leverages Custom Malware to Target Windows Sandbox and Visual Studio Code *

AI-Generated Fake GitHub Repositories Used to Steal Login Credentials *

Apache Pinot Vulnerability Allows Attackers to Bypass Authentication *

Critical FreeType Vulnerability Puts Millions of Devices at Risk *

MassJacker Malware Uses 778,000 Wallets to Steal Cryptocurrency *

North Korean Lazarus Group Hacks Hundreds Using NPM Packages *

Zoom Patches Multiple High-Severity Vulnerabilities in Workplace Apps and SDKs *

New Botnet 'Eleven11bot' Compromises 30,000 Webcams *

Microsoft Patch Tuesday Security advisory- March 2025 *

Blind Eagle Hackers Utilizing Google Drive, Dropbox, and GitHub to Evade Security *

Threat Actors Bypass Security Defenses to Execute SIM Swap Attacks *

Severe Android Vulnerability CVE-2024-31317 Poses Risk of Privilege Escalation *

Critical Apache Tomcat Vulnerability CVE-2025-24813 Exposes Servers to Remote Code Execution *

Researcher Exploits Embedded Devices to Reveal Firmware Secrets *

Microsoft Time Travel Debugging (TTD) Vulnerability Exposes Security Risks *

North Korean Hackers Use Weaponized ZIP Files to Deploy Malicious PowerShell Script *

CISA Adds Two VeraCore Vulnerabilities to Actively Exploited Vulnerability Catalog *

CISA Warns of Actively Exploited Ivanti Endpoint Manager Vulnerabilities *

Threat Actors Leverage EncryptHub for Multi-Stage Malware Attacks *

Dark Storm Claims Responsibility as X Faces Massive Cyberattack *

Hackers Exploit Misconfigured Cloud Settings to Host Malware *

New 'Desert Dexter' Malware Compromises Over 900 Victims Worldwide *

7 Malicious Go Packages Targeting Linux & macOS to Install Stealthy Malware Loaders *

PrintSteal Cybercriminal Network Producing and Distributing Fake Aadhaar & PAN Cards at Large Scale *

Critical Laravel Vulnerability Exposes Web Apps to XSS Exploits *

Ransomware Attack on Retirement Services Firm Exposes Data of Thousands in US Schools *

Severe Authorization Flaw Found in Moxa PT Series Switches *

Hackers Register 10K Domains for Smishing Attack through iMessage *

Hackers Exploit x86-64 Binaries on Apple Silicon to Distribute macOS Malware *

Critical DrayTek Router Vulnerabilities Enable Remote Code Execution Attacks *

Researchers Uncover Critical ESP32 Vulnerability Affecting Over a Billion IoT Devices *

NTT Data Breach Exposes Sensitive Information of 18,000 Companies *

Akira Ransomware Exploits Webcam to Evade EDR and Attack Windows Servers *

Strela Stealer Malware Attacks Microsoft Outlook to Steal Credentials *

LibreOffice Vulnerability Allows Attackers to Execute Arbitrary Scripts via Macro URL *

Phantom Goblin Employs Social Engineering Tactics to Distribute Stealer Malware *

Misconfigured Apache Airflow Servers Expose Login Credentials to Hackers *

Threat Actors Impersonate Electronic Frontier Foundation to Target Gaming Community *

Critical IDOR Vulnerability in ZITADEL's Admin Interface Puts Organizations at Risk *

Critical Kibana Vulnerability Allows Attackers to Execute Arbitrary Code *

Critical Sitecore 0-Day Vulnerability Enables Remote Code Execution *

Cisco Secure Client for Windows Vulnerability (CVE-2025-20206) Allows SYSTEM Privilege Code Execution *

BadBox Malware Targets Over 50,000 Android Devices Through 24 Google Play Apps *

Cybercriminals Leverage Hacked Email Servers for Fraudulent Operations *

Critical Vulnerability in Chaty Pro Plugin (CVE-2025-26776) Puts Thousands of WordPress Sites at Risk *

Critical Code Execution Vulnerability (CVE-2025-25012) Patched in Elastic Kibana *

Sophisticated Malware Campaign Targets Go Ecosystem Through Typosquatted Packages *

Cybercriminals Target YouTubers to Distribute SilentCryptoMiner on Windows *

Security Vulnerability in Cisco Webex for BroadWorks Exposes User Credentials to Potential Attacks *

Over 41,500 VMware ESXi Instances Exposed to Critical Code Execution Vulnerability *

US Charges Chinese Hackers for Breaching Critical Infrastructure *

Android Devices Infected with Malware Drive Global Botnet Fraud *

Stealthy LummaStealer Malware Spreads via Fake CAPTCHA *

Vim Users Alerted: Malicious TAR Files May Lead to Code Execution (CVE-2025-27423) *

Zoho Fixes Critical Account Takeover Vulnerability in ADSelfService Plus *

PoC Exploit Released for CVE-2024-53676, Raising RCE Concerns *

Tactics Used in Microsoft Teams to Connect Black Basta and Cactus Ransomware Malware *

US CEOs Targeted in Postal Mail Scam with Fake BianLian Ransom Notes *

Windows KDC Proxy RCE Vulnerability Enables Remote Server Compromise *

CISA Alerts on Ongoing Exploitation of Microsoft Windows Win32k Vulnerability *

Google Issues Urgent Warning About Critical Android Vulnerabilities Being Exploited *

Cybercriminals Exploit PowerShell and Trusted Microsoft Apps to Spread Malware *

Threat Actors Exploit Microsoft Teams and Quick Assist for Unauthorized Access *

Hackers Exploit Google Ads and PayPal Links to Steal Users' Personal Data *

North Korean IT Workers Conceal Their IP Addresses with Astrill VPN *

Space Pirates Hackers Target IT Organizations With LuckyStrike Malware via OneDrive *

Vulnerability in Substack Custom Domains Exposes Thousands to Potential Hijacking *

Almost 12,000 API Keys and Passwords Exposed in AI Training Dataset *

Critical XXE Vulnerability Discovered in HPE Insight Remote Support: CVE-2024-53675 *

Critical Vulnerability Discovered in ToDesktop Electron App Bundler *

Android Phones Unlocked Using Cellebrite's Linux USB Zero-Day Exploit *

Microsoft Identifies Hackers Exploiting Azure OpenAI Service for Malicious Content *

Critical Vulnerability in Nakivo Backup & Replication Puts Sensitive Data at Risk *

Ransomware Groups Leverage Paragon Partition Manager Vulnerability in BYOVD Attacks *

ModSecurity Security Flaw Puts Web Applications at Risk *

PingAM Java Agent Vulnerability Enables Security Bypass by Attackers *

Hackers Can Take Over Car Cameras in Minutes by Exploiting Security Flaws *

Angel One Data Breach Personal Information of 8 million Users Compromised *

Hackers Exploit Pass-the-Cookie Attacks to Evade MFA and Hijack Accounts *

Chinese Hackers Attack Belgium State Security Service *

Chinese Hackers Exploit Check Point VPN Zero-Day in Global Cyber Attacks *

Cybercriminals Exploit Unpatched Vulnerabilities Amid EDR Blind Spots *

Wallbleed Exposes Memory Flaw in China’s Great Firewall DNS System *

Lynx Ransomware Targets Global Organizations with Advanced Attack Techniques *

VS Code Extension with 9 Million Installs Infects Developers with Malicious Code *

DragonForce Targets Critical Infrastructure to Steal Data and Disrupt Operations *

XSS Vulnerability in Krpano Framework Exploited to Inject Malicious Scripts on Hundreds of Websites *

Squidoor: Advanced Malware Leveraging Outlook API, DNS, and ICMP Tunneling for Command-and-Control Communication *

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communication *

Massive Phishing Campaign Uses 5,000 Malicious PDFs Across 260 Domains to Steal Credit Card Data *

1.5 Billion iPhones At Risk From nRootTag Attack *

New Phishing Attacks Hit Yodobashi Camera Users, Credentials at Risk *

Orange Communication Breach – Hackers Allegedly Leak 380,000 Emails *

Genea IVF Provider Hit by Cyberattack, Sensitive Patient Data Exposed *

Atomic macOS Info-Stealing Malware Targets 50 Cryptocurrency Wallets *

Critical Cisco Nexus Switch Vulnerability Enables DoS Attacks *

LibreOffice Vulnerabilities Enable Attackers to Execute Malicious Files on Windows *

Security Flaws in GitLab Allow Attackers to Bypass Protections and Run Arbitrary Scripts *

Critical Flaw Leaves 2,850+ Ivanti Connect Secure Devices Exposed to Attacks *

Stealthy Batch Script Leveraging PowerShell and VBScript to Deploy XWorm *

Have I Been Pwned (HIBP) Reports One of the Largest Data Breaches Linked to ALIEN TXTBASE *

Chinese Botnet with 130,000 Devices Targets Microsoft 365 Accounts *

Ghostwriter APT Targets Government Entities with Weaponized Excel Malware *

Hackers Exploit Cisco Small Business Router RCE Flaw to Deploy Webshells *

Sliver C2 Server Flaw Allows Attackers to Establish TCP Connections and Intercept Traffic *

GRUB2 Vulnerability CVE-2025-0690 Poses Secure Boot Bypass Risk *

CISA Flags Actively Exploited Vulnerabilities in Zimbra (CVE-2023-34192) and Microsoft (CVE-2024-49035) *

Google Alerts Higher Education Institutions About Surge in Phishing Campaigns *

Hackers Launch Devastating Cyber Attack on Critical Infrastructure *

GitVenom Attack Exploits Thousands of GitHub Repositories to Spread Malware *

KernelSnitch: Exposing a New Side-Channel Vulnerability in Kernel Data Structures *

Hackers Trick Outlook Spam Filters to Spread Malicious ISO Files *

Critical RCE Vulnerability Found in MITRE Caldera – Proof of Concept Released *

CISA Issues Alert: Oracle Agile Vulnerability Being Actively Exploited *

Moxa PT Switches Exposed to Denial-of-Service Attack via CVE-2024-9404 *

Libxml2 Vulnerabilities (CVE-2024-56171 & CVE-2025-24928) Could Allow Code Execution *

GhostSocks Malware Uses SOCKS5 for Detection Evasion *

Chinese Hackers Leverage FatalRAT to Target Industrial Organizations *

Stablecoin Hit by Major Hack, $49.5M Stolen, Triggering Market Volatility *

Hackers Leverage Confluence Server Vulnerability to Deploy LockBit Ransomware *

Phishing Scam Targeting ChatGPT Premium Users Aims to Steal Login *

Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL *

Parallels Desktop Zero-Day Vulnerability Exposes macOS to Root Privilege Escalation *

Critical Command Injection Vulnerability Discovered in F5 BIG-IP TMSH *

Bybit Suffers Largest Cryptocurrency Theft in History, Losing $1.46 Billion in Ethereum *

Cybercriminals Exploit CS2 Tournaments to Hijack Steam Accounts and Cryptocurrency *

Nagios XI Vulnerability Allows Unauthenticated Access to User Data and Emails *

Sitevision Auto-Generated Password Flaw Exposes SAML Signing Key *

Fluent Bit Security Flaw Leaves Cloud Services Vulnerable to Cyber Threats *

MongoDB Library Vulnerabilities Enable Remote Code Execution on Node.js Servers *

NSA Allegedly Breached Chinese University in Cyber Espionage Campaign *

CISA Issues Alert on Ongoing Attacks Exploiting Craft CMS Vulnerability *

CL0P Ransomware Targets Telecom and Healthcare Sectors in Massive Attacks *

Pegasus Spyware Expands Scope, Infiltrating Corporate and Financial Sectors *

Cybercriminals Exploit Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives *

China Hackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware *

North Korean Hackers Exploit Job Scams to Infect Freelance Developers with Malware *

Internal Chat Logs of Black Basta Ransomware Gang Leaked Online *

Venture Capital Firm Insight Partners Targeted in CyberAttack *

Salt Typhoon Hackers Exploit Cisco Vulnerability to Access Devices on U.S. Telecom Networks *

Cyber Threat Actors Using Exploits to Target Financial Sector with Sophisticated Malware *

Critical Vulnerability in Popular WordPress Plugin Exposes 90,000 Sites to Attacks *

Microsoft Patches Critical Privilege Escalation Vulnerability in Disk Cleanup Utility *

Russian Phishing Campaigns Take Advantage of Signal's Device-Linking Feature *

A Critical Microsoft Bing Vulnerability Allowed Remote Code Execution Attacks *

Australian Fertility Giant Genea Hit by Cybersecurity Breach *

FrigidStealer Infostealer Infects Macs Through Fake Browser Update Prompts *

Phishing Attack Conceals JavaScript with Invisible Unicode Trick *

Hundreds of US Military and Defense Credentials Leaked *

Global Cyberattack: Ghost Ransomware Targets Organizations in 70 Countries, Warns CISA and FBI *

Palo Alto Networks Identifies New Firewall Vulnerability Exploited in Attacks *

Cybercriminals Exploit Apple & Google Wallets with Stolen Cards *

Russian-Aligned Threat Groups Exploit Signal Messenger to Steal Sensitive Data *

Citrix Issues Security Patch for NetScaler Console Privilege Escalation Flaw *

Cracked Garry's Mod and BeamNG.drive Games Distribute Mining Malware to Gamers *

New Evolving Snake Keylogger Variant Targets Windows Users *

New OpenSSH Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks *

Mustang Panda Uses MAVInject.exe to Evade Detection, ESET Disputes Findings *

CISA Releases Two New ICS Advisories on Exploited Vulnerabilities and Patches *

Chrome Buffer Overflow Vulnerabilities Allow Hackers to Execute Code & Gain System Access *

Critical OpenSSH Vulnerabilities Expose Systems to Potential Attacks *

Cybercriminals Trojanize Popular Games to Bypass Security and Compromise Systems *

LibreOffice Vulnerabilities Allow Attackers to Modify Files and Access Sensitive Information *

Zacks Investment Data Breach Leaks 12 Million Emails and Phone Numbers *

Pro-Russian Hacker Group NoName057(16) Targets Italian Banks and Airports *

Palo Alto Networks and SonicWall Firewalls Under Active Exploitation—Urgent Patching Advised *

ChatGPT Prompt Injection Vulnerability Exposes Private Data *

Earth Preta APT Exploits Microsoft Utility Tool to Evade AV Detection and Control Windows *

RansomHub Now Threatens Windows, ESXi, Linux, and FreeBSD Systems *

Malware on WordPress Sites Enables Remote Code Execution *

Critical Vulnerabilities in Xerox Printers Enable Capture of LDAP & SMB Authentication Data *

Indian Post Office Portal Exposed Thousands of KYC Records, Including Usernames and Mobile Numbers *

New XCSSET Malware Infects Xcode Projects to Target macOS Users *

ExHub IDOR Vulnerability Allows Attackers to Modify Web Hosting Configuration *

New Microsoft Windows GUI 0-Day Vulnerability Under Active Attack *

FinalDraft Malware Exploits Outlook Mail Service for Stealthy Communication *

Hackers Leverage Microsoft Teams Invites for Unauthorized Access *

Rapid7 Identifies New PostgreSQL Zero-Day Linked to BeyondTrust Attacks *

Valve Removes PirateFi from Steam After Malware Discovery *

Hackers Exploit Device Code Phishing to Steal Microsoft Emails *

Google Chrome Deploys AI to Prevent Malicious Websites and Downloads *

Lazarus Group Targets Global Developers with New Malware Strategy *

Database Vulnerability on Elon Musk’s DOGE Website Allowed Unauthorized Entries *

New Go-Based Malware Hijacks Telegram as a Covert Command-and-Control Channel *

Chinese Hackers Exploit Unpatched Cisco Routers to Breach Multiple US Telecom Networks *

Security Flaw in NVIDIA Container Toolkit Enables Code Execution Attacks *

Sophisticated Phishing Attack Exploits Webflow CDN & CAPTCHAs to Steal Credit Card Data *

New Malware Targets Japanese Organizations in Winnti Cyberattack *

New Malware Exploits Microsoft Graph API for Outlook-Based Communication *

RedNote App Security Flaw Leaks User Files on iOS and Android Devices *

Security Flaw in CleanTalk Plugin Threatens 30,000 WordPress Sites – Immediate Update Required *

Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Other Third-Party Logins *

SQL Injection Vulnerability in Apache Fineract Enables Malicious Data Injection *

WhoAMI Exploit Grants Hackers Remote Code Execution on Amazon EC2 Instances *

Cybercriminals Exploiting ThinkPHP and OwnCloud Vulnerabilities on a Large Scale *

Threat Actors Leverage DeepSeek’s Popularity to Distribute Malware *

Critical Ivanti ICS Vulnerability Actively Exploited by SPAWNCHIMERA Malware *

Exploitation of ZeroLogon Ransomware in Active Directory to Access Domain Controllers *

WinZip Vulnerability Enables Remote Code Execution by Attackers *

AMD Ryzen Vulnerability Allows Code Execution via DLL Hijacking *

North Korean Threat Actor ‘Kimsuky’ Adopts ClickFix-Inspired Tactics for Cyber Espionage *

Microsoft Alerts: Russian Seashell Blizzard Hackers Breach Critical Infrastructure *

Palo Alto PAN-OS Zero-Day Vulnerability Lets Attackers Bypass Web Interface Authentication *

Massive IoT Data Breach Leaks 2.7 Billion Records, Including Wi-Fi Passwords *

APT43 Hackers Targeting Universities Through Exposed Credentials *

Microsoft Identifies Sandworm Subgroup’s Global Cyber Attacks *

Google Patches Major YouTube Privacy Flaw That Exposed User Emails *

New Chinese Cyber Attack on Manufacturing Sector Aims to Steal Intellectual Property *

Google Issues Urgent Chrome Update to Patch Critical Security Flaw *

Amazon Machine Image Flaw Lets Hackers Publish Fake Resources *

Critical Vulnerability in CrowdStrike Falcon Sensor for Linux Allows TLS MiTM Exploits *

Critical OpenSSL Flaw Enables Attackers to Perform Man-in-the-Middle Attacks *

Critical SonicWall Firewall Flaw Enables VPN Session Hijacking *

Zero-Day Exploit in Fortinet FortiOS & FortiProxy Enables Firewall Hijacking and Super Admin Access *

Intel Addresses 374 Security Vulnerabilities in 2024 *

Microsoft Patch Tuesday Security advisory- February 2025 *

Apple iOS Zero-Day Vulnerability Actively Exploited in Highly Sophisticated Attacks *

Exploited RCE Vulnerability Exposes Over 12,000 KerioControl Firewalls *

Cisco Data Breach – Ransomware Group Claims to Have Compromised Internal Network *

Georgia Hospital Notifies 120,000 Individuals of Data Breach *

New Report on 1M+ Malware Samples Exposes Application Layer Abuse for Stealthy C2 *

International Law Enforcement Seizes 8Base Ransomware Data Leak Sites in Major Operation *

Lee Newspapers Hit by Cyberattack, Disrupting Operations Nationwide *

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update *

Marvel Game Security Flaw Exposes PCs and PS5s to Remote Takeover Risks *

Critical Zimbra Vulnerabilities Allow Attackers to Access Internal Resources Without Authorization *

Autonomous LLMs in Pen Testing: AD Breaches & Cybersecurity Future *

Cybercriminals Exploit IIS Servers to Spread BadIIS Malware: A Rising Cyber Threat *

Zero-Day Vulnerability Found in Microsoft Sysinternals Tools Exposes Windows Systems to Security Risks *

Amazon Enhances Redshift Security with New Features to Prevent Data Leaks *

UK Reportedly Pressures Apple to Provide Backdoor Access to Encrypted iCloud Data *

Kimsuky APT Group Utilizes Custom RDP Wrapper and ForceCopy Stealer *

Global Brute Force Attack Targets Critical Networking Devices Across Multiple Countries *

F5 Alerts Users to Critical TLS Session Resumption Flaw in NGINX – CVE-2025-23419 *

Critical Security Flaw Exposes Vitest to Remote Code Execution Attacks *

IBM Cloud Pak Vulnerabilities Expose Sensitive Data to Cyber Threats *

Apache James Mail Server Faces Dual Denial-of-Service Vulnerabilities *

Critical Security Vulnerabilities Found in IBM Security Verify Directory *

Hackers Exploit SimpleHelp RMM Vulnerabilities for Persistence and Ransomware *

XE Hacker Group Exploits Veracode 0-Day to Deploy Malware and Steal Credit Card Data *

Trimble Cityworks Hit by Active Exploits Targeting Critical CVE-2025-0994 Vulnerability *

Critical Security Flaw Discovered in Logsign Unified SecOps Platform *

Dell Issues Security Advisory for Update Manager Plugin Vulnerability *

OpenAI Data Breach Allegedly Involves 20 Million Login Credentials for Sale *

Hackers Exploit SVG Files in Phishing Attacks Targeting Gmail, Outlook, and Dropbox Users *

Critical Vulnerabilities in HPE Aruba ClearPass Enable Arbitrary Code Execution *

Splunk Launches DECEIVE, an AI-Powered Honeypot for Tracking Cyber Threats *

Critical Cisco ISE Vulnerability Allows Attackers to Execute Commands as Root *

50,000 Users Impacted by Mobile Malware Targeting Indian Banks *

Malicious Android and iOS Apps with 242,000+ Downloads Target Crypto Recovery Keys *

BADBOX Botnet Infected 190,000+ Android Devices, Including LED TVs and Smartphones *

New DeepSeek Jailbreak Method Exposes Full System Prompt *

Microsoft Releases Script to Update Windows Media with Bootkit Malware Fixes *

AnyDesk Vulnerability Grants Admin Access via Malicious Windows Wallpapers *

New SSH Backdoor Targets Linux Devices in Chinese Hacker Attack *

Critical Veeam Backup Flaw Enables Remote Code Execution with Root Privileges *

Hackers Exploit ADFS to Bypass MFA and Breach Critical Systems *

Critical Netgear Flaws Expose Devices to Remote Code Execution *

AMD Fixes Critical CPU Flaw Threatening Confidential Computing Security *

CISA Issues New Guidelines for Securing Firewalls, Routers, and Internet-Exposed Servers *

Hackers Target Six-Year-Old IIS Vulnerability to Gain Remote Access *

PoC Released for Linux Kernel Vulnerability CVE-2024-36972 – Double Free Bug Allows Privilege Escalation and Container Escape *

New Phishing Attack Hijacks X Accounts to Promote Scam Sites *

New Attack Technique Enables Low-Privilege Users to Bypass EDR *

Critical XSS Vulnerability in Roundcube Webmail Exposes Users to Malicious Attachments *

GrubHub Data Breach Exposes Information of Customers, Drivers, and Merchants *

Casio UK Online Store Breach Exposes Customer Credit Card Data *

Multiple Dell PowerProtect Vulnerabilities Allow Attackers to Compromise Systems *

Microsoft Accounts Authentication Bypass Vulnerability Allows Attackers to Gain Remote Access *

Keir Starmer's Personal Email Reportedly Hacked by Russian Operatives *

Hackers Leverage AWS and Microsoft Azure for Widespread Cyber Attacks *

Lazarus Group Uses Trusted Apps to Steal Data via Dropbox *

NVIDIA Releases Security Updates to Address Critical Vulnerabilities in GPU Drivers and vGPU Software *

February 2025 MediaTek Security Bulletin Remote Attacks Enabled by Critical WLAN Vulnerabilities Affect Millions *

Data Breach at Connecticut Healthcare Provider Affects 1 Million People *

Security Flaw in Alibaba Cloud Storage Exposes Data to Unauthorized Uploads *

Coyote Banking Malware Exploits Windows LNK Files to Run Malicious Scripts *

CISA Issues Warning on Backdoor Vulnerability in Contec CMS8000 Patient Monitors *

Devil-Traff: New SMS Phishing Platform Targeted by Cybercriminals *

Critical Path Traversal Vulnerability Discovered in Deep Java Library *

TAG-124 Breaches 1,000+ WordPress Sites to Inject Malicious Code *

Gmail Confirms AI-Powered Hacking Threat, Issues Warning to 2.5 Billion Users *

Zero-Day Breach in BeyondTrust Exposes 17 SaaS Customers Through Compromised API Key *

One-Click RCE Vulnerability Discovered in Voyager Admin Panel with No Patch Available *

Rockwell Automation Patches Critical FactoryTalk View ME Vulnerability *

Israeli Firm Paragon Targets WhatsApp with New Zero-Click Spyware *

WantToCry Ransomware Targets SMB Vulnerabilities to Remotely Encrypt NAS Devices *

D-Link Router Vulnerability Allows Remote Attackers to Gain Full Control *

Vulnerabilities in Cisco Webex Chat Expose Organization's Message Histories to Attackers *

VMware Aria Operations Vulnerabilities Enable Attackers to Execute Admin-Level Actions *

Critical Flaw in Yeti Forensic Platform Enables Remote Code Execution *

Globe Life Data Breach Widens, Potentially Affecting 850,000 More Customers *

GitHub Copilot Flaw Enables Training of Malicious AI Models *

Hackers Send 40,000 Phishing Emails Impersonating Leading Tax Firm to Steal Credentials *

Tata Technologies Hit by Ransomware Attack, IT Systems Compromised *

Ransomware Attack Disrupts Operations at New York Blood Donation Center *

Google Prevented 2.36 Million High-Risk Android Apps from Entering Play Store in 2024 *

Backdoor Vulnerability Found in Two Healthcare Patient Monitors, Linked to Chinese IP *

Threat Actors Exploit Public-Facing IIS, Apache, and SQL Servers to Breach Government and Telecom Systems *

New Android Malware Masquerades as Wedding Invitations to Steal WhatsApp Messages *

RCE Vulnerability in AI Platform Allows Hackers to Gain Root Access *

TeamViewer Client Flaw Exposes System to Privilege Escalation *

Akamai SIRT Discovers Aquabotv3 Botnet Exploiting Critical Mitel SIP Phone Vulnerability *

FleshStealer: New Infostealer Targeting Chrome and Mozilla Users *

Researchers Reveal Advancements in SparkRAT Targeting macOS and Government Entities *

DeepSeek Database Publicly Exposes Sensitive Information, Secret Keys, and Logs *

Lynx Ransomware Framework Unveiled: Targeting Windows, Linux, and ESXi Systems *

Lazarus Group Uses React-Based Admin Panel to Orchestrate Global Cyber Attacks *

Hackers Exploit Critical Vulnerabilities to Compromise 3,000 Companies *

Hacker Exploits Vulnerability in Airline Integration Service to Access User Accounts *

PoC Exploit Released for XSS Vulnerability in TP-Link Router Web Interface *

Google Researchers Analyze ScatterBrain Behind POISONPLUG Malware *

New Phishing Scam Impersonates Amazon Prime to Steal Credit Card Details *

PureCrypter Spreads Agent Tesla and TorNet Backdoor in Active Cyberattacks *

Hackers Exploiting Vulnerabilities in SimpleHelp RMM to Infiltrate Networks *

Apple Releases Patch for Actively Exploited Zero-Day Impacting iPhones, Macs, and More *

Hackers Pose as USPS to Deliver Malicious PDF in Mobile Device Attack *

Cybercriminals Use Hidden Text Salting to Bypass Email Filters and Stay Undetected *

New Hacker Group Exploits 7z and UltraVNC to Stealthily Deploy Malware *

Fortinet Authentication Flaw Exploited for Super-Admin Privileges *

Critical Isolation Vulnerability in Intel Trust Domain Extensions Puts Sensitive Data at Risk *

Microsoft Launches Phishing Protection for Teams Chat *

Critical Apache Solr Vulnerability Allows Attackers to Gain Write Access on Windows *

Critical Flaw in IBM Security Directory Exposes Session Cookies to Theft *

DeepSeek Suspends New Registrations Following "Large-Scale" Cyberattack *

Severe Fleet Server Vulnerability Reveals Sensitive Data *

GitHub Vulnerability Exposed User Credentials Through Malicious Repositories *

Critical Vulnerability in Podman and Buildah Enables Container Breakout *

SCAVY Framework: Detecting Memory Corruption and Preventing Privilege Escalation in the Linux Kernel *

Electron-Based Malware Used by Lazarus Group to Target Crypto Enthusiasts *

Meta's Llama AI Framework Exposed to Critical Remote Code Execution Vulnerability *

Exploitation of Windows Charset Conversion Feature Leads to Remote Code Execution *

UnitedHealth Reports 2024 Data Breach Affecting 190 Million Individuals *

Subaru Starlink Vulnerability Exposed Cars to Remote Attacks *

TalkTalk Probes Data Breach Following Hacker Forum Listing *

OSINT Analysis Unveils IntelBroker’s Cybercriminal Operations *

PowerSchool Data Breach Exposes Millions of Student and Educator Records *

Microsoft Entra ID Bug Lets Unprivileged Users Modify Their User Principal Names *

Hackers Pose as Kremlin-Linked Group to Launch Attacks on Russian Organizations *

Over 370 Ivanti Connect Secure Devices Compromised via Zero-Day Vulnerability *

Critical Oracle WebLogic Server Vulnerability Enables Remote Code Execution *

Critical Vulnerability in AdForest Theme Enables Full Site Takeover, Threatening Thousands *

Government and University Websites Hijacked by New JavaScript Injection Attack *

Vulnerability in Android Kiosk Tablets Allows Attackers to Control AC and Lighting Systems *

Tycoon 2FA Phishing Kit Employs Custom Code to Bypass Detection *

Hundreds of Fake Reddit Sites Used to Spread Lumma Stealer Malware *

Malware Delivered to Windows Users Through Fake Microsoft Teams Page on Bing Ads *

Subaru Vulnerability in STARLINK System Allows Hackers to Remotely Control Millions of Cars *

phpMyAdmin Vulnerability Allows Hackers to Execute XSS Attacks via Malicious Tables *

New Ransomware Targets VMware ESXi Hosts Using SSH Tunneling *

GhostGPT Unrestricted ChatGPT Variant for Malware and Exploit Creation *

FBI: North Korean IT Workers Exploit Source Code to Blackmail Employers *

Custom Backdoor Leveraging Magic Packet Vulnerability in Juniper Routers *

SonicWall Vulnerability Enables Arbitrary OS Command Execution in Active Attacks *

Mercedes-Benz MBUX Vulnerabilities Expose User Data and Safety Risks *

0-Click Deanonymization Attack Uncovers Vulnerabilities in Signal and Discord *

Palo Alto Firewalls Exposed to Secure Boot Bypass and Firmware Vulnerabilities *

ICICI Bank Data Breach: BASHE Ransomware Group Allegedly Leaks Customer Data *

Critical Vulnerability in WordPress Plugin Puts Over 23,000 Websites at Risk of Hacking *

New Cookie Sandwich Attack Technique Exposes HttpOnly Cookies to Theft *

Cisco Alerts on Denial-of-Service Vulnerability with Available PoC Exploit *

TRIPLESTRENGTH Targets Cloud Platforms with Cryptojacking and On-Premises Systems with Ransomware *

Conduent Confirms Cybersecurity Incident Responsible for Recent Service Outage *

IPany VPN Compromised in Supply-Chain Attack to Deliver Custom Malware *

Hackers Target 16 Zero-Day Vulnerabilities on Day One of Pwn2Own Automotive 2025 *

Ransomware Groups Pretend to Be IT Support in Microsoft Teams Phishing Attacks *

Major Worldwide Outage Causes Bitbucket Services to Go Completely Down *

Botnet Hijacks 13,000 MikroTik Routers for Malspam and Cyberattacks *

Murdoc Botnet Variant Exploits AVTECH IP Cameras and Huawei Routers *

Fake Google Ads for Homebrew Target Mac Users with Malware *

Fake SBI Reward App Spreading Android Malware *

Brave Browser Flaw Lets Malicious Websites Appear as Trusted Domains *

UK Brit High School Closes for Students Due to Ransomware Attack *

Hackers Exploit MSI Packages and PNG Files for Multi-Stage Malware Delivery *

DoNot Team Linked to Tanzeem Android Malware for Intelligence Gathering *

HPE Investigates Alleged Source Code Theft in Cybersecurity Breach *

Critical Vulnerabilities in QNX Software Development Platform's Image Codecs Expose Systems to Potential Attacks *

Mongoose Vulnerability Exposes Millions of Downloads to Search Injection Attack *

Researchers Use ChatGPT to Identify S3 Bucket Takeover Vulnerability in Red Bull *

Hackers Use Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP *

Windows BitLocker Encryption Bypassed by Researchers Without Physical Disassembly of Laptop *

NBI Data Leak Exposes Sensitive Information of Millions of Filipinos *

Critical HPE Aruba Network Flaws Enable Remote Code Execution *

Star Blizzard Hackers Leverage WhatsApp to Target High-Value Diplomats *

Botnet Abuses Misconfigured DNS Records to Exploit 13,000 MikroTik Devices *

Zoom Patches Multiple Security Vulnerabilities to Prevent Privilege Escalation and Denial-of-Service Risks *

Critical Vulnerability in Windows LPD Service Allows Remote Code Execution *

Multiple Security Flaws Found in PowerDNS Impacting Ubuntu Users *

Critical Authorization Flaw in Moxa EDS-508A Series Ethernet Switches *

North Korean Hackers Exposed in Crowdfunding Scam Operation *

Phishing Campaign Exploiting FlowerStorm PaaS Targets Microsoft Users *

CISA Issues Critical Alert on Aviatrix Controllers Vulnerability *

U.S. Targets Chinese Cybersecurity Company and Actor for Involvement in Treasury Hack *

Critical Security Vulnerabilities Discovered in AWS Clients for Amazon WorkSpaces, AppStream 2.0, and NICE DCV *

Otelier Data Breach Compromises Millions of Hotel Guest Records and Reservations *

Hackers Can Bypass Active Directory Policies to Enable Vulnerable NTLMv1 Authentication *

Advanced Phishing Kit Bypasses 2FA to Compromise Microsoft 365 Accounts *

Critical Vulnerabilities in WGS-804HPT Switches Lead to Remote Code Execution and Network Compromise *

Yubico Patches Authentication Bypass Vulnerability in pam-u2f Package *

Millions of Internet Hosts Exposed to Attacks Due to Tunneling Protocol Vulnerabilities *

Hackers Exploit IIS Worker Using Web Shell for Data Exfiltration *

Critical Flaws in SimpleHelp Remote Access Software Could Expose Systems to Compromise *

Wolf Haldenstein Law Firm Reports 3.5 Million Affected by Data Breach *

W3 Total Cache Vulnerability Exposes 1 Million WordPress Sites to Potential Attacks *

Botnet Uses DNS Record Misconfigurations and Compromised Routers for Malware Distribution *

AIRASHI Botnet Exploits Zero-Day Vulnerabilities for Large-Scale DDoS Attacks *

European Privacy Group Takes Legal Action Against TikTok and AliExpress for Illegal Data Transfers to China *

Nominet Confirms Breach Due to Ivanti Zero-Day *

Russian Threat Group Star Blizzard Exploits WhatsApp Accounts Using QR Code Attacks *

Malware Campaign Targets Thousands of PHP-Based Web Applications *

Hackers Using California Wildfire Sparks to Launch Phishing Attacks *

380,000 Impacted by Data Breach at Stiiizy Cannabis Retailer *

Veeam Azure Backup Vulnerability Exposes Network to Attackers *

Exploitable UEFI Secure Boot Flaw Could Facilitate Malicious Bootkit Installation *

Malvertising Scam Targets Google Ads Users, Stealing Credentials and 2FA Codes *

Hackers Exploit Fortinet Zero-Day to Gain Super-Admin Privileges *

Widespread WP3.XYZ Malware Compromises 5,000 WordPress Sites *

ShadowSyndicate Hackers Introduce RansomHub Ransomware to Their Arsenal *

SAP Patches Critical Flaws in NetWeaver Application Servers *

Hackers Leak VPN Credentials and Configurations of 15,000 FortiGate Devices *

Vulnerability in Linux Rsync File Transfer Tool Allows Attackers to Execute Arbitrary Code *

Critical FortiSwitch Vulnerability (CVE-2023-37936) Requires Immediate Patch *

Critical Windows RD Gateway Vulnerability (CVE-2025-21225) Exposes Systems to Potential DoS Attacks. *

OneBlood Discloses Personal Data Breach from July Ransomware Attack *

Microsoft Patch Tuesday Security advisory- January 2025 *

Critical Flaw in Google’s Sign in with Google Puts Millions of Users at Risk *

Hackers Exploit Zero-Day Vulnerability in Internet-Exposed Fortinet Firewalls *

Microsoft Alerts Microsoft 365 Users to MFA Vulnerability *

ZACROS Corporation Discloses Personal Information Leak Following Ransomware Attack *

IBM Robotic Process Automation Vulnerability Exposes Sensitive Data to Attackers *

Critical Vulnerabilities Discovered in Atheos Web-Based IDE *

Cybercriminals Exploit YouTube to Spread Malware Through Hijacked Channels and Fake Software *

Over 4,000 Backdoors on Compromised Systems Gained Control Through Expired Domains *

Slovakia's Land Registry Suffers Unprecedented Cyber-Attack *

Furry Hacker Compromises Scholastic, Exposing Data of 8 Million Individuals *

LDAPNightmare PoC Exploit Disrupts LSASS and Forces Reboot of Windows Domain Controllers *

Multi-Plugin Malware Framework Deploys Backdoor on Windows Systems *

Phishing Texts Deceive Apple iMessage Users into Disabling Security Features *

Critical Vulnerability Discovered in GiveWP Plugin Affecting 100,000 Websites *

DoJ Charges Three Russians for Running Crypto Mixers Linked to Cybercrime Laundering *

RedDelta Cyber Espionage Group Targets Southeast Asia, Expands Attacks Globally *

AI-Powered Ransomware FunkSec Hits 85 Victims with Double Extortion *

Microsoft Files Lawsuit Against Hacking Group Exploiting Azure AI for Malicious Content Creation *

Juniper Networks Vulnerability Allows Remote Attackers to Execute Network Attack *

Researchers Exploit Vulnerability in Apple’s New USB-C Controller *

NonEuclid RAT Targets .NET Framework 4.8 Systems, Spreads via Phishing and Malicious Scripts *

Proton Global Outage Linked to Kubernetes Migration and Software Update *

Telefónica Confirms Breach of Internal Ticketing System Following Data Leak *

Fraudulent CrowdStrike Job Offers Target Developers to Install Cryptominer *

Samsung Patches Critical Vulnerabilities Allowing Arbitrary Code Execution *

Sophisticated PayPal Phishing Campaign Uses Legitimate Links to Steal Accounts *

Critical Vulnerabilities Found in Fancy Product Designer Plugin for WordPress *

Banshee Stealer's New Variant Bypasses Antivirus with XProtect-Inspired Encryption *

Phony CrowdStrike Job Offers Exploit Developers with Hidden Crypto Miners *

Major U.S. Addiction Treatment Provider Alerts Patients to Data Breach *

Critical Vulnerabilities Addressed in SonicWall, Palo Alto Expedition, and Aviatrix Controllers *

Green Bay Packers Store Breach Exposes Thousands of Credit Card Details *

Mirai Botnet Variant Targets Routers Using Zero-Day Vulnerabilities *

Ivanti Alerts of New Connect Secure Vulnerability Exploited in Zero-Day Attacks *

Critical RCE Vulnerability in GFI KerioControl Exposes Systems to Remote Code Execution via CRLF Injection *

Palo Alto Networks Expedition Tool Vulnerability Exposes Cleartext Passwords to Attackers *

GitLab Fixes Multiple Vulnerabilities Including Resource Exhaustion and User Manipulation *

Gravy Analytics Targeted in Cyberattack, Sensitive Data Allegedly Stolen *

Critical BIOS UEFI Vulnerabilities in Illumina iSeq 100 Expose Device to Remote Attacks *

Washington State Sues T-Mobile Over Massive Data Breach *

Chrome Update Addresses Multiple Security Vulnerabilities *

New WordPress Plugin Exploits Legitimate Sites to Steal Customer Payment Data *

CISA: Oracle WebLogic Vulnerability Actively Exploited in Cyberattacks *

Casio confirms that the personal data of 8,500 individuals was compromised in a ransomware attack in October *

PowerSchool Breach Exposes Student and Teacher Data from K-12 Districts *

New EAGERBEE Variant Exploits ISPs and Governments with Sophisticated Backdoor Techniques *

Critical RCE Vulnerabilities Addressed in Latest Android Security Update *

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Compromise *

Critical OpenVPN Connect Vulnerability (CVE-2024-8474) Exposes Private Keys: Update Now to Stay Protected *

Chinese Hackers Targeted Charter and Windstream Networks as Well *

Stealthy Steganography-Based Backdoor Attacks Target Android Applications *

CISA Confirms Recent Government Hack Is Limited to U.S. Treasury Department *

Malicious npm Packages Exfiltrating Developers' Sensitive Data *

Critical CVE-2024-40766 Vulnerability Puts Global SonicWall NSA Devices at Risk *

MediaTek Patches Critical Remote Code Execution Vulnerability *

New SwaetRAT Malware Delivered Through Weaponized Python Scripts *

Fake EditThisCookie Extension Found Stealing User Data *

Bad Likert Judge: A New Technique for Jailbreaking AI by Exploiting LLM Vulnerabilities *

Stealthy Steganographic Backdoor Attacks on Android Applications *

Moxa Urges Immediate Security Measures for CVE-2024-9138 and CVE-2024-9140 Vulnerabilities *

Weekly Threat: Users Targeted by Sophisticated Phishing Links *

North Korean Hackers Drain Cryptocurrency Wallets Through Phony Job Interviews *

PoC Released for Windows Registry Privilege Escalation Vulnerability *

Windows 10 Users Advised to Upgrade to Avoid Serious Security Risks *

Hikvision Camera Driver Vulnerability: CVE-2024-12569 - Critical Security Update for Milestone XProtect® Users *

Vulnerabilities in Trend Micro Apex One Allow Privilege Escalation *

Next.js Addresses Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions *

Tenable Advises Manual Upgrade to Fix Offline Nessus Agents Caused by Faulty Plugin Update *

Critical Vulnerability in UpdraftPlus Plugin Puts Millions of WordPress Sites at Risk *

FireScam Android Malware Disguises as RuStore App to Steal User Data *

Nuclei Vulnerability Allows Malicious Templates to Bypass Signature Verification *

LegionLoader Exploits Chrome Extensions to Deploy Infostealer Malware *

Thomas Cook Struck by Cyber Attack, Disrupting IT Systems *

Nikki-Universal Cyber Attack - 761.8 GB of Data Stolen *

Veritas Vulnerability Allows Attackers to Execute Arbitrary SQL Commands *

Vulnerability in Karmada Allows Attackers to Take Control of Kubernetes Systems *

India's VPN Crackdown: Popular Apps Removed from App Stores *

French Contractor Atos Refutes Allegations of Space Bears Ransomware Attack *

Siri Privacy Lawsuit Ends with $95M Settlement from Apple *

SysBumps: A New Kernel Break Attack Bypassing macOS Security *

New York Hospital Reports Data Breach Affecting 670,000 Due to Ransomware Attack *

Massive DDoS Attack Disrupts NTT Docomo Services Across Multiple Sectors *

ASUS Routers Exposed to Security Risks with CVE-2024-12912 and CVE-2024-13062 *

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Servers *

iTerm2 Patches Critical Vulnerability Exposing User Input and Output Data *

Researchers Discover Phishing-as-a-Service Domains Linked to Tycoon 2FA *

Critical Security Vulnerabilities Fixed in Microsoft Dynamics 365 and Power Apps Web API *

Three Russian German Nationals Indicted for Espionage on Behalf of Russian Intelligence *

Malicious NPM Package Posing as Ethereum Tool Drops Quasar RAT *

Critical Vulnerability in Angular Expressions (CVE-2024-54152): Code Injection Risk and Full System Access *

New PLAYFULGHOST Malware: Hacking Devices to Remotely Capture Audio Recordings *

EC2 Grouper Hackers Leverage AWS Tools to Exploit Stolen Credentials *

Cyberattack on State Health Benefits Website Exposes Rhode Islanders Data *

Iranian and Russian Entities Sanctioned for Election Interference via AI and Cyber Operations *

DoubleClickjacking Exploit Circumvents Clickjacking Defenses on Leading Websites *

Security Flaw in DrayTek Devices Enables Remote Execution of Arbitrary Commands *

Ukrainian Military Targeted by Stealthy Malware Leveraging SSH Over TOR *

Microsoft Issues Critical Alert for Developers to Update .NET Installer Links *

Critical Vulnerability in TrueNAS CORE Enables Remote Code Execution *

Major Healthcare Breaches Drive Overhaul of U.S. Cybersecurity Regulations *

Alleged 7-Zip Zero-Day Exploit Leaked Online Through Social Media Platform 'X' *

SquareX Researchers Reveal OAuth Vulnerability in Chrome Extensions, Days Before Major Breach *

NFS Protocol Security Bypassed to Access Remote Server Files *

Hackers Exploit Websites to Deliver Malware via Weaponized LZH File Using LNK File *

7-Zip Zero-Day Exploit: Alleged Vulnerability Sparks Cybersecurity Concerns *

Global Cyber Alliance Successfully Dismantles PlugX Worm *

Postman Security Flaw Exposes 30,000 Workspaces, Leaking API Keys and More *

Security Flaw in GStreamer Exposes Linux Systems to Potential Exploits *

Critical Vulnerability in Tabby Terminal Puts macOS User Privacy and Security at Risk *

PoC Exploit Released for Linux Kernel Vulnerability CVE-2023-4147 Allowing Privilege Escalation *

Proof of Concept Exploit Released for Oracle WebLogic Server Vulnerability *

AT&T and Verizon Hacked by Salt Typhoon, Targeting High-Profile Networks *

Four-Faith Industrial Router Vulnerability Exploited for Remote Access in the Wild *

APT29 Espionage Campaign: Russian Hackers Exploit Red Team Tools for Stealthy Data Theft *

Rspack Supply Chain Attack Injects Cryptojacking Malware into NPM Ecosystem *

Cloud Atlas Uses VBCloud Backdoor in New Cyber Espionage Campaign *

Webmin Security Flaw Exposes Servers to Command Injection Attacks *

Hackers Compromise ZAGG Customer Credit Card Data in Third-Party Breach *

NGate Trojan Exploits NFC to Loot Bank Accounts via ATMs *

Nebraska Attorney General Sues Change Healthcare and UnitedHealth Over Data Theft in Ransomware Attack *

Volkswagen Data Breach Exposes Personal Information of 800,000 Electric Car Owners *

Ransomware Attack on Ascension Health Exposes Data of Nearly 6 Million People *

Pittsburgh Regional Transit Links Recent Service Disruptions to Ransomware Attack *

FBI Accuses North Korean Hackers of Stealing $308 Million in Cryptocurrency *

General Dynamics Confirms Phishing Attack on Employees *

Critical SSRF Vulnerability Discovered in Invoice Ninja *

Fake Zoom Links Exploit Cryptocurrency Investors in Million-Dollar Heist *

White House Attributes Ninth Telecom Breach to Chinese Cyber Espionage *

FICORA and Kaiten Botnets Exploit Legacy D-Link Vulnerabilities in Global Cyberattacks *

Japan Airlines Cyberattack Disrupts Flights During Year-End Holiday Rush *

Palo Alto Networks Addresses PAN-OS DoS Vulnerability with Urgent Patch *

Cyberhaven Chrome Extension Breached in Sophisticated Cyberattack *

Flaws in Ruijie Networks Cloud Platform Could Have Exposed 50,000 Devices to Remote Attacks *

Brazilian Hacker Threatened to Sell Stolen Data for $3.2M in Bitcoin After Breaching 300,000 Accounts *

New OtterCookie Malware Exploits Fake Job Offers to Backdoor Developers *

Data Breach at American Addiction Centers Exposes Information of 422,000 Individuals *

Dark Web Scheme Exploits KYC Data to Bypass Identity Verification Systems *

Araneida Scanner: Hackers Exploiting Cracked Version of Acunetix Vulnerability Scanner *

Severe Apache MINA Vulnerability Enables Remote Code Execution *

CISA Warns of Active Exploitation of Acclaim USAHERDS Vulnerability CVE-2021-44207 *

libxml2 Exposed to Critical XXE Attack Risk *

Iran's Charming Kitten Unveils BellaCPP, a New C++ Variant of BellaCiao Malware *

Urgent Security Patch for Critical SQL Injection Vulnerability in Apache Traffic Control *

Massive Biometric Data Harvesting Operation Exposed *

U.S. Allegedly Conducts Cyber Attacks on Chinese Tech Firms *

Critical Authentication Flaw in Apache HugeGraph-Server Enables Unauthorized Access *

IBM AIX TCP/IP Flaw Enables Denial of Service Attacks by Exploiting Vulnerability *

Indonesia Government Data Leak Hackers Dump 82 GB of Confidential Information Online *

PyPI Packages Exploiting Keystrokes and Hijacking Social Media Accounts Uncovered by Researchers *

European Space Agency's Official Store Hacked to Steal Payment Card Information *

WikiKit Phishing Kit Targets Key Industries Using Evasive Tactics *

CrushFTP Vulnerability Puts Users at Risk of Account Takeover *

ColdFusion Critical Flaw Exposed with PoC Exploit, Adobe Issues Advisory *

Lazarus Group Deploys New VNC-Based Malware in Global Attacks on Organizations *

Premium WPLMS WordPress Plugins Fix Seven Critical Vulnerabilities *

Skuld Malware Exploits Weaponized Windows Utility Packages for Deployment *

Ransomware Attack on Three California Hospitals Exposes 17 Million Patient Records *

Critical Remote Code Execution Vulnerability Discovered in Craft CMS with PoC Released *

Apache Tomcat Security Update Addresses Critical RCE Vulnerability *

Hail Cock Botnet Exploits Vulnerability in DigiEver DVRs *

CISA Urges U.S. Mobile Users to Adopt Encrypted Messaging After Salt Typhoon Hack *

US Charges Alleged LockBit Coder with 41 Counts of Cybercrime *

North Korean Hackers Steal $1.3 Billion in Cryptocurrency This Year *

WhatsApp Secures Legal Victory Against NSO Group in Pegasus Spyware Case *

LockBit Developer Rostislav Panev Charged with Causing Billions in Global Ransomware Damage *

Juniper Alerts on Mirai Botnet Targeting Vulnerable Session Smart Routers *

Windows 11 Alert Privilege Escalation Vulnerability Exposes Users to Attack *

Critical Vulnerabilities in Foxit PDF Editor Enable Remote Code Execution *

Fortinet Releases Critical Patch for FortiWLM Vulnerability *

TA397 Utilizes Advanced Spearphishing Methods to Deliver Malware in the Defense Sector *

Critical Vulnerability in Siemens UMC Allows for Remote Code *

Diicot Threat Group Launches Advanced Malware Campaign Targeting Linux Systems *

Critical Vulnerabilities Discovered in Rockwell Automation PowerMonitor 1000 Devices *

Advanced Phishing Campaign Targets Users with Tax Lures and MSC File Backdoor *

Hackers Publish Malicious Packages on NPM Using Stolen Tokens *

Sophos Reveals Critical Remote Code Execution Vulnerability in Firewall *

Hackers Leverage LNK Files to Create Scheduled Tasks and Deploy Malware Payloads *

Malicious Supply Chain Attack Shifts From npm Community to VSCode Marketplace *

Stay Alert for Malicious SharePoint Notifications Delivering XLoader Malware *

BadBox Malware Botnet Infects 192,000 Android Devices Despite Interruption Efforts *

Android malware disguised as a health app discovered on Amazon Appstore *

Microsoft 365 Users Experience Unexpected Product Deactivation Issues *

Iranian Hackers Targeting Global ICS Infrastructure with Massive Cyberattack *

Authentication Bypass Vulnerability Discovered in Next.js Framework *

VIPKeyLogger Unleashed Office Docs Turned into Credential-Stealing Malware *

Russian Hackers Use RDP Proxies for Data Theft in Man-in-the-Middle Attacks *

Severe Apache Struts Vulnerability Discovered with Exploitation Attempts Ongoing *

Raccoon Stealer Operator Sentenced to 5 Years in Prison After Guilty Plea *

HubPhish Exploits HubSpot Tools to Steal Credentials from 20,000 European Users *

Active Phishing Campaign Exploits Google Calendar to Evade Spam Filters *

Exploring the Advanced Techniques and Capabilities of Nova: A Fork of Snake Keylogger *

Critical Vulnerabilities in SHARP Routers: Urgent Firmware Updates Required to Mitigate Security Risks *

Critical Vulnerability in MinIO Allows Unauthorized Users to Gain Full Admin Access *

Apache Tomcat Fixes RCE and DoS Security Issues *

CISA Highlights Active Exploits Targeting Adobe ColdFusion and Windows Vulnerabilities *

Cyber Criminals Use Windows Management Console to Deliver Backdoor Payloads *

Exploitable CyberPanel Flaw Exposes Servers to Total Compromise, PoC Released *

Data Exposure Incident in Cisco DevHub Environment *

'Bitter' Cyberspies Launch Attacks on Defense Organizations Using MiyaRAT Malware *

Hackers Target Hackers: MUT-1244 Steals Credentials Through GitHub Attack *

Fake Ledger Data Breach Emails Aim to Steal Crypto Wallets *

SADBRIDGE Loader Deploys GOSAR Backdoor in Cyber Attacks *

Microsoft Teams Voice Phishing Enables DarkGate Malware Deployment *

Severe XXE Vulnerability(CVE-2024-55875) Discovered in http4k Framework *

ConnectOnCall Data Breach Exposes Personal and Medical Information of Over 900,000 Individuals *

Exploitation of Undocumented DrayTek Vulnerabilities Affects Hundreds of Firms *

Security Flaw in Laravel Pulse Allows Remote Code Execution *

Severe Vulnerability in Windows LDAP Service Poses Remote Takeover Risk *

DeceptionAds Generates Over 1M Daily Impressions Through 3,000 Websites and Fake CAPTCHA Pages *

Amnesty International Links Cellebrite to Android Zero-Day Exploits in Spyware Campaigns *

FBI Detects HiatusRAT Malware Attacks Targeting Web Cameras and DVRs *

Data Breach at Texas Tech University System Compromises Data of 1.4 Million Patients *

Dubai Police Draws Attention Amid Growing Mobile Attacks in the UAE *

Tic TAC Alert Remote Code Execution Flaw in Medical Imaging Systems *

Digital Prison: Serbian Authorities' Use of Spyware and Forensic Tools to Target Journalists and Activists *

Critical GLPI Vulnerabilities Discovered, Putting User Accounts at Risk *

Critical Vulnerabilities Found in Mullvad VPN App During Penetration Test *

Spring Framework Path Traversal Vulnerability Exploited with PoC Release *

Hackers Target YouTube Creators with Fake Collaboration Offers *

Flaw in Golang Crypto Library Exposes Systems to Authorization Bypass *

Thai Officials Targeted in Yokai Backdoor Campaign via DLL Side-Loading *

Winnti Hackers Use New Glutton PHP Backdoor to Target Rival Threat Actors *

Clop Ransomware Takes Responsibility for Cleo Data Breach Attacks *

RepoJacking Vulnerability Exposes Over 300,000 Prometheus Servers to DoS Attacks *

New Android Banking Trojan Aims at Indian Users via Fake Apps *

Over 240,000 Affected in Cyberattack on SRP Federal Credit Union *

Curl Vulnerability Risks User Credentials in Redirect Scenarios *

Germany Takes Down BADBOX Malware Network on 30,000 Devices Using Sinkhole Operation *

Medusa Claims to Have Stolen 852.4GB of Data from Ainsworth Game Technology *

Citrix Warns of Global Password Spraying Attacks on NetScaler Appliances *

Abusing Microsoft’s UI Automation Framework: A New Evasion Technique for Bypassing EDR *

Careto APT Resurfaces A Decade-Old Threat with Increased Sophistication *

LKQ Reports CyberAttack Disrupted Canadian Operations *

Big Flaw in Ruijie Reyee Cloud Management Platform *

Microsoft Addresses Security Flaws in Windows Defender and Update Catalog *

Security Risks in Woffice WordPress Theme Prompt Immediate Updates *

GitHub Repository Hosting PoC Exploits Compromises 390,000+ WordPress Accounts *

Southeast Asia's High-Profile Organizations Targeted in Cyberattacks *

Apache Superset Security Alert CVE-2024-55633 Vulnerability Exposes Sensitive Data *

Citrix NetScaler Devices Targeted by Brute-Force Attacks Exploiting Zero-Day Vulnerabilities *

AntiDot Malware Infecting Android Devices to Deliver Malicious Payloads to Employees *

Center for Vein Restoration Notifies Over 446,000 Individuals of Data Breach *

New Zealand Telecom Provider Compass Communications Confirms Ransomware Attack *

CERT\CC Issues Advisory on PDQ Deploy Vulnerability Exposing Admin Credentials *

Over 300K Exposed Prometheus Instances Leaking Credentials and API Keys Online *

Dell Warns of High-Risk Security Flaws in Key Enterprise Solutions *

Gamaredon Targets Former Soviet States with Android Spyware BoneSpy and PlainGnome *

Researchers Discover Symlink Exploit Enabling TCC Bypass in iOS and macOS *

Chinese Hackers Behind Triad Nexus Using 200,000 Domains in Extensive Cyberattack *

New IOCONTROL Malware Targets Critical Infrastructure in Cyberattacks *

New Pumakit Linux Rootkit Malware Discovered Using Stealth Techniques *

Splunk Vulnerability Exposes Systems to Remote Code Execution *

Cyberattack Halts Krispy Kreme’s Doughnut Delivery System *

Critical Apache Struts Flaw Enables Remote Code Execution *

ChatGPT Faces Global Outage, Service Restored After Several Hours *

Global Meta Outage Disrupts Access to Instagram, Facebook, WhatsApp, and Threads *

Two Australian Companies Reportedly Targeted by Funksec Ransomware Gang *

Hackers Exploit Weaponized LNK Files for Delivering Malicious Payloads *

ZLoader Malware Resurfaces, Using DNS Tunneling to Conceal C2 Communications *

Blizzard Group Deploys Kazuar Backdoor in Ukraine via Amadey Malware-as-a-Service *

New Malware Technique Exploits Windows UI Framework to Bypass EDR Tools *

US Charges Chinese Hackers for Exploiting Thousands of Firewalls *

Vulnerabilities in Hunk Companion WordPress Plugin Exploited to Install Malicious Plugins *

Researchers Uncover New EagleMsgSpy Android Spyware Allegedly Used by Chinese Authorities *

Siemens Healthineers Fixes Major Flaw in Medical Imaging Software *

Apache Superset Addresses Multiple Security Flaws in Latest Update *

Hackers Exploit HTML Functions to Evade Email Security Filters *

Cisco Talos Exposes Unpatched Vulnerabilities in Industrial Routers and BGP Tool *

Schneider Electric Alerts Users to Critical Vulnerability in Modicon Controllers *

Critical Apple Flaw Exposed User Data on macOS and iOS *

Adobe Addresses Over 160 Vulnerabilities Across 16 Products *

Scottish Parliament TV Vulnerable to Deepfake Threats *

RedLine Malware Exploits Pirated Corporate Software to Steal Login Credentials *

Visual Studio Tunnels Exploited for Stealthy Remote Access *

Phishing Scam Uses Fake Job Offers to Distribute Banking Trojan via Malicious Apps *

Ivanti Releases Critical Security Patches for CSA and Connect Secure Vulnerabilities *

Threat Actors Leverage AI to Launch Advanced Social Engineering Attacks *

Google Unveils Vanir, an Open-Source Tool for Security Patch Validation *

Ransomware Attack Targets U.S. Subsidiary of Japanese Water Treatment Firm *

Phishing Attack Targets Ukrainian Defense Industry *

Microsoft Patch Tuesday Security advisory- December 2024 *

Critical Vulnerability in CPython Exposes asyncio Applications to Memory Exhaustion Risks *

Critical Vulnerability in WPForms Plugin Affects 6 Million WordPress Sites *

Urgent SAP Patch Released for NetWeaver AS for JAVA Vulnerability *

Deep Seek AI Chatbot Vulnerability Allows Account Takeover via Prompt Injection *

Black Basta Ransomware Adopts New Tactics: Email Bombing, QR Codes, and Social Engineering *

A Ransomware Attack Hits Romanian Energy Giant Electrica *

Indusface Reports a 3000 Percent Increase in API Attacks, Analyzing 1.26 Billion Cyberattacks in Q3 2024 *

Cyberattacks on Indian Government Entities Rise by 138 Percent Between 2019 and 2023 *

Active Exploitation of Critical Vulnerability in Cleo Software Detected *

OpenWrt Sysupgrade Vulnerability Enabled Hackers to Distribute Malicious Firmware *

Ransomware Attack Targets Major Heart Surgery Device Manufacturer *

Transaction-Relay Jamming Vulnerability Puts Bitcoin Lightning Network at Risk *

Supply Chain Attack Targets Ultralytics AI Library, Impacting 60 Million Downloads *

ABB ASPECT Vulnerabilities Leave Buildings Open to Cyberattacks *

Google's December 2024 Update Resolves Critical RCE Vulnerabilities in Pixel Devices *

QNAP Responds to Critical Vulnerabilities in License Center and Operating Systems *

Mauri Ransomware Leverages Apache ActiveMQ Vulnerability for Attacks *

Qlik Sense Faces Critical Vulnerabilities Impacting User Security *

Deloitte Denies Breach, Confirms Only One System Was Impacted *

Malicious C2 Communication Bypasses Browser Isolation Through QR Codes *

Solana Library Supply Chain Attack Puts Cryptocurrency Wallets at Risk *

DaMAgeCard Attack: New SD Card Exploit Enables Direct Access to System Memory by Hackers *

Spyware Campaign Targets Chinese Minority Groups Through WeChat *

CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Flaw Endangers 30,000 Websites *

Django Releases Security Patches for CVE-2024-53907 and CVE-2024-53908 to Address DoS and SQL Injection Vulnerabilities *

Ransomware Incident Impacts 300,000 Patients at Anna Jaques Hospital *

Chemonics International Discloses Data Breach Affecting Over 260,000 Individuals *

Critical AsyncHttpClient Vulnerability CVE-2024-53990 Threatens Java Applications *

Atrium Health Suffers Massive Data Breach, 585,000 Records Exposed *

Critical Security Flaw Identified in SailPoint IdentityIQ *

SonicWall SMA 100 Exposes Multiple Vulnerabilities That Could Enable Remote Code Execution *

Critical Security Flaw in Sweet Date WordPress Theme Exposed Thousands of Sites Vulnerability *

Major Zero-Day Vulnerability in Windows Compromises User Credentials *

Crypto-Stealing Malware Disguised as Meeting App Targets Web3 Professionals *

Russian Hackers Leverage Competitors' Infrastructure for Espionage *

Researchers Discover Vulnerabilities in Widely Used Open-Source Machine Learning Frameworks *

Cloudflare Exploited Hackers Hide GammaDrop Malware with Tunnels and Fast-Flux DNS *

Critical Vulnerability in Thinkware Cloud APK Version 4.3.46 *

Mitel MiCollab Zero-Day Vulnerability Receives Proof-of-Concept Exploit *

CISA Issues Alert on Exploited Vulnerabilities in Zyxel Firewalls, CyberPanel, North Grid, and ProjectSend *

ChatGPT Next Web Vulnerability Allowed Attackers to Exploit Endpoint for SSRF *

Android Spyware Uncovered on Device Seized by Russian FSB *

U.S. Organization Targeted in Four-Month Intrusion by Chinese Hackers *

Romania's Election Systems Hit by Over 85,000 Cyberattacks *

MirrorFace Campaign Targets Japan Using ANEL and NOOPDOOR Backdoors *

Hackers Target Docker Remote API Servers to Deploy Gafgyt Malware *

Cloudflare Developer Platforms Exploited in Cyber Attacks *

UK Disrupts Russian Money Laundering Networks Linked to Ransomware *

Ransomware Causes $17bn in Downtime for Manufacturing Sector *

Deloitte UK Falls Victim to Massive Hack 1 TB of Data Stolen *

White House: Salt Typhoon Targeted Telecoms in Dozens of Countries *

Cisco NX-OS Flaw Enables Bypass of Image Signature Verification *

BT Unit Shuts Down Servers After Black Basta Ransomware Breach *

760,000 Employee Records from Leading Companies Leaked Online *

Marin Housing Authority Cyberattack: $950,000 Stolen from City Housing Project *

MobSF XSS Flaw Allows Attackers to Inject Malicious Scripts *

Critical Vulnerability Found in I-O DATA Routers *

Zyxel Releases Firmware Updates to Secure Your Network *

Google Chrome Updates to Address High-Risk Vulnerability in V8 JavaScript Engine *

Ransomware Attack Disrupts Operations of Energy Sector Contractor ENGlobal *

Hackers Clone Websites and Exploit RCE Vulnerabilities to Target Shopping Platforms *

Veeam Issues Warning About Critical RCE Vulnerability in Service Provider Console *

Critical Remote Code Execution Vulnerability in Progress Whats Up Gold *

Threat Actors Increasingly Exploit Cloudflare’s Developer Domains *

Stoli Vodka Maker Files for Bankruptcy in the US Following Ransomware Attack *

Severe Security Flaw Discovered in Zabbix Network Monitoring Tool *

TP-Link HomeShield Vulnerability Allows Attackers to Inject Malicious Commands *

Cisco Confirms Ongoing Exploitation of 10-Year-Old WebVPN Vulnerability in ASA Software *

Critical Vulnerabilities in mySCADA myPRO Software Threaten Industrial Control Systems Security *

Over 600,000 Background Checks were Exposed in a Publicly Accessible Database *

ProFTPD Vulnerability Allows Attackers to Gain Root Access *

Major Cyberattacks Hit UK Hospitals, Disrupting Patient Care *

Horns&Hooves Campaign Deploys RATs Using Fake Emails and JavaScript Payloads *

Azerbaijan's Digital Influence Campaign Targeting France's Overseas Territories and Corsica *

SmokeLoader Malware Strikes Taiwan’s Manufacturing and IT Industries *

HPE IceWall Vulnerability Enables Unauthorized Data Modification *

CleverSoar Malware Targets Windows Users, Evades Security Mechanisms *

Security Alert: Bootkitty Bootkit Exploits UEFI Vulnerability (CVE-2023-40238) to Target Linux Systems *

CVE-2024-11980 (CVSS 10): Critical Vulnerability Discovered in Billion Electric Routers *

MediaTek Resolves Critical Vulnerability in Smartphone Chipsets (CVE-2024-20125) *

Bologna FC Faces Major Data Breach Following Ransomware Attack *

Operation Code on Toast TA-RedAnt Targets Internet Explorer with Zero-Day Exploit *

Trellix Patches Critical Vulnerabilities in Enterprise Security Manager *

New Phishing Campaign Exploits Corrupted Word Documents to Bypass Security *

Critical Vulnerabilities Discovered in Linux Tuned Daemon *

AI-Driven Fake News Targets Western Support for Ukraine and U.S. Elections *

SpyLoan Malware Infects 8 Million Android Devices via Google Play *

Industrial Networks at Risk Due to Over-the-Air Vulnerabilities in Advantech EKI Access Points *

Critical Security Flaw in Widget Options Plugin Affects 100,000+ Websites *

Hackers Can Stealthily Access ThinkPad Webcams by Disabling LED Indicators *

T-Mobile Reveals New Details About China-Linked Cyberattack *

Over 600,000 Sensitive Records Exposed by Background Check Service Provider *

Bologna FC Hit by RansomHub Ransomware and Confirms a Data Breach *

Cyberattack on UK Hospital Disrupts Operations, Interruptions Expected to Continue *

Critical Flaw in Apache Arrow R Package Enables Arbitrary Code Execution *

New Rockstar 2FA Phishing Service Aims at Microsoft 365 Accounts *

Critical Security Flaws in Contiki-NG IoT OS *

HPE Insight Remote Support Hit with Severe Vulnerabilities *

Researchers Discover 20 Vulnerabilities in Advantech Wi-Fi Access Point *

Critical Zyxel Firewall Vulnerability Under Active Exploitation *

New Skimmer Malware Harvests Credit Card Data from Online Checkout Pages *

XML-RPC npm Library Compromised: Data Theft and Crypto Mining Detected *

Malicious PyPI Package Targets Crypto Wallets with Infostealing Code *

Researchers Uncover Advanced Data Exfiltration Techniques Used by Ransomware Groups *

TIBCO Hawk Under Attack Mitigate Critical Security Risks (CVE-2024-10217 & CVE-2024-10218) *

Microsoft Fixes Exploited Vulnerability in Partner Network Website *

ProjectSend Vulnerability Actively Exploited in the Wild *

Zabbix Releases Patch for Critical Remote Code Execution Vulnerability *

Cybercriminals Exploit Popular Godot Game Engine to Infect Thousands of Computers *

APT-C-60 Leverages Trusted Platforms to Launch Attacks on Japan *

Lazarus Group Exploits macOS Extended Attributes to Bypass Detection *

Bootkitty: Researchers Uncover the First UEFI Bootkit Targeting Linux Kernels *

IBM Fixes RCE Vulnerabilities in Data Virtualization Manager and Security SOAR *

VMware Addresses High-Severity Vulnerabilities in Aria Operations with New Patches *

Critical GitLab Vulnerability Allows Attackers to Escalate Privileges *

NVIDIA UFM Vulnerability Exposes Systems to Privilege Escalation and Data Tampering *

New DDoS Campaign Targets IoT Devices and Server Misconfigurations *

Critical Flaws in WordPress Anti-Spam Plugin Put Over 200,000 Sites at Risk of Remote Attacks *

Chinese Hackers Exploit GHOSTSPIDER Malware to Target Telecoms in Over 12 Countries *

Keycloak Releases Critical Security Updates to Fix Multiple Vulnerabilities *

Palo Alto Networks Alerts to GlobalProtect App Vulnerability with Public Exploit Code (CVE-2024-5921) *

Starbucks and Grocery Stores Targeted in Blue Yonder Ransomware Attack *

RomCom Leverages Zero-Day Firefox and Windows Vulnerabilities in Advanced Cyberattacks *

SpyLoan Apps Exploit Social Engineering to Steal User Data *

Bingcom XSS Vulnerability Exposed: Attackers Could Send Malicious Crafted Requests *

The Face of Deception Phishing Scams Using Government IDs and Facial Recognition *

Hidden Risk in the Fortune 1000: 30,000 Exposed APIs and 100,000 Vulnerabilities Discovered *

Microsoft 365 Outage Disrupts Exchange, Teams, and SharePoint Services *

Massive Credit Card Database of 1,221,551 Records Leaked on Dark Web *

7-Zip Flaw Exposes Systems to Remote Code Execution *

Team Software Breach: Hackers Gain Unauthorized Access to Network Infrastructure *

New Phishing Scheme Exploits Google Docs and Weebly *

North Korean Hackers Exploit AI-Driven Scams and Malware on LinkedIn to Steal $10M *

Nearest Neighbor Attacks: Russian APT Infiltrates Targets via Exploited Nearby Wi-Fi Networks *

Critical Veritas Enterprise Vault Vulnerability Enables Remote Code Execution *

Malicious Python Crypto Library Update Steals Private Keys Through Telegram *

Critical Vulnerability in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover *

Yakuza Victim Data Exposed in Cyberattack on Japanese Agency *

Hackers Exploit Avast Anti-Rootkit Driver to Bypass Security Defenses *

Google Uncovers GLASSBRIDGE Pro-China Influence Network Using Fake News Sites *

Multiple Vulnerabilities in D-Link End-of-Life Routers Allow Remote Code Execution *

Faux ChatGPT and Claude API Packages Deliver JarkaStealer Malware *

NodeStealer Malware The Latest Cyber Threat to Facebook Advertisers and Credit Card Holders *

APT-K-47 Leverages Hajj-Themed Lures to Deploy Advanced Asyncshell Malware *

Wowza Streaming Engine Flaws Expose Thousands of Servers to Security Risks *

Cyberattack Takes Down Systems of Gambling Giant IGT *

WinZip Vulnerability Allows Execution of Malicious Code *

Meta Removes 2 Million Accounts Tied to Pig Butchering Scams *

US Firm Breached by Hackers via Russian Wi-Fi in Nearest Neighbor Attack *

Citrix Session Recording Vulnerabilities Being Actively Exploited by Threat Actors *

Russian Cyber Spies Unleash HatVibe and CherrySpy Malware *

Over 2,000 Palo Alto Firewalls Compromised by Newly Discovered Vulnerabilities *

Pro-Trans Rights Hackers Breach Andrew Tate’s The RealWorld Website *

Sensitive Data Leaked Through Apache NiFi Debug Logs *

Snow Brand Australia Confirms Ransomware Attack by SafePay *

New Zealand Importer Triton Sourcing & Distribution Confirms Ransomware Attack *

M-Files Releases Fixes for File Inclusion and Authentication Bypass Vulnerabilities *

Vietnam Cracks Down on Infostealers: VietCredCare and DuckTail Uncovered *

Chinese Hackers Deploy WolfsBane Malware to Target Linux Systems *

Researchers Unveil FrostyGoop Malware Targeting ICS Devices *

AnyDesk Security Flaw CVE-2024-52940 Allows IP Address Exposure - Patch Immediately *

Versa Director Under Attack Critical CVE-2024-42450 Vulnerability Exposes Networks to Risk *

Volt Typhoon Targeting U.S. Critical Infrastructure to Establish Persistent Access *

Fintech Leader Finastra Probes Data Breach Following SFTP Hack *

Hackers Exploit Misconfigured Servers to Hijack Live Sports Streaming *

Cyberattack on French Hospital Compromises Health Data of 750,000 Patients *

Decades-Old Vulnerabilities Identified in Ubuntu's Needrestart Tool *

Unsecured Jupyter Notebooks Hijacked by Hackers for Illegal Sports Streams *

Oracle Agile PLM Zero-Day Exploited in Attacks *

Apple Issues Critical Security Patches for Exploited Vulnerabilities in macOS and iOS *

Ngioweb Botnet Exploits IoT Devices to Power NSOCKS Residential Proxy Network *

CISA Flags Progress Kemp LoadMaster Vulnerability as Actively Exploited in Attacks *

Chinese Hackers Target T-Mobile and U.S. Telecoms in Expanded Espionage Campaign *

Palo Alto Networks Patches Exploited Zero-Day Vulnerabilities in Operation Lunar Peek *

Helldown Ransomware Variant Now Targeting VMware and Linux Platforms *

Ford Investigates Possible Data Breach After Hackers Claim to Have Stolen Information *

Apache Kafka Vulnerability Exposes Systems to Privilege Escalation Attacks *

Swiss Cyber Agency Issues Warning on QR Code Malware in Email Scams *

US Space Tech Leader Maxar Reveals Employee Data Breach *

AnnieMac Home Mortgage Reports Data Breach Impacting Over 171,000 Individuals *

Cybercriminals Use SEO Poisoning Attack to Redirect Shoppers to Fake Online Stores *

SQL Injection Vulnerability Exposed in Zoho Corp's ManageEngine ADAudit Plus *

Ransomware Attack Hits Oklahoma Medical Center, Affecting 133,000 *

Sitting Ducks DNS Attacks Expose Global Domains to Threats *

Phishing Attacks Surge with SVG Attachments to Bypass Detection *

Critical Flaw in WordPress Security Plugin Grants Admin Access *

SilkSpecter Targets Black Friday Shoppers with Sophisticated Phishing Campaign *

OpenBSD Double-Free Vulnerability Enables Exploitation of NFS Client and Server *

Tibetan Community Under Siege TAG-112's Waterholing Attack Exposed *

Icinga 2 Vulnerability Enables Impersonation and Remote Code Execution *

Researchers Expose Two-Step Phishing Attack Using Microsoft Visio Files *

Apache Airflow Flaw Puts Sensitive Configuration Data at Risk *

WP Time Capsule Plugin Flaw Puts Over 20,000 Websites at Risk of Takeover *

T-Mobile Confirms Breach in Latest Wave of Telecom Cyberattacks *

Fake AI Video Generators Spread Infostealers on Windows and macOS *

GitHub Repositories Exploited with Malicious Commits to Frame Security Researcher *

Laravel Security Alert Critical Vulnerability Exposes Unauthorized Access Risk *

Melofee Backdoor Evolves New Variant Targets Linux Systems with Enhanced Stealth Capabilities *

BrazenBamboo APT Exploits Zero-Day Vulnerability in FortiClient VPN *

Micon Office National Confirms Ransomware Attack in Wollongong *

GeoVision Zero-Day Exploited by Botnet to Deploy Mirai Malware *

Windows Users at Risk Russian Hackers Exploit Zero-Day Vulnerability with Simple File Actions *

Sitting Ducks Attacks Hijacking Known Brands and Government Domains *

Palo Alto Networks Confirms Exploitation of New Firewall Zero-Day Vulnerability *

Iranian Hackers Exploit Fake Job Offers to Target Aerospace Industry *

Cybercriminals Operate 4,700 Fake Shopping Sites to Steal Credit Card Information *

Data Breach at JewishCare NSW Affects Sensitive Personal Information *

Hive0145 Intensifies European Attacks with Strela Stealer Malware *

Hamas-Linked WIRTE Deploys SameCoin Wiper in Aggressive Attacks on Israel *

B2B Data Aggregator Breach Exposes Information of 122 Million Users *

Communications of U.S. Government Officials Exposed in Recent Telecom Breach *

Chrome 131 Released with Improved Security and Enhanced Performance *

Amazon Acknowledges Employee Data Breach Through Third-Party Vendor *

Halliburton Discloses $35M Loss Due to Ransomware Attack *

Microsoft Patch Tuesday Security advisory- November 2024 *

GitHub Developers are Targeted by GoIssue, a Phishing Tool *

Citrix and Fortinet Address Critical Vulnerabilities with Security Patches *

TA455s Iranian Dream Job Campaign Targets Aerospace Sector with Malware *

North Korean Hackers Use Flutter Apps to Evade macOS Security *

Siemens Issues Emergency Patch for Critical TeleControl Server Vulnerability *

Schneider Electric Alerts on Several Vulnerabilities in Modicon Controllers *

FBI Alerts U.S. Organizations to Fake Emergency Data Requests from Cybercriminals *

Ymir Ransomware Teams Up with RustyStealer in New Attacks *

New Android Malware SpyAgent Captures Screenshots of Users Devices *

Tor Network Hit by IP Spoofing Attack Through Non-Exit Relays *

Threat Actors Allegedly Announce Leak of 489 Million Records from Instagram *

Cyber Attack on Western Sydney University Compromises Personal Data *

Fake Antivirus App Launches Sophisticated SpyNote Malware Attack on Android Users *

Australian Non-Profit ANU Enterprise Confirms Ransomware Attack *

Silent Skimmer Resurfaces with New Tactics Targeting Payment Gateways *

FakeBat Loader Resurfaces, Using Malicious Google Ads to Target Notion Users *

Machine Learning Toolkit Vulnerabilities Expose Servers to Hijacking and Privilege Escalation *

HPE Releases Critical Security Patches for Vulnerabilities in Aruba Access Points *

Pro-Russian Hacktivists Attack South Korea Amid North Korea’s Entry into Ukraine War *

Hackers Exploit Excel Files to Deploy Remcos RAT on Windows Systems *

Australian Firm Goodline Hit by RansomHub Ransomware Attack *

DDoS Attack Targets South Korean Defense Ministry *

Scammers Target UK Seniors with Fake Winter Fuel Payment Texts *

US Agency Warns Employees to Limit Phone Use After China’s ‘Salt Typhoon’ Hack *

GodFather Malware Expands to Over 500 Banking and Crypto Applications *

IcePeony and Transparent Tribe Leverage Cloud-Based Tools *

Unpatched Vulnerabilities in Mazda Connect Allow Hackers to Install Persistent Malware *

Ethereum Smart Contracts Facilitate Evasive C2 in New Supply Chain Attack *

High-Risk Flaw in Popular WordPress Theme Threatens Thousands of Sites *

AndroxGh0st Malware Uses Mozi Botnet to Exploit IoT Devices and Cloud Services *

CISA Issues Alert on Active Exploitation of Critical Vulnerability in Palo Alto Networks Systems *

Remote Attackers Could Exploit Cisco Desk Phone Vulnerability to Access Sensitive Data *

Apache ZooKeeper Security Alert Critical Vulnerability Exposes Admin Server (CVE-2024-51504) *

D-Link NAS Devices Under Threat CVE-2024-10914 Command Injection Flaw Puts 61,000+ Devices at Risk *

Malicious npm Packages Deploy Data-Stealing Malware Targeting Roblox Users *

Texas Oilfield Supplier Newpark Disrupted by Ransomware Attack *

New CRONTRAP Malware Campaign Targets Windows Systems with Linux Backdoor *

SteelFox and Rhadamanthys Malware Leverage Copyright Scams and Driver Exploits to Attack Victims *

North Korean Hackers Deploy New macOS Malware Targeting Cryptocurrency Firms *

North Korean Hackers Adopting New Tactics to Secure Remote Jobs *

Interlock Ransomware Strikes US Healthcare, IT, and Government Sectors *

Aruba Access Points Vulnerable to Critical Attack CVE-2024-42509 (CVSS 9.8) *

Cisco NDFC Vulnerability Attackers Gain Unfettered Access to Networks (CVE-2024-20536) *

Gootloader Malware Campaign Targets Bengal Cat Owners in Australia *

Privilege Escalation Vulnerability Discovered in Veritas NetBackup for Windows *

Authentication Bypass Vulnerability Discovered in Veeam Backup Enterprise Manager *

Researcher Reveals 36 Vulnerabilities in IBM Security Verify Access *

VEILDrive Attack Leverages Microsoft Services for Stealthy Malware Distribution *

Hackers Intensify Use of Winos4.0 Post-Exploitation Kit in Cyber Attacks *

Cyberattack on Microlise Disrupts Tracking Services for DHL and Serco *

Proof-of-Concept Exploits Released for Critical Symlink Vulnerability in Apple’s iOS CVE-2024-44258 *

Critical Vulnerability in Cisco URWB Access Points (CVE-2024-20418, CVSS 10) Enables Remote Takeover *

Hackers Exploit AV EDR Bypass Tool from Cybercrime Forums to Compromise Endpoints *

APT36 Hackers Exploit Windows Devices with ElizaRAT Malware *

ClickFix Deceives Users with Fake Error Messages to Deploy Malicious Code *

New 'ToxicPanda' Android Malware Targets Users with Fraudulent Bank Transfers *

Synology Alerts Users to Critical Zero-Click RCE Vulnerability Affecting Millions of NAS Devices *

Ransomware Attack Exposes Personal Data of 500,000 Columbus Residents *

Critical Remote Exploitation Vulnerability in Century Systems Routers *

Critical Vulnerability in ZoneMinder (CVE-2024-51482) Exposes SQL Databases *

Nokia Probes Potential Breach Following Hacker’s Claim of Stolen Source Code *

DocuSign Envelopes API Exploited to Send Realistic Phishing Invoices *

Google Issues Warning on Actively Exploited CVE-2024-43093 Vulnerability in Android System *

Saint Xavier University Data Breach Impacts 210,000 Individuals *

Okta Verify Agent for Windows Vulnerability Exposes User Passwords to Attackers *

U.S. Soccer Federation Experiences Data Security Incident *

New FakeCall Malware Variant Exploits Android Devices to Impersonate Banking Calls *

Unpatched XSS Vulnerability in pfSense Allows Remote Exploits, PoC Published *

Phishing Campaign Targets ChatGPT Users Across the Globe *

LightSpy iOS Malware Updated with 28 New Malicious Plugins *

MediaTek Security Bulletin Exposes High-Risk Vulnerabilities in Mobile Chipsets *

LastPass Warns Users of Scam Support Centers Seeking to Capture Personal Data *

Unveiling Interlock: The New Ransomware Targeting FreeBSD Servers *

LiteSpeed Cache Plugin Vulnerability Could Grant Unauthorized Admin Access *

Google’s AI Tool Big Sleep has identified a zero-day vulnerability in the SQLite Database Engine *

Critical Remote Code Execution Vulnerability in qBittorrent Allows Attackers to Inject Malicious Scripts *

Chinese Hackers Breach Canadian Government Systems, Steal Sensitive Data *

North Korean Group Jumpy Pisces Tied to Play Ransomware Operation *

Emeraldwhale Attack Targets Misconfigured Git Configurations *

SYS01 Infostealer Campaign Leverages Meta Ads to Target Millions Globally *

CrossBarking Vulnerability in Opera Browser Enables Account Hijacking by Malicious Extensions *

Okta Reveals AD/LDAP DelAuth Authentication Vulnerability, Advises Customer Log Review *

18 Year Old Vulnerability in X.Org Server Exposes Systems to Potential Attacks *

Supply Chain Attack on Widely Used Lottie Player Library Targets Web3 Wallets *

A Sophisticated Vishing Attack Threatening Mobile Banking Security *

LA Housing Authority Confirms Cactus Ransomware Breach *

Safeguarding the Healthcare Supply Chain from Russian Ransomware Threats *

CISA Alerts on Major Software Vulnerabilities in Industrial Devices *

PoC Exploit Released for Spring WebFlux Authorization Bypass *

Critical Vulnerability in Apache Lucene.NET Exposes Users to Remote Code Execution *

Hikvision Network Cameras Vulnerable to Credential Exposure Patch Released *

Over One Thousand Online Shops Compromised with Fake Product Listings *

Yahoo Reveals NetIQ iManager Vulnerabilities Enabling Remote Code Execution *

Data Breach at Mystic Valley Elder Services Affects 87,000 Individuals *

Iranian Hackers Target Olympics and Surveillance Cameras, Warn US and Israel *

Sophos Reveals Ongoing Cyber Attacks by Chinese Threat Groups on Network Devices *

Microsoft: Chinese Hackers Exploit Quad7 Botnet to Steal Credentials *

Hackers Exploit Critical Zero-Day Vulnerability in PTZ Cameras *

Interbank Confirms Data Breach Following Unauthorized Data Leak of Customer Information *

QNAP Releases Patch for Second Zero-Day Vulnerability Exploited at Pwn2Own for Root Access *

Critical Denial-of-Service Vulnerability in Squid Proxy Server *

A Critical 9.8 Severity Vulnerability in IBM Power Systems *

Urgent Chrome Security Update Addresses Critical CVE-2024-10487 and 10488 Vulnerabilities *

Notorious WrnRAT Spread as Gambling Games *

Free Unofficial Patches Released for New Windows Themes Zero-Day Vulnerability *

PSAUX Ransomware Strikes 22,000 CyberPanel Servers in Widespread Attack *

Open-Source AI and Machine Learning Models Exposed to Vulnerabilities *

Apple Addresses More Than 70 Vulnerabilities in iOS, macOS, and Other Products *

Dutch Police Disrupt RedLine and MetaStealer Info Stealers in Operation Magnus *

New Tool Circumvents Google Chrome's Latest Cookie Encryption System *

Russia Deploys Windows and Android Malware to Target Ukrainian Conscripts *

Chinese Hackers Exploit CloudScout Toolset to Steal Session Cookies from Cloud Services *

Microsoft Windows Kernel Vulnerability OS Downgrade Exploit Puts Users at Risk *

France’s Second-Largest Telecom Company, Free, has Confirmed it was Targeted in a Cyberattack *

Critical Vulnerability in HashiCorp Vault (CVE-2024-7594) Unrestricted SSH Access Poses Security Risks *

Critical Vulnerability in Rancher Exposes vSphere Credentials in Plaintext *

Change Healthcare Data Breach Impacts 100 Million Americans *

HeptaX Campaign Exposes Healthcare Sector to Data Theft and Manipulation *

Critical Authentication Bypass Flaw Exposed for WhatsUp Gold Users *

Delta Sues CrowdStrike Following Tech Outage That Led to Flight Cancellations *

Critical RKE2 Vulnerability Allows Privilege Escalation on Windows Nodes *

Senator Claims Lax Domain Registrars Enable Russian Disinformation Campaigns *

LinkedIn Bots and Spear Phishing Campaigns Target Job Seekers *

LockBit Ransomware Campaign Targets macOS Systems *

Fog Ransomware Exploits SonicWall VPN Vulnerabilities to Infiltrate Corporate Networks *

OPA Vulnerability on Windows Exposes NTLM Hashes *

Mallox Ransomware Vulnerability Allows Victims to Recover Files *

New Trojan Framework Poses Significant Threat to Brazilian Banking Customers *

Critical Authentication Bypass Vulnerability in wpDiscuz Plugin Poses Risk to Over 80,000 Websites *

New Cisco ASA and FTD Features Mitigate VPN Brute-Force Password Attacks *

APT29 Emulates AWS Domains to Harvest Windows Credentials *

Advanced Rust-Based Embargo Ransomware Emerges as a New Threat to US Companies *

Threat Actors Reportedly Selling Database of 1,000 NHS Email Accounts *

The Prometei Botnet A Growing Menace in the World of Cryptojacking *

Notorious Hacker Group Launches New Cloud-Based Crypto Mining Attacks *

Authentication Bypass Vulnerability Found in One Identity Safeguard for Privileged Sessions *

Security Researchers Find Command Injection Vulnerability in Wi-Fi Alliance Testing Suite *

Apple Unveils PCC Source Code for Researchers to Uncover Cloud AI Security Bugs *

Okta Verify for iOS Vulnerability Could Lead to Unauthorized Access *

Amazon Seizes Domains Tied to Data Theft via Rogue Remote Desktop Campaign *

Black Basta Ransomware Masquerades as IT Support on Microsoft Teams to Breach Networks *

Critical Security Vulnerabilities Discovered in Siemens InterMesh *

Xerox Printers Exposed to Remote Code Execution Vulnerabilities *

North Korean Cyber Group Pungsan Infiltrates Open-Source Repositories with Backdoored npm Packages *

OnePoint Patient Care Data Breach Affects Nearly 800,000 Individuals *

UnitedHealth Reports Data Breach at Change Healthcare Exposing 100 Million Records *

Landmark Insurance Administrator Reports Data Breach Affecting 800,000 Individuals *

Henry Schein Reports Data Breach One Year After Ransomware Attack *

GitLab Fixes HTML Injection Vulnerability Enabling XSS Attacks *

Cisco Fixes Vulnerability Exploited in Widespread Brute-Force Attacks *

New WarmCookie Malware Targets Organizations Across Sectors *

Nvidia Releases Security Patches for Windows and Linux Graphics Drivers *

AWS CDK Vulnerability Exposes Users to Account Takeover Threats *

Samsung Galaxy S24 Exploited at Pwn2Own Ireland 2024 *

CISA Alerts on Active Attacks Targeting Microsoft SharePoint Vulnerability (CVE-2024-38094) *

WhatsApp Introduces Encrypted Contact Databases for Secure Syncing Across Devices *

Lazarus Hackers Exploit Google Chrome Zero-Day Through Fake DeFi Game *

Chrome Patches High-Risk Vulnerabilities in Latest Stable Release *

Fortinet Alerts on Actively Exploited Vulnerability in FortiManager *

IcePeony Hackers Target Public Web Servers to Deploy Webshells *

Grayscale Investments Suffers Data Breach, Exposing Records of Approximately 693,000 Users *

Threat Actors Abusing Docker API Servers for SRBMiner Cryptomining Attacks *

Gophish Framework Leveraged in Phishing Campaigns to Deliver Remote Access Trojans *

VMware Releases vCenter Server Update to Address Critical Remote Code Execution Vulnerability *

Critical Vulnerabilities Found in mbNET.mini and Helmholz Industrial Routers *

Johnson & Johnson Insurance Firm Hit by Data Breach *

Cyberattack Disrupts Winnebago Public Schools, Forcing Service Shutdowns *

Chinese Nation-State Group APT41 Targets Gambling Industry for Financial Gains *

Over 6,000 WordPress Sites Hacked to Deploy Plugins Distributing Infostealers *

Bumblebee Malware Resurfaces Following Recent Law Enforcement Crackdown *

Microsoft Patches Critical Kernel Streaming Flaw *

Red Barrels Hit by Cyberattack, Outlast Trials Delayed *

Atlassian Issues Patches for Bitbucket, Confluence, and Jira *

Critical Security Flaw in Synology Camera Firmware Puts Devices at Risk of RCE and DoS Attacks *

Beast Ransomware RaaS Service Platform Targets Windows, Linux, and VMware ESXi *

Critical File Reading Vulnerability Found in Vendure E-commerce Platform *

Spring Framework Vulnerability Poses Path Traversal Risk in Web Applications *

Critical Vulnerability in SICK Products Opens Systems to Remote Attacks *

Internet Archive Restores Services After Website Defacement and DDoS Attack *

Cyprus Prevents Cyberattack on Government's Main Online Portal *

Brazil Arrests ‘USDoD,’ Hacker Involved in FBI InfraGard Breach *

Internet Archive Hit by Another Breach Caused by Stolen Access Tokens *

Severe Flaws in E2EE Cloud Storage Put Millions of Users at Risk *

Hackers Exploit Roundcube Webmail Vulnerability to Steal User Logins *

Vietnamese Threat Actor’s Complex Strategy Targeting Digital Marketing Professionals *

Radiant Capital Reports $50 Million in Digital Coins Stolen After Account Breaches *

Hackers Target Ukrainian Conscripts with MeduzaStealer Malware *

New Spectre Bypass Impacts Intel and AMD CPUs on Linux *

Fortigate SSLVPN Vulnerability Actively Exploited by Hackers *

ESET Partner Breached to Deliver Data Wipers to Israeli Organizations *

SolarWinds Web Help Desk Vulnerability Enables Remote Code Execution *

Nidec Confirms Data Breach After Ransomware Attack *

Cisco Takes DevHub Portal Offline After Data Leak *

Omni Family Health Data Breach 470,000 Individuals' Personal Data Compromised *

F5 BIG-IP Security Alert High-Severity Elevation of Privilege Vulnerability Patched *

Undercover North Korean IT Workers Engaging in Data Theft and Extortion *

Patch Grafana Now to Mitigate 9.9 Severity RCE Vulnerability *

Hybrid Work Uncovers Emerging Print Security Vulnerabilities *

Microsoft Discloses macOS Vulnerability Allowing Bypass of Safari's Privacy Controls *

BianLian Ransomware Group Targets Boston Children's Health Physicians in Alleged Attack *

Researchers Expose Cicada3301 Ransomware Operations and Affiliate Network *

Microsoft Alerts Customers to Month-Long Security Log Loss *

Fake Google Meet Errors Deliver Info-Stealing Malware *

Russian RomCom Attacks Unleash New SingleCamper RAT Variant on Ukrainian Government *

Ragic Enterprise Cloud Database Patches Critical Vulnerabilities *

Varsity Brands Hit by Data Breach, Leaving 65,000 Vulnerable to Identity Theft *

Cisco Releases Patches for High-Severity Vulnerabilities in Analog Telephone Adapters *

Apache Solr Addresses Critical Authentication Bypass Vulnerability with New Patch *

VMware Issues Patch for High-Severity SQL Injection Vulnerability in HCX Platform *

Critical Vulnerability in Kubernetes Image Builder Exposes Nodes to Root Access *

SolarWinds Web Help Desk Flaw Actively Exploited in Attacks *

Astaroth Banking Malware Reappears in Brazil Through Spear-Phishing Attacks *

Google Reports 70 Percent of Vulnerabilities Exploited in 2023 Were Zero Day Bugs *

Iranian Hackers Selling Access to Critical Infrastructure as Brokers *

ScarCruft a North Korean Group Exploits Windows Zero-Day to Spread RokRAT Malware *

Google Chrome Patches Critical Security Flaws *

New Malware Campaign Uses PureCrypter to Distribute DarkVision RAT *

EDRSilencer: Red Team Tool Exploited to Bypass Security Defenses *

WordPress Jetpack Plugin Patches Critical Vulnerability in 101 Updates *

Splunk Enterprise Update Addresses High-Severity Remote Code Execution Vulnerabilities *

Critical Vulnerability Patched in GitHub Enterprise Server *

Nation-State Actors Exploit Ivanti CSA Vulnerabilities for Network Breaches *

New Linux Variant of FASTCash Malware Targeting Financial Sector *

Cisco Probes Potential Breach Following Sale of Stolen Data on Hacking Forum *

Entry Points in Python, npm, and Open-Source Ecosystems Vulnerable to Supply Chain Attacks *

TrickMo Malware A Sneaky Threat to Android Users' PIN Security *

Gryphon Healthcare and Tri-City Medical Center Announce Major Data Breaches *

Keycloak Patches CVE-2024-3656 Allowing Low-Privilege User Access to Admin Rights *

Australian Owner of Strike Bowling and Other Venues Acknowledges Ransomware Attack *

Google has alerted users that uBlock Origin and other extensions might be disabled shortly *

Progress Fixes Critical Security Vulnerability CVE-2024-8015 (CVSS 9.1) in Telerik Report Server *

FBI Introduces Fake Cryptocurrency to Reveal Extensive Manipulation in the Crypto Market *

Pokémon Developer Confirms Data Breach Leaking Employee and Game Data *

HashiCorp Vault Vulnerability (CVE-2024-9180) May Lead to Privilege Escalation *

OilRig Strikes Again Windows Kernel Flaw Exploited in UAE and Gulf Espionage Campaign *

Researchers Identify Critical Security Flaws in Industrial MMS Protocol Libraries *

GitLab Releases Critical Patches for Pipeline Execution, SSRF, and XSS Vulnerabilities *

Casio Confirms Customer Data Compromised in Ransomware Attack *

CreditRiskMonitor Data Breach Exposes Employee Information *

SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Vulnerabilities Exposed *

Unpatched MiCollab Vulnerability Exposes Systems to Unauthorized Access *

Fidelity Investments Announces Data Breach Affecting Over 77,000 Customers *

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Security Systems *

U.S. and U.K. Warn of Russian APT29 Hackers Targeting Zimbra and TeamCity Servers *

Akira and Fog ransomware now exploit critical Veeam RCE flaw *

Ukraine Arrests Operator of Illegal VPN Service Enabling Access to Runet *

Firefox 131 Update Fixes Actively Exploited Zero-Day Vulnerability *

Schneider Electric Warns of Serious Security Vulnerability in Industrial PCs *

Code Execution Flaw in Apache Subversion for Windows *

Internet Archive Faces Data Breach, Exposing 31 Million Accounts *

Crypto-Stealing Malware Campaign Affects 28,000 Victims *

CISA Reports Active Exploitation of Critical Fortinet RCE Vulnerability *

Mamba Service Exploits 2FA Weaknesses to Target Microsoft 365 Accounts *

Palo Alto Networks Issues Warning on Firewall Hijacking Vulnerabilities with Public Exploit *

Zero-Day Alert: Three Ivanti CSA Vulnerabilities Actively Being Exploited *

Microsoft Announces End of Servicing for Windows 11 22H2 Home and Pro Editions *

New Tool Identifies Linux and UNIX Servers Vulnerable to CUPS RCE Exploits *

The Gorilla Botnet has Attacked over 100 Countries With More Than 300,000 DDoS Attacks *

Microsoft and DOJ Take Down Hundreds of Websites Operated by Russian Hackers *

Microsoft Patch Tuesday Security advisory- October 2024 *

ADT Reports Second Data Breach in Two Months, Hacked Through Stolen Credentials *

MoneyGram Confirms Cyberattack Resulted in Stolen Customer Data *

American Water Halts Online Services Following Cyberattack *

Data Breach at FBCS Impacts Comcast and Truist Bank Customers *

MediaTek Releases Security Updates for Smartphone, Tablet, and IoT Devices *

Qualcomm Issues Patch for Critical Vulnerabilities Affecting Snapdragon, FastConnect *

High-Severity Vulnerabilities Patched in Latest Chrome and Firefox Updates *

Ransomware Group Releases Allegedly Stolen Data from Kawasaki Motors *

Data Breach at Patelco Credit Union Affects Over 1 Million Individuals *

Vesta Control Panel Vulnerability Compromises Admin Accounts *

Hawaii Health Center Reports Data Breach Following Ransomware Attack *

Apple Issues Critical iOS and iPadOS Updates to Fix VoiceOver Password Exposure Vulnerability *

Northern Ireland Police Fined £750,000 for Data Breach *

WordPress LiteSpeed Cache Plugin Vulnerability XSS Attack Risk Alert *

UMC Health System Redirects Patients After Ransomware Attack *

Highline Public Schools Confirms Ransomware Attack Led to Shutdown *

MoneyGram Denies Ransomware Involvement in Recent Cyber Incident *

Hacking Group Targets U.S. Organizations through Spear-Phishing *

Cisco Addresses Critical Vulnerability in Data Center Management Software *

Dutch Police Suspect State Actor Involvement in Recent Data Breach *

Over 4,000 Adobe Commerce and Magento Stores Compromised in CosmicSting Attacks *

Jenkins Addresses Critical Vulnerabilities in Server and Plugins *

FIN7 Hackers Use Deepfake Nude "Generator" Websites to Distribute Malware *

North Korean Hackers Deploy VeilShell Backdoor in Covert Cyber Operations *

Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking *

Critical Vulnerability in Ivanti Endpoint Manager *

14 Newly Discovered Vulnerabilities Expose 700,000+ Devices to Cyber Threats *

China-Linked CeranaKeeper Targets Southeast Asia for Data Exfiltration *

Fake Job Applications Deliver Dangerous More_Eggs Malware Targeting HR Professionals *

Fake Browser Update Campaign Distributes Updated WarmCookie Malware *

Critical Zimbra Vulnerability Poses Serious Security Risk *

Rhadamanthys Stealer Uses AI-Driven Image Recognition to Target Crypto Wallets *

New Cryptojacking Attack Exploits Docker API to Build Malicious Swarm Botnet *

Data Breach at Rackspace Due to ScienceLogic Zero-Day Vulnerability *

Israeli Cyberattack on Beirut Air Traffic Control Aims to Warn Off Iranian Planes *

North Korean Hackers Tried to Steal Sensitive Military Data *

Ransomware attackers are moving from on-premises systems to the cloud in order to compromise Microsoft 365 accounts *

Three Iranian Hackers Charged in Election Interference Hack-and-Leak Campaign *

UK Hacker Accused of $3.75 Million Insider Trading Scheme Through Hacked Executive Emails *

Critical WordPress Plugin TI WooCommerce Wishlist Vulnerability Exposes Thousands of Sites *

Two Critical Vulnerabilities Discovered in WatchGuard Authentication Gateway and Single Sign-On Client *

A Data Breach Disclosed by Accounting Firm which Impacted 127,000 Individuals *

VLC Player Vulnerability Allows Attackers to Execute Malicious Code *

Microsoft Audio Bus Vulnerability Allows Attackers to Execute Remote Code *

Google’s Gemini for Workspace Susceptible to Prompt Injection Attacks *

Hackers Leverage HTML Smuggling to Deliver Sophisticated Phishing Sites *

Russian Hackers Breach Ukrainian Security Service *

Indian-Linked Hackers Target South and East Asian Entities, Warns Cloudflare *

MoneyGram Confirms Cyberattack Behind Prolonged System Outage *

Hackers Use AI-Generated Malware in Targeted Attacks *

HPE Fixes Three Critical Vulnerabilities in Aruba Access Points *

Critical Vulnerabilities Found in OpenPLC *

Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Campaigns *

Millions of Kia Vehicles Exposed to Remote Hacking Vulnerabilities *

Progress Urges Administrators to Immediately Patch Critical WhatsUp Gold Vulnerabilities *

Critical SQL Injection Vulnerability in The WordPress Events Calendar Plugin *

Critical Vulnerabilities Discovered in NVIDIA Container Toolkit *

North Korean Hackers Launch New KLogEXE and FPSpy Malware in Targeted Operations *

New RomCom Malware Variant SnipBot Discovered in Data Theft Campaigns *

RansomHub Ransomware Employs Multiple Tactics to Bypass EDR and Antivirus Protections *

Octo2 Android Malware Targets Banking Credentials Theft *

CUPS Vulnerabilities Allow Remote Code Execution on Linux, With Important Limitations *

Cisco Releases Patches for Multiple High-Severity Vulnerabilities *

Valencia Ransomware Group Strikes Again Businesses Warned of Data Leaks and Cyber Threats *

Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool *

macOS ChatGPT Vulnerability Could Have Allowed Persistent Spyware via Memory Feature *

The SolarWinds Web Help Desk Vulnerability has been Demonstrated (CVE-2024-2987) *

Mozilla Accused of Tracking Firefox Users Without Consent *

Massive MC2 Data Leak 100M+ US Citizens' Personal Data Exposed *

CISA Warns Hackers Use Unsophisticated Methods to Breach Industrial Systems *

Taiwan is Accused of Waging Cyberwarfare by China *

Researcher Reveals Cisco Smart Licensing Vulnerability Allowing Device Control by Attackers *

Infostealer Malware Evades Chrome’s Latest Cookie Theft Defenses *

Data Breach at U.S. Government Agency CMS Affects 3.1 Million People *

Cyberattack on Kansas Water Plant Forces Shift to Manual Operations *

AutoCanada Hit by Ransomware Attack: Employee Data at Risk *

Deloitte Denies Data Breach Despite Hacker's Claims of Server Compromise *

The New Version of Windows Server 2025 offers Hotpatching without Rebooting *

A Android Banking Trojan New Octo2 Emerges with Device Takeover Capablities *

FreeBSD Releases Critical Security Advisory for CVE-2024-41721 (CVSS 9.8) *

Mandiant Provides Insights on Detecting and Preventing North Korean Fake IT Workers *

Hackers Pose as Company HR to Deceive Employees *

Necro Trojan Targets Popular Google Play Apps with Millions of Downloads *

Critical Vulnerability Alert Dragonfly2's Hardcoded Key Exposes Admin Access *

Grafana Plugin SDK Vulnerability CVE-2024-8986 Allows Unauthorized Access to Sensitive Information *

ESET Releases Patches for Two Local Privilege Escalation Vulnerabilities in Windows and macOS Products *

Critical Vulnerabilities Disclosed in Microchip ASF and MediaTek Wi-Fi Chipsets, Enabling Remote Code Execution *

Hackers Claim Responsibility for Breach of Dell Employee Database *

CISA Issues Critical Advisories for Industrial Control Systems *

Cyber Attackers Leverage GitHub Repositories to Spread Malware *

Chinese Hackers Leverage GeoServer Vulnerability to Spread EAGLEDOOR Malware in APAC Region *

Telegram Banned for Ukrainian Officials Over Security Concerns *

Update Required: Critical Authentication Bypass Vulnerability in Safeguard for Privileged Passwords (CVE-2024-45488) *

Hertz Car Rental Platform Exposes 60,000 Insurance Claim Reports *

Worldwide Infostealer Malware Campaign Targets Cryptocurrency Users and Gamers *

Critical API Vulnerability Discovered in Versa Director by Versa Networks *

High-Severity Acronis Plugin Vulnerability Poses Significant Risk *

Chinese-Originated Noise Storms: A Surge in Spoofed Web Traffic *

Ivanti Cloud Appliance Vulnerability Under Active Exploitation *

Microsoft Identifies CVE-2024-37985 as Zero-Day Vulnerability in Windows *

New SambaSpy Malware Connected to Brazil Targets Italian Users via Phishing Emails *

Miami Authorities Arrest Suspects in $230 Million Cryptocurrency Theft *

CISA Adds Critical Apache HugeGraph-Server RCE Flaw and Four Other Vulnerabilities to KEV Catalog *

Microsoft Alerts on New INC Ransomware Threatening U.S. Healthcare Sector *

Chrome 129 Patches High-Risk V8 Engine Vulnerability *

Critical GitLab Vulnerability Exposes Users to Authentication Bypass Attacks *

Europol Takes Down 'Ghost' Encrypted Messaging Platform Used for Criminal Activities *

"Raptor Train" IoT Botnet Compromises More Than 200,000 Devices Globally *

Severe Vulnerabilities in Red Hat OpenShift: CVE-2024-45496 (CVSS 9.9) and CVE-2024-7387 (CVSS 9.1) *

Discord Introduces End-to-End Encryption for Audio and Video Calls *

New MISTPEN Malware Deployed by North Korean Hackers to Attack Energy and Aerospace Sectors *

WhatsUp Gold Users Beware Recent Vulnerabilities Linked to Ransomware Attacks *

Azure Storage Explorer Exploited: Ransomware Groups Steal Sensitive Data *

Brute Force Attacks on Accounting Software Compromise Construction Firms *

Hackers Exploiting Selenium Grid for Deploying Exploit Kits and Proxyjackers *

Google Chrome Adopts ML-KEM for Post-Quantum Cryptography Protection *

Temu Denies Breach Following Hacker's Claim of Stealing 87 Million Data Records *

Malware Attacks Targeting Cryptocurrency Users are on the Rise, According to Binance *

VMware Plugs Critical RCE Flaw Exploited by Chinese Hackers *

Russian Hacker Group Unleashes .NET Built Ransomware Attacks *

Data from over 1,000 ServiceNow Instances has been found to be Leaking *

Health and Government Sectors Report Highest Data Breaches in Early 2024 *

Rhysida Ransomware Group Demands $5.8M Ransom for Seattle-Tacoma Data *

Microsoft Resolves Bug Causing Microsoft 365 Apps to Crash While Typing *

D-Link WiFi Routers Under Attack Critical Vulnerabilities Exposed *

NixOS Package Manager Flaw Exposes Critical Vulnerability *

Access Sports Data Breach Affects 88,000 Due to Ransomware Attack *

Cryptocurrency Users on LinkedIn are Targeted by North Korean Hackers with RustDoor Malware *

Remote Code Execution Flaw Fixed in Google Cloud Platform Composer *

Hackers Deploy Supershell Malware in Attacks Targeting Linux SSH Servers *

Attackers Exploit HTTP Headers in Massive Phishing Attacks to Steal Credentials *

Increased OT Risks Due to Remote Access Tool Sprawl *

Windows Vulnerability Exploited Through Braille 'Spaces' in Zero-Day Attacks *

Critical Vulnerabilities Patched in Citrix Workspace App *

Critical Remote Code Execution Vulnerability in SolarWinds Access Rights Manager *

Critical Docker Desktop Flaws Allow Remote Code Execution *

A New Malware Campaign Targeting Microsoft Office *

Ivanti Alerts on Active Exploitation of Recently Patched Vulnerability in Cloud Appliance *

"Hadooken" Linux Malware Targets Oracle WebLogic Servers *

Palo Alto Networks Releases Security Updates to Fix Multiple Vulnerabilities *

Apple Fixes Critical Vision Pro Vulnerability to Thwart GAZEploit Attacks *

Fraudulent TrickMo Android Trojan Exploits Accessibility Services *

Fortinet Confirms Data Breach Following Hacker Leak of 440 GB *

Warning: Vo1d Malware Infects 1.3 Million Android TV Boxes Globally *

Urgent: GitLab Issues Patch for Critical Flaw Enabling Unauthorized Pipeline Execution *

New Android Malware 'Ajina.Banker' Targets Financial Data and Circumvents 2FA Through Telegram *

Hackers Actively Targeting Progress WhatsUp RCE Vulnerability in the Wild *

Adobe Issues Critical Patches for Multiple Products *

Cisco Releases Patches for High-Risk Vulnerabilities in Network Operating System *

Systemic vulnerability has emerged from tech stack uniformity *

The Quad7 Botnet has Expanded to Target SOHO Routers and VPN Appliances *

DragonRank Black Hat SEO Campaign Targets IIS Servers in Asia and Europe *

DDoS Attacks Surge, Governments Become Prime Targets *

Malicious Fake Password Manager Targets Python Developers in Coding Test Scam *

Chrome 128 Update Addresses High-Severity Security Vulnerabilities *

Data Breach Alert 1.7 Million Affected in Slim CD Security Incident *

Microsoft Patch Tuesday Security advisory- September 2024 *

Microsoft Resolves Windows Server 2019 Boot and Performance Issues in September 2024 Update *

CosmicBeetle Launches Custom ScRansom Ransomware, Partnering with RansomHub *

Ivanti Resolves Critical RCE Vulnerability in Endpoint Management Software *

Ransomware Strikes London High School Students Dismissed as Authorities Investigate *

Chinese Hackers Leverage Open-Source Tools in Sophisticated Cyber Attacks *

Cryptocurrency Scams Surged in 2023 says FBI Report *

Young Gamers at Risk: Top Games Targeted by Cyber Attacks *

Ransomware Campaigns Actively Exploiting Critical Flaw in SonicWall SSLVPN *

Windows Elevation of Privilege Vulnerability CVE-2024-26230 PoC Exploit Released *

Red Hat Patches Pulpcore Authentication Bypass Vulnerability *

RAMBO Attack Exploits RAM to Steal Data from Air-Gapped Systems *

IBM Product Vulnerabilities Enable Attackers to Exploit and Launch DOS Attacks *

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar Attack *

BBTok Misuses Windows Utility Tool to Avoid Detection *

SpyAgent Android Malware Targets and Steals Crypto Recovery Phrases from Images *

Critical Vulnerability CVE-2024-7591 Identified in Progress LoadMaster *

A Critical Flaw in IBM webMethods Integration Fixed Immediately *

Car Rental Giant Avis Reveals Data Breach Affecting Customer Information *

North Korean Hackers Use LinkedIn Job Scams to Spread COVERTCATCH Malware *

Cyberwar on Malaysian Politicians Unleashed by Babylon RAT *

A Critical Vulnerability in OpenStack Ironic (CVE-2024-44082) should be Patched by Users *

Veeam Releases Patches for High-Severity Vulnerabilities in Enterprise Software *

VMware Fusion Patch Released to Fix High-Severity Code Execution Vulnerability *

Pavel Durov Condemns Outdated Laws Following Arrest Linked to Telegram Criminal Activity *

LiteSpeed Cache Vulnerability Puts 6 Million WordPress Sites at Risk of Takeover Attacks *

Russian Military Hackers Involved in Critical Infrastructure Attacks *

Apache Addresses Critical Remote Code Execution Vulnerability in OFBiz *

Fake OnlyFans Checker Tool Spreads Lummac Stealer Malware to Hackers *

D-Link Alerts Users to Critical Code Execution Vulnerabilities in Legacy Router Model *

Cisco Addresses Critical Security Flaws in Smart Licensing Utility *

Android Users Advised to Install Latest Security Updates to Patch Actively Exploited Vulnerability *

Hackers Inject Malicious JavaScript into Cisco Store to Steal Credit Card Details and Credentials *

Hackers Abuse Red Team Tool 'MacroPack' to Deploy Brute Ratel in Attacks *

Crypto Flaw Enables Cloning of YubiKey Security Keys *

Emerging Supply Chain Attack: 'Revival Hijack' Threatens Large-Scale PyPI Takeovers *

Emansrepo Malware A New Threat to Windows Users, Delivered via HTML Files *

Cisco Addresses Root Escalation Vulnerability in Latest Patch *

WinRAR vulnerability exploited by hackers in attack on Russia and Belarus *

Critical Vulnerability in Zyxel Secure Routers Allows OS Command Execution via Cookie (CVE-2024-7261) *

Canonical Releases New Patches to Address Critical Linux Kernel Vulnerabilities in AWS *

Hackers Deploy Fake GlobalProtect VPN Software in Latest WikiLoader Malware Attack *

Verkada Pays $2.95 Million for Failing to Secure Data, Leading to Massive Breach *

Customer Data Breach Disclosed by Business Services Ginat CBIZ *

Ongoing Cyber Security Incident Disclosed by Transport for London *

Hacker Exposes Data of 390 Million Users from VK, Russia's Leading Social Network *

RansomHub Ransomware Group Strikes 210 Victims in Critical Sectors *

Global Phishing Scam Targets Canadian Pizza Chains, Stealing Credit Card Information *

LockBit Claims Breach of Toronto School Board, Student Information Stolen *

Air Traffic Control Agency in Germany Suffers Cyberattack, Operations Continue Uninterrupted *

The Sarawak Campus of Swinburne University has been hacked, Swinburne University confirms *

Vietnamese Human Rights Defenders Targeted by Advanced Persistent Threat *

Cicada3301 Ransomware's Linux Encryptor Targets VMware ESXi Servers *

New Windows Vulnerability Exploited in Phishing Campaign Targeting and Originating in China *

Fake 'noblox.js' npm Packages Target Roblox Developers, Compromising Systems *

A silent intrusion: Godzilla Fileless Backdoors exploiting Atlassian Confluence *

Iranian Hackers Launch Spear Phishing Attacks on WhatsApp Users *

Severe Security Risks Exposed in Progress Software's WhatsUp Gold *

An attack on Dick's Sporting Goods Exposed Sensitive Data *

Researcher Faces Lawsuit for Sharing Ransomware Stolen Data with Media *

Researchers Discover SQL Injection Vulnerability Allowing Bypass of TSA Airport Security Checks *

Windows is Attacked by a .NET-Based Keylogger Using Weaponized Excel Documents *

Hackers in North Korea Target Developers With Malicious NPM Packages *

Malware Impersonates Palo Alto VPN to Target Middle East Organizations *

Voldemort Malware Misuses Google Sheets for Data Exfiltration *

WPS Office Patch Addresses Zero-Day Vulnerability Exploited by South Korean Hacker Group *

FBI: RansomHub Ransomware Hits 210 Victims Since February *

Vietnamese Human Rights Group Targeted by Ongoing Cyberattack from APT32 *

Russian Hackers Leverage Safari and Chrome Vulnerabilities in Major Cyberattack *

Fortra Releases Critical Patch for High-Risk FileCatalyst Workflow Vulnerability *

Cisco Fixes Multiple NX-OS Software Vulnerabilities *

New Unicode QR Code Scam Evades Traditional Security Measures *

BlackByte Ransomware Exploits New VMware Vulnerability in VPN Attacks *

CrowdStrike Implements Safeguards to Mitigate Impact of Recent Outage *

Employee Arrested for Locking Out Admins from 254 Servers in Extortion Scheme *

TDECU MOVEit Data Breach Exposes Sensitive Info of 500,000+ Members *

Microsoft Sway Exploits by a New QR Code Phishing Campaign to Steal Credentials. *

Pidgin Messenger’s Official Plugin Repository Infiltrates by Malware *

Park'N Fly Informs 1 Million Customers of Data Breach *

U.S. Marshals Service Rejects Ransomware Gang's Breach Allegations *

macOS HZ RAT Backdoor Targets Users of Chinese Messaging Apps *

Volt Typhoon Hackers Exploit Versa Zero-Day Vulnerability to Compromise ISPs and MSPs *

Major WPML Plugin Flaw Puts WordPress Sites at Risk of Remote Code Execution *

New Chrome 0-Day Vulnerability (CVE-2024-7965) Exploited in the Wild` *

365 Copilot Data Theft Caused by an ASCII Smuggling Flaw is Fixed by Microsoft *

A Data Breach Involving Ransomware has been Reported by Patelco to 726,000 Customers *

“FreeDurov” Hacktivist Campaign Launches After Telegram CEO’s Arrest *

Dutch Regulator Hits Uber with €290 Million Fine for GDPR Breaches in U.S. Data Transfers *

Cheana Stealer Targets Windows and macOS VPN Users with Malware Payloads *

Small Rural Alabama Hospital Reports Major 2023 Hacking Breach *

Microsoft Exchange Online error incorrectly flags emails as malware *

Seattle-Tacoma Airport IT Systems Disrupted due to a cyberattack *

SonicWall Fixes Critical SonicOS Vulnerability *

Hundreds of Online Stores Targeted in Widespread Cyberattack *

Critical Vulnerabilities in Traccar GPS Tracking System Could Lead to Remote Code Execution *

Halliburton Confirms Cyberattack Leading to Systems Shutdown *

Slack Fixes AI Vulnerability That Allowed Data Theft from Private Channels *

Crypto Scammers Exploit McDonald's Instagram to Promote Grimace Coin *

CISA Mandates Urgent Patch for Versa Director Vulnerability *

A new Linux malware called 'sedexp' hides credit card skimmers using Udev rules *

Meta exposes an Iranian hacker group targeting global political figures using WhatsApp *

One million Dollars has been Paid as Ransom by the American Radio Relay League *

PEAKLIGHT Downloader Used in Windows Attacks via Malicious Movie Downloads *

Qilin Ransomware Targets VPN Credentials and Extracts Chrome Data *

New Cthulhu Stealer Targets macOS, Exploits User Credentials and Cryptocurrency Wallets *

Ongoing Log4j Exploits Continue to Target Unpatched Systems Two Years Later *

CISA Warns of Active Exploitation of Dahua Vulnerabilities *

Atlassian Releases Patches for High-Severity Vulnerabilities in Bamboo, Confluence, Crowd, and Jira *

China-Nexus ‘Velvet Ant’ Hackers Leveraged Zero-Day Exploit to Install Malware on Cisco Nexus Switches *

SolarWinds Patches High-Severity Vulnerability in Web Help Desk Software *

Critical Hardware Backdoor Found in MIFARE Classic Cards, Threatens Hotel and Office Security *

Caching Plugin Flaw Could Lead to Mass WordPress Site Exploitations *

Cisco Fixes High-Severity Vulnerability Reported by the NSA *

High Severity Chrome Flaw Actively Exploited in Wild fixed by Google *

India’s Zee Media Website for Mocking floods Defaced by Bangladesh Hackers *

MoonPeak Trojan is Used by North Korean Hackers in Cyber Attack Campaign *

Microsoft Fixes Critical Copilot Studio Flaw Exposing Sensitive Data *

Cryptojacking Hackers are Targteing Poorly Configured PostgreSQL Databases *

QNAP Boosts NAS Security with New Ransomware Protection *

Arden Clients Impacted by Data Breach: 139,000 Records at Risk *

Digital Wallets Vulnerable to Fraudulent Transactions Using Stolen Credit Cards *

Hackers Exploit PHP Vulnerability to Install Backdoor Malware on Windows Systems *

CannonDesign Reports Data Breach Linked to Avos Locker Ransomware *

Microchip Technology Reports Cyberattack Disrupting Operations *

Czech Mobile Users are Targeted in a New Banking Credential Theft Attack *

Styx Stealer New Threat Stealing Your Passwords *

Ransomware Epidemic Costs Victims $460 Million in First Half of 2024 *

CISA Alerts to Critical Jenkins RCE Vulnerability Actively Exploited *

Critical Linux Kernel Flaw Allows Direct System Access *

Xeon Sender Tool Abuses Cloud APIs for Massive SMS Phishing Campaigns *

Toyota Confirms Data Breach After Hackers Release Information on Forum *

UULoader Malware Spreads Gh0st RAT and Mimikatz in East Asia *

Jewish Home Lifecare Data Breach Affects 100,000 Individuals *

Massive Carespring Data Breach Compromises Medical Records of 77,000 Patients *

Zero-Day Windows Vulnerability Exploited by Lazarus Group to Deploy FudModule Rootkit *

Massive Extortion Campaign Exploits Exposed Environment Variables in Cloud Infrastructures *

OpenAI Disables Iranian Operation Misusing ChatGPT for Manipulating U.S. Election *

BeaverTail Malware Uses Weaponized Games to Attack Windows Users *

Russian Citizen Arrested for Selling Thousands of Stolen Credentials *

Mad Liberator Uses AnyDesk Request for Data Exfiltration Using Fake Windows Update Screem *

New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack *

Palo Alto Networks Patches Unauthenticated Command Execution Vulnerability in Cortex XSOAR *

Malicious Search Ads are Used by Tech Support Scammers to Impersonate Google *

Misuse of Azure Domains and Google to Spread Disinformation and Malware *

Chinese Hackers iSoon Target European Networks *

Bank Systems in Iran are Reportedly Targeted by a Major Cyberattack *

Sensitive Customer Data from Thousands of NetSuite E-Commerce Sites Exposed *

GitHub Flaw 'ArtiPACKED' Could Allow Repository Takeovers *

National Public Data Discloses Breach Affecting Social Security Numbers *

Massive Cloud Extortion Campaign Targets 110,000 Domains via Exposed .env Files *

Sophisticated Phishing Attacks Hit Western and Russian Civil Organizations *

Security Flaw in Pre-installed Verizon Demo App Poses Risk to Google Pixel Devices *

New Banshee Stealer Malware Targets macOS with Advanced Evasion Techniques *

Threat Actors Use Phishing Emails To Deliver Advanced Infostealer Malware *

Malspam Attacks Targets AnyDesk and Microsoft Teams To Gain Unauthorised Access *

Eastern Europe's NGOs and Media Face New Threats from Russian Hackers *

China-Supported Earth Baku Grows Cyber Attacks in Europe, Middle East, and Africa" *

Critical Remote Code Execution Vulnerability Found in SolarWinds Web Help Desk, Hotfix Released *

New EDRKillShifter Tool Used by RansomHub Group to Disable Endpoint Detection Software *

Ivanti Alerts of Critical vTM Authentication Bypass Vulnerability with Public Exploit *

Black Basta Campaign Exploits Social Engineering to Deploy SystemBC Malware *

NIST Introduces New Encryption Techniques to Defend Against Quantum Attacks *

Cyberattack Targets AutoCanada’s Internal IT Infrastructure *

Privilege Escalation Vulnerabilities Fixed in Zoom *

Technical Analysis of the Zero Click Outlook RCE vulnerability *

SAP Releases Critical Patches for Vulnerabilities in BusinessObjects and Build Apps *

Critical Flaws in T-Head CPUs Enable Total Device Compromise *

Microsoft Patch Tuesday Security Advisory - August 2024 *

FreeBSD Issues Patch for High-severity Vulnerability in OpenSSH *

Critical AWS Services Flaws Alows Attackers to Perform Remote Code Execution *

The FBI Siezed the Servers and Webistes of the Dispossessor Ransomware Operation *

Data Breach at Kootenai Health Exposes Over 464,000 Patient Records Following Ransomware Attack *

Microsoft Alerts on OpenVPN Vulnerabilities *

Multiple Vulnerabilities Enable Remote Code Execution in Google Quick Share *

Report Suggests that Fake HR Emails are Most Likely to Trick Employees *

Trump Campaign Blames Iran for Hacking After Documents are Leaked *

Rhysida Allegedly Stolen Data from BayHealth and Community Care Alliance *

The U.S. Department of Justice Arrests a Person Who Helped Hackers to Get Remote Jobs in U.S. and U.K. Firms *

EastWind Campaign Uses Malicious LNK Files to Deploy PlugY and GrewApacha Backdoors *

Extensive Customer Information Stolen in CSC ServiceWorks Breach *

Hacking of UK Government Systems and Emails by Russian Spies *

North Korean Kimsuky Group Targets Universities with Phishing Attacks *

Physical Security Firm ADT Suffers Major Data Breach *

Shadow Resource Vector AWS Vulnerabilities Reveal by Researchers *

Microsoft Warns of Unpatched Office Flaw Allowing Data Theft *

Critical Jenkins Vulnerabilities Expose Servers to Remote Code Execution *

Advanced Phishing Campaign Targeting Windows Systems *

New AMD SinkClose Vulnerability Enables Nearly Undetectable Malware Installation *

FBI Sounds Alarm on BlackSuit Ransomware *

Russia Bans Signal Over Anti-Terrorism Claims *

Critical "UnOAuthorized" Vulnerabilities Found in Microsoft Entra ID Allowing Privilege Escalation *

NCC Group Uncovers Eavesdropping Vulnerability in Sonos Smart Speakers at Black Hat USA 2024 *

Cisco Warns of Critical Exploit for Vulnerabilities in Smart Software Manager On-Prem *

Cisco Warns of Critical Zero-Day Vulnerabilities in End-of-Life Small Business IP Phones *

CISA Alerts Organizations to Critical Apache OFBiz RCE Vulnerabilities *

McLaren Health Care Systems Disrupted by INC Ransomware Attack *

0.0.0.0 Day: MacOS and Linux Devices Affected by an 18-Year-Old Browser Vulnerability *

State Sponsored Malware Found in Microsoft and Google Cloud Storage *

North Korean Cyber Espionage Targets University Academics *

Cisco Sounds Alarm on Severe RCE Vulnerabilities in Legacy IP Phones *

Fake AI Editor Ads on Facebook Infect Users with Password-Stealing Malware *

New Go-Based Backdoor Targets South Asian Media via Microsoft Graph API *

Self-Spreading Worm Named CMoon Targets High-Value Russian Entities *

Roundcube Webmail Vulnerabilities Allows Access to Email and Password *

Apple's macOS Sequoia Improves Gatekeeper to Block Unauthorized Software *

Critical Downgrade Attack Reintroduces Vulnerabilities in Patched Windows Systems *

Critical Remote Code Execution Vulnerbility in Progress WhatsUp Gold is being Abused *

Microsoft Azure Faces Significant Outage, Impacting North American Users *

Critical Security Fixes in Latest Chrome and Firefox Updates *

13000 School Devices Erased in an Attack on Moble Guardian *

National Public Data Suffered a Massive Breach Leaking 2.9 Billion Records With SSN *

IT Professionals Are Being Targeted by Chameleon Device-Takeovers Malware *

Apache OFBiz Zero-Day Vulnerability Allows Remote Code Execution *

Cyberattack on Grand Palais Rmn Causes Operational Disruptions, Museums Remain Open *

Bug in Microsoft Teams Impacts Image and Screenshot Sharing *

Researchers Found Vulnerabilities in Windows Smart App Control and SmartScreen *

Google Address the Exploitation of a Zero-Day Vulnerability in the Android Kernel *

North Korea Exploits VPN Vulnerability to Deploy Malware *

Leaked Wallpaper Vulnerability Allows Privilege Escalation Attacks on Windows *

Critical Flaw Found in Rockwell Automation Controllers *

Voter Records of Millions of US Voters Compromised Due to 13 Misconfigured Databases *

The National Crime Agency (NCA) Successfully Shut Down the Cyber Fraud Platform 'Russian Coms' *

World's First AI Act from the European Union are Taking Effect *

The Hunters International Ransomware Group Uses New SharpRhino Malware to Attack IT Professionals *

Magniber Ransomware Rampage Home Users Under Siege *

Bitdefender Error Allows Attackers to Manipulate Server Requests *

Ransomware Incident Columbus Under Investigation for Potential Data Breach *

Children's Privacy Laws Violated by TikTok according to the DOJ and FTC *

Attacks on Bytecode Interpreters Hide Malicious Code Injections *

Linux Kernel Vulnerable to New SLUBStick Cross-Cache Attack *

Cybercriminals Exploit ISP Vulnerability to Infect Users with Malware *

Minecraft DDoS Tool Unleashed on Misconfigured Jupyter Notebooks *

Hackers Exploiting Arbitrary File Upload Vulnerability in WordPress Plugin *

Microsoft Patches Critical Edge Flaw Allowing Arbitrary Code Execution *

New BITSLOTH Malware Uses BITS for Hidden Communication on Windows *

The CISA Warns of a Vulnerability in Avtech Cameras that has been Exploited in the Wild *

Russia-Linked APT28 Targets Diplomats with New Phishing Campaign Using HeadLace Malware *

Cyberespionage Group XDSpy Strikes Russian and Moldovan Entities *

New Sitting Ducks DNS Attack Allows Threat Actors to Takeover Domains *

New Variant of TgRAT Malware Targets Linux Servers *

New Android RAT BingoMod Steals Funds and Deletes Data *

Hackers Deploy Remote Access Malware by Abusing Free CloudFlare Service *

Malicious PyPI Packages were Distributed through StackExchange Answers *

DNS Compromise Hackers Take Over 35,000 Websites *

Apple Updates macOS Monterey to Fix Critical Vulnerability Exploited in the Wild *

Pharma Giant Cencora's Data Breach Exposes Extensive Personal and Health Information *

Chrome Security Update: Critical Vulnerability Patch Released to Prevent Exploitation *

Malware Associated with North Korea Attacks Windows, Linux, and macOS Developers *

Data Theft on Locked Apple Devices is Possible Due to a Siri Vulnerability *

As per CISA and FBI, DDoS Attacks Won't compromise US Elections Integrity *

Fake Google Authenticator Advertisements are Installing Malware *

OneBlood Faces Critical IT Systems Outage Due to Ransomware Attack *

Polish Businesses are Being Targeted by Malware such as Agent Tesla and Formbook *

Microsoft DDoS Attack Causes Azure Outages Affecting Critical Services *

After Two Years of Infiltration, new Mandrake Spyware was Found in Google Play Store *

SideWinder Cyberattacks Aiming for Maritime Facilities in Several Nations *

Users are tricked by the OneDrive phishing scam into running a malicious PowerShell script *

Malicious Campaign Targets Android Devices Using Telegram Bots to Steal SMS and OTPs *

Apple Releases Major Security Updates for iOS, macOS, and Safari *

Malware Campaign Targets Users with Obfuscated JavaScript and MSI Files *

Cybercriminals are Exploiting LLMs to Create Malicius Code *

Active Exploitation of Critical Vulnerability in Acronis Cyber Infrastructure *

OAuth Implementation Flaw Puts Millions of Websites at Risk of XSS Attacks *

New Specula Tool Exploits Outlook for Remote Code Execution on Windows Systems *

Proofpoint Vulnerabilities Exploited to Send Millions of Daily Phishing Emails *

Nvidia Patches High-Severity Flaws in AI and Networking Products *

Massive HealthEquity Data Breach Affects 4.3 Million People *

Malware Spreads Through 3,000 Fake GitHub Accounts *

Hackers Exploit Newly Disclosed ServiceNow Vulnerabilities *

Play and LockBit Ransomware Team Up to Amplify Cyber Attacks *

GXC Team's Advanced Phishing Tactics Exploit Android Apps and AI Technology *

Insula Group Confirms BianLian Ransomware Attack in Victoria *

Vulnerable Selenium Grid Servers Hijacked for Monero Mining *

Unveiling the Latest Banking Trojan Threats in Latin America *

Ukraine Hackers Hit Major Russian banks with DDoS attacks *

Columbus Cyber Incident Amid Wave of Ransomware Attacks on Cities *

U.S. Puts $10M Bounty on North Korean Hacker Tied to Maui Ransomware Attacks *

Malicious PyPI Package Exploits macOS Vulnerability to Capture Google Cloud Credentials *

North Korean hacker charged by the US for hospital ransomware attacks *

Paris Olympics Targeted by Cyberterrorism *

FBCS Data Breach Affects 4.2 Million People *

WhatsApp for Windows Vulnerability Enables Unwarned Execution of Python and PHP Scripts *

Belarus-Linked Hackers Target Ukrainian Organizations Using PicassoLoader Malware *

French Authorities Initiate Operation to Eradicate PlugX Malware from Infected Systems *

MCG Health Settles $8.8 Million Lawsuit regarding Data Breach *

The Crypto Exchange Gemini has Disclosed a Data Breach involving a Third Party *

Google Chrome Alerts Users to Risky Files During Download *

July Updates for Windows Server Disrupt Remote Desktop Access *

Google Resolves Chrome Password Manager Bug Hiding Credentials *

Researchers Trace Fake Postal Mailings Targeting Indian Users to China *

Siemens Patches Critical Vulnerabilities in Sicam Power Grid Products *

A PKfail Secure Boot Bypass Vulnerability Enables Attackers to Install UEFI Malware *

Progress Software Issues Patch for Severe Vulnerability in Telerik Report Server *

Researchers Reveal Flaw Allowing Access to Deleted and Private GitHub Repository Data *

Critical Vulnerability in Docker Engine Allows Attackers to Bypass Authorization Plugins *

French Law Enforcement Targets PlugX Malware with Self-Destruct Strategy *

Security Flaw in BlueStacks Emulator for Windows Puts Millions of Gamers at Risk *

Patchwork Targets Bhutan with Advanced Brute Ratel C4 Tool *

Thousands of GitHub Accounts Compromised by Malware Distribution Network *

North Korean State Actor Poses as KnowBe4 Engineer to Install Malware *

Michigan Medicine Data Breach Exposes 57,000 Patients' Information *

Hacking Forum BreachForums v1 Data Leak Exposes Members' Information *

Magento Sites Targeted by Concealed Credit Card Skimmer *

Windows 10 Update KB5040525 Fixes WDAC Issues Leading to Memory Leaks and Application Crashes *

Hackers Exploit Google Cloud for Phishing *

Chinese Hackers Deploy MgBot Malware to Target Taiwan and US NGOs *

Chinese Hackers Unleash New Version of Macma macOS Backdoor *

Dragos Unveils FrostyGoop Malware Targeting Industrial Control Systems in Ukraine *

CERT-UA Alerts on Spear-Phishing Campaign Targeting Ukrainian Research Institutions *

Cadre Holdings Hit by Cyberattack Affecting Operations *

SonicOS IPSec VPN Vulnerability Enables Attackers to Cause Denial of Service *

Daikin Targeted by Meow Hackers: 40 GB of Confidential Data Compromised *

Telegram Zero-Day Vulnerability Allowed Malicious Android APKs to Disguise as Videos *

Google Abandons Plan to Remove Third-Party Cookies in Chrome *

SocGholish Malware Exploits BOINC for Stealthy Cyberattacks *

Threat Actors Exploit Cloud Services for Credential Phishing and Malware Distribution *

Ransomware Attack Causes Severe Disruption to UK's Blood Supply *

Ubuntu Releases Patches for Critical Linux Kernel Vulnerabilities in Azure *

Microsoft Releases Tool to Remove Faulty CrowdStrike Driver on Windows *

Network Failures Force Retailers to Close Doors: Chaos Ensues *

Alert for Grand Theft Auto Fans: Fake GTA VI Beta Downloads Spreading Malware *

Federal Agencies Scramble to Resolve Major Software Outage *

NHS Overwhelmed by 999 Calls and Disruptions to GP and Hospital Services Amid Microsoft Global Outage *

Fake "CrowdStrike Hot Fix" (crowdstrike-hotfix.zip) Distributes RemCos RAT *

Crypto Pig-Butchering Exposed: The Role of Operation Spincaster *

The Role of WAN Optimization in Accelerating GenAI Networks *

MacOS Users Targeted by North Korean Hackers *

A new Linux variant from Play Ransomware Group targets ESXi *

ShadowRoot Ransomware Targets Businesses Using Weaponized PDFs *

Vulnerability in Thousands of Cloud Websites with TE.0 HTTP request smuggling *

The CrowdStrike outage leads to fake websites and phishing *

Hacker Linked to MGM Attack Arrested in UK *

Hackers Use Legitimate RMM Software to Distribute BugSleep Malware *

Octo Tempest Adds RansomHub and Qilin to VMware ESXi Attacks *

Hackers Claim Dettol Breach Affects 453,646 Users *

US Data Breach Victims Surge Over ElevenFold Yearly *

Technical Details on the Recent crowdStrike Outage *

Ransomware Gang Steals Data of 12.9 Million People from MediSecure *

Critical Splunk Vulnerability Enables Password Theft *

Pro-Houthi Threat Group Targets Humanitarian Organizations in Yemen with Android Spyware *

Major Microsoft 365 Outage Triggered by Azure Configuration Change *

Cisco Patches Critical SEG Vulnerability Allowing Root Access and Crashes *

Indian Crypto Exchange WazirX Hit by $230 Million Security Breach *

HotPage Adware Masquerades as Ad Blocker, Installs Malicious Kernel Driver *

Microsoft Massive Global Outage Disrupts Airlines, Banks, and Emergency Services Globally *

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager *

TAG-100 Cyber Espionage Campaign Targets Global Organizations Using Open-Source Tools *

Bassett Furniture Shuts Down Manufacturing After Ransomware Attack *

Vulnerabilities in SAP AI Expose Customer Data to Cyberattacks *

Cisco SSM On-Prem Vulnerability Enables Hackers to Reset Any User's Password *

Romania Confronts Hacktivist Attacks Amid Rising Geopolitical Tensions *

Chinese Hacker Group APT17 Targets Italian Firms and Government Agencies with New 9002 RAT Malware *

New Phishing Tactics Pose as HR Communications to Target Employees *

FIN7 is promoting a security-evading tool on dark web forums *

Life360 Customer Data Breach Exposes 442,519 Users *

Threat Actors Exploit Critical RCE Vulnerability in Apache HugeGraph-Server *

15 Million Trello Users' Email Addresses Exposed on Hacking Forum *

Coast Guard Faces Cyberthreats Amid Industry Reluctance *

NuGet Campaign Targets Developers with Injected Malicious Code *

MirrorFace Exploits Vulnerabilities in Internet-Facing Assets to Target Organizations *

Malicious npm Packages Hide Backdoor Code in Image Files *

Massive Ad Fraud Operation 'Konfety' Exploits Google Play Apps *

Former SEXi Ransomware Rebrands APT INC, Targets VMware ESXi Servers *

Kaspersky Lab Shutting Down U.S. Operations Following Sanctions *

Victoria's Royal Brighton Yacht Club Confirms Ransomware Attack by Medusa *

CISA Issues Warning on Actively Exploited RCE Vulnerability in GeoServer GeoTools Software *

Risk to Python's Core Repositories Following GitHub Token Leak *

Fake Microsoft Teams Ad Used in Phishing Campaign Targeting Mac Users *

Info-Stealing Malware Spread Through Windows Desktop Themes in Facebook Ads *

MuddyWatter Hacking Group Deploys New BugSleep Malware in Global Phishing Attacks *

Data Breach Exposes Personal Details of Thousands at Nokia and Microsoft *

Hacktivist Group SiegedSec Targets Heritage Foundation, Leaks Sensitive Data *

Lulu Hypermarket Data Breach Exposes 200,000 Customer Records *

Alert: DeFi Users Beware of DNS Hijacking Vulnerability Found in Squarespace Domains *

Advancements in Cybercrime Investigation Techniques *

FishXProxy Phishing Kit Makes Phishing Easy for Script Kiddi *

Leader of Zeus Malware Sentenced to 9 Years in Prison *

Singapore Banks to Phase Out One-Time Passwords in Three Months *

Hackers use PoC exploits in attacks 22 minutes after release *

NullBulge Hack: 1.1 TiB of Disney's Internal Communications Leaked *

Monitoring tool mSpy suffers data breach, revealing customer details *

Atomic Stealer delivered by fake Microsoft Teams for Mac *

APT41 Enhances Arsenal with New Stealthy Malware Loader and Backdoor *

Exim Mail Server Vulnerability Puts Millions at Risk from Malicious Attachments *

Hackers Target Advance Auto Parts, Exposing 2 million Users' Data *

Rite Aid Acknowledges Data Breach Post June Ransomware Incident *

Attacking Windows Users With Coyote Banking Trojan *

Data breach exposes 109 million AT&T call logs *

Samba file shares are exploited by DarkGate Malware *

Netgear Urges Immediate Firmware Update to Patch Critical WiFi 6 Router Vulnerabilities *

Siemens, Schneider Electric, and CISA Issue Critical ICS Patch Advisories *

RansomHub Leaks Sensitive Data from Florida Department of Health *

CrystalRay Utilizes SSH-Snake and Open Source Tools in Wide-Scale Attacks on 1,500 Targets *

ARRL Confirms Ransomware Attack Compromising Employee Data *

Palo Alto Networks Issues Critical Security Updates for Expedition Tool and PAN-OS *

Critical Zero-Click RCE Vulnerability Affects Microsoft Outlook *

Microsoft Fixes Windows 11 Bug Causing Reboot Loops and Taskbar Freezes *

PHP Vulnerability Facilitates Malware Distribution and DDoS Attacks *

Apple Warns iPhone Users of Potential Mercenary Spyware Attacks Across 98 Countries *

Evolve Bank & Trust Reports Data Breach Impacting 7.6 Million Individuals *

VMware Patches High-Risk SQL Injection Vulnerability in Aria Automation *

Citrix Releases Critical Patches for NetScaler Vulnerabilities *

Ransomware Group Exploits Vulnerability in Veeam Backup Software *

ViperSoftX Malware Utilizes AutoIT Scripting to Stealthily Execute PowerShell *

Researchers have identified new malware targeting the mining sector *

CISA Urges Developers to Eliminate OS Command Injection Vulnerabilities *

Critical Vulnerability in GitLab Allows Attackers to Execute Pipelines on Behalf of Other Users *

Microsoft 365 and Office Users Affected by '30088-27' Update Errors *

Adobe Releases Critical Patches for Multiple Products, Warns of Code Execution Risks *

SAP Patches Critical Vulnerabilities in July 2024 Security Update *

U.S. Disrupts AI-Driven Bot Network Spreading Russian Propaganda on Social Media *

New OpenSSH Vulnerability Discovered: Remote Code Execution Risk *

Apache HTTP Server Patch Released to Address Source Code Disclosure Vulnerability *

Windows 10 KB5040427 Update: Copilot Enhancements and 12 Issue Fixes *

Critical RADIUS Vulnerability: BlastRADIUS Exposes Networks to MitM Attacks *

Microsoft Patch Tuesday Security Advisory - July 2024 *

Hackers Exploit Critical Flaw in Rejetto's HFS to Spread Malware and Cryptocurrency Miners *

Alabama State Department of Education Thwarts Ransomware Attack but Data Breached *

Active Campaign Exploits Microsoft SmartScreen Vulnerability to Deliver Stealers *

Cybersecurity agencies are warning about APT40's swift adaptation in exploit tactics *

Zotac Customer RMA Information Exposed on Google Search *

Neiman Marcus Discloses Data Breach Affecting 31 Million Customer Email Addresses *

CloudSorcerer APT Group Targets Russian Government Agencies *

Dark Web Malware Logs Reveal Identities of 3,300 Users Connected to Child Abuse Websites *

Critical Ghostscript Vulnerability CVE-2024-29510 Actively Exploited in the Wild *

Cybercriminals Exploit YouTube to Spread Scams and Malware *

Concerns Rise Over OpenAI’s Security After Undisclosed Breach *

Critical Vulnerabilities Disclosed in Gogs Open-Source Git Service *

Threat Actors Target Cybersecurity Researchers with Pseudo-Exploit for regreSSHion *

Exploiting Vulnerabilities: Targeting Microsoft Exchange Servers for Sensitive Data *

Mekotio Banking Trojan Targets Latin American Financial Data *

Key Details and Impact of Shopify Data Incident *

Formula 1 Governing Body Reveals Data Breach Due to Email Compromises *

New Variant of Mallox Ransomware Targets Linux Systems *

Ticketmaster has experienced a data breach involving purported Taylor Swift tickets. *

DragonForce Ransomware Strikes New Zealand Fitness Retailer *

CISA Confronts Challenges After Major Ivanti VPN Breach *

OVHcloud Mitigates Record-Breaking 840 Mpps DDoS Attack *

New Eldorado Ransomware Targets Multiple Sectors with Advanced Customization *

Malicious QR Code Reader App on Google Play Distributes Anatsa Banking Malware *

Patelco Credit Union Hit by Ransomware, Shuts Down Banking Systems *

Brazil Halts Meta's AI Data Processing Due to Privacy Concerns *

Ethereum Email Breach Exposes 35,000 Users to Phishing Attacks *

New Botnet Zergeca, Based on Golang, Enables Powerful DDoS Attacks *

Microsoft Identifies Critical Flaws in Rockwell Automation PanelView Plus *

Google Fixes 25 Android Flaws, Including Critical Privilege Escalation Bug *

Operation MORPHEUS: Global Law Enforcement Shuts Down Cybercrime Network *

Twilio's Authy App Breach Exposes Millions of Phone Numbers *

HealthEquity Data Breach Exposes Protected Health Information *

Cisco Patches Zero-Day Vulnerability Exploited by China-Linked Velvet Ant *

Splunk Patches Multiple High-Severity Bugs in Enterprise and Cloud Platforms *

Critical OpenSSH Vulnerability Puts Millions of Servers at Risk *

Global Xbox Outage: Users Unable to Log In or Play Games *

A cyberattack using Donut and Sliver frameworks targets Israeli entities *

CapraRAT Spyware Targets Android Users Through Popular Apps *

Severe CocoaPods Vulnerabilities Put iOS and macOS Apps at Risk of Supply Chain Attacks *

HubSpot Alerts Customers to Ongoing Cyberattacks on Accounts *

Prudential Financial Reports Data Breach Impacting 2.5 Million Individuals *

Juniper Networks Issues Critical Security Updates for Router Authentication Bypass *

Ransomware Attack Hits Lurie Children’s Hospital, Compromising Personal and Health Information *

Google Chrome to Permit Isolated Web Apps Secure Access to Sensitive USB Devices *

Google Chrome to Block Entrust Certificates Starting November 2024 *

Fake IT Support Sites Spread Malicious PowerShell Scripts *

Data breach exposes customer information of dairy giant Agropur *

Infosys McCamish claims that LockBit has stolen the data of 6 million people *

A malicious npm package is targeting AWS users *

Unfurling Hemlock Threat Actor Floods Systems with Malware *

Geisinger Healthcare System Discloses Data Breach Involving Former Nuance Employee *

Critical Vulnerabilities Discovered in Emerson Gas Chromatographs by Claroty *

GitLab Releases Security Patches for 14 Vulnerabilities *

Critical Security Flaw in Vanna.AI Library Allows Remote Code Execution *

South Korean Telco KT Accused of Infecting P2P Users with Malware *

Medusa Banking Trojan Resurfaces with Stealthier, More Capable Variants *

Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow *

Snowblind Malware Exploits Android Security Feature to Bypass Protection *

New MOVEit Transfer Vulnerability Under Exploit - Apply Patch Immediately *

P2Pinfect Worm Attacks Redis Servers with Ransomware and Cryptominers *

Indonesia's National Data Center Hit by Ransomware Attack, Government Refuses to Pay $8 Million Ransom *

Neiman Marcus Data Breach Exposes Personal Information of 64,472 Individuals *

New Threat Actor Boolka Targets Websites with BMANAGER Trojan *

Hackers Drain $2 Million from CoinStats Cryptocurrency Wallets *

Google Chrome Update Fixes High-Severity Memory Safety Vulnerabilities *

Phishing Attack Hits Any.Run Malware Sandbox Service, Compromises Employee Accounts *

Supply Chain Attack on Polyfill.io JavaScript Affects Over 100,000 Websites *

Google Explores Digital Credential API for Secure Identity Verification on Chrome for Android *

New SnailLoad Attack Allows Remote Inference of User Activity Without Direct Network Access *

CISA CSAT Breach Alerts Chemical Facilities to Potential Data Theft *

New Exploit Using MSC Files and Windows XSS Vulnerability to Compromise Networks *

RedJuliett Intensifies Cyberattacks on Taiwanese Organizations *

Google Unveils Project Naptime to Enhance AI-Driven Vulnerability Research *

Path Traversal Vulnerabilities Persist Despite Modern Programming Languages *

LivaNova USA Reports Data Breach Affecting 130,000 Individuals *

Los Angeles Unified School District Data Breach: Cybersecurity Alert and Response *

Enhancing Network Security: Modern Approaches Beyond Traditional VPNs *

High-Severity UEFI Firmware Vulnerability Affects Hundreds of Intel-Based Devices *

ExCobalt Cybercrime Gang Targets Russian Organizations with New GoRed Backdoor *

Malvertising Campaign Deploys Oyster Backdoor via Trojanized Software Installers *

Critical Vulnerability in PrestaShop's pkfacebook Module Used to Steal Credit Card Data *

AdsExhaust Adware Campaign Deceives Meta Quest Users with Fake Downloads *

Twelve Kaspersky executives sanctioned by U.S. Treasury *

SneakyChef Espionage Campaign Targets Government Entities with SugarGh0st Malware *

CDK Global Cyberattack Hits Thousands of US Car Dealerships *

Chinese Cyber Espionage Groups Target Telecom Sector in Long-Running Campaign *

Change Healthcare Notifies Customers of Massive Cyberattack Impacting Patient Data *

French Diplomatic Entities Targeted by Cyber Attacks Linked to Russia *

Critical Path-Traversal Flaw in SolarWinds Serv-U Actively Exploited *

Kraken Security Flaw Exploited by Researcher to Steal $3 Million in Crypto *

Cross-Platform Scam Targets Crypto Users with Stealer Malware *

Forklift Manufacturer Crown Equipment Hit by Cyberattack, Shutting Down IT Systems *

Statewide 911 Outage in Massachusetts Linked to Firewall Error *

Chinese Users Targeted by Threat Actor Void Arachne Cyberattack Utilizing Malicious VPN MSI Files *

New Phishing Platform ONNX Store Targets Microsoft 365 Accounts *

Critical Failures in Medibank Security Exposed in Data Breach Report *

Legrand CRM CEO Addresses Data Breach, Dispels Misinformation *

Cleveland City Hall Closed Amid Confirmed Ransomware Attack *

Speculative Execution Attack on Arm CPUs' Memory Tagging Extension Raises Security *

Signal Foundation Opposes EU Proposal to Scan Private Messages for CSAM *

AMD Investigates Data Breach Amidst Cybersecurity Concerns *

Emerging Threat: Malware Targeting Docker API Endpoints for Cryptocurrency Mining *

BadSpace: Sophisticated Malware Exploiting WordPress in Multi-Stage Attacks *

Cyber Shadows: Hunt3r Kill3rs Infiltrate Schneider Electric's German Operations *

ASUS Fixes Critical Authentication Bypass Vulnerability in Various Router Models *

Microsoft Delays Recall Feature Amid Privacy and Security Worries *

High-Stakes SQL Injections in Low-Code Environments *

NiceRAT Malware Targets South Korean Users via Pirated Software *

Operation Celestial Force Uses Android and Windows Malware to Target Indian Users *

Chinese Hackers Compromise East Asian Firm for Three Years *

Social Engineering Tactics Fuel Malware Distribution! *

Data Breach Alert: The New York Times GitHub Repositories Compromised *

Pakistan-Linked Malware Campaign Expands to Target Windows, Android, and macOS *

Keytronic Confirms Data Breach Following Leak by Ransomware Gang *

Emoji-Controlled Havoc: Unmasking the New Linux Malware Operated via Discord *

New ARM 'TIKTAG' Threat Targets Chrome and Linux Systems *

Austrian Non-Profit Alleges User Tracking in Google's Privacy Sandbox *

Notorious Scattered Spider Hacker Arrested *

Grandoreiro Banking Trojan Spreads in Brazil as Smishing Scams Escalate in Pakistan *

CISA Warns of Zero-Day Windows Vulnerability Exploited by Black Basta Ransomware *

Ransomware Attack Hits Toronto's Largest School Board, TDSB *

Arid Viper's Mobile Espionage Campaign Leveraging Trojanized Android Apps *

Truist Bank Confirms Data Breach Following Appearance of Stolen Data on Hacking Forum *

Ascension Healthcare System Targeted in Hack After Employee Downloads Malicious File *

New Attack Method 'Sleepy Pickle' Targets Machine Learning Models *

Siemens, Schneider Electric, Aveva, and CISA Publish ICS Patch Tuesday Advisories *

Critical Vulnerability in JetBrains IntelliJ IDEs Exposes GitHub Tokens: Urgent Patch Required *

CISA Issues Warning on Impersonation Scams Targeting Financial Transfers *

Microsoft Patches High-Risk Zero-Click Flaw in Outlook *

Emerging Phishing Campaigns Deploy WARMCOOKIE Backdoor and Windows Search Malware *

Chrome 126 and Firefox 127 Patch Critical Security Vulnerabilities *

Black Basta Ransomware Exploits Windows Zero-Day Vulnerability, Symantec Reports *

Chinese Threat Actor SecShow's DNS Probing Activities and Emergence of Rebirth Botnet in Gaming Community *

Apple Releases visionOS 1.2 Update, Addressing First Vision Pro-Specific Vulnerability *

Cyber Incident Shuts Down Cleveland's IT Infrastructure *

Enhanced ValleyRAT Malware Campaign Unveiled with Advanced Capabilities *

Critical Vulnerabilities Discovered in Discontinued Netgear WNR614 Routers *

Adobe Patches Critical Security Flaws in Photoshop, After Effects, and Illustrator *

SAP’s June Patch Update: Critical XSS and DoS Vulnerabilities Fixed *

Microsoft Patch Tuesday Security Advisory - June 2024 *

Brooklyn DA Seizes Domains in Cryptocurrency Scam Targeting Russian Diaspora *

Microsoft Warns of Azure Service Tag Vulnerabilities for Cloud Security *

Researchers Discover Malicious VSCode Extensions with Millions of Installs *

Japanese Media Giant Kadokawa Hit by Major Cyber Attack, Properties Offline for Days *

Phishing Attack Disguised as Resume Distributes More_Eggs Malware Targeting Recruiters *

Arm Issues Warning on Actively Exploited Vulnerability in Mali GPU Kernel Drivers *

Vietnam Post Restores Operations After Ransomware Attack *

Cylance Confirms Legitimacy of Stolen Data Being Sold on Hacking Forum *

CyRC Advisory: Critical Vulnerability in EmailGPT Threatens Data Security *

Frontier Communications Discloses Data Breach Affecting Over 750,000 Individuals *

Panasonic Australia Acknowledges Cyber Incident After Akira Ransomware Claim *

SolarWinds Releases Version 2024.2 with Security Patches and Enhanced Features *

New York Times Source Code Compromised via Exposed GitHub Token *

New Phishing Campaign Employs "Paste and Run" Technique to Deliver DarkGate Malware *

Critical RCE Flaw Fixed in All PHP for Windows Versions *

CERT-UA Warns of Espionage Campaigns Targeting Ukrainian Defense Forces with SPECTR Malware *

Facing the Threat: SMBs' Concerns Over Cyberattacks and Business Continuity *

Fake Browser Update Campaigns Exploit Websites to Distribute Malware *

Hackers Leveraging Legitimate Packer Software for Covert Malware Distribution *

LAUSD Investigates Alleged Sale of Stolen Databases by Threat Actor *

Muhstik Botnet Exploits Apache RocketMQ Vulnerability for DDoS Attacks and Cryptomining *

New Attack Campaigns Exploit Years-Old ThinkPHP Flaws *

Sniffnet: A User-Friendly, Open-Source Network Monitoring Tool *

Advance Auto Parts' Snowflake Account Compromised, 3TB of Data for Sale *

Critical Vulnerabilities Discovered in Zyxel's Discontinued NAS Products *

Club Penguin Fans Hack Disney Server, Exposing 2.5 GB of Internal Data *

Belarusian Hackers Target Ukrainian Defense with Sophisticated Cyberespionage Campaign *

Critical Vulnerability in Ariane Systems' Self Check-In Kiosks Exposes Guest Data and Room Keys *

RansomHub: Evolution of Knight Ransomware Linked to Surge in Cyber Attacks *

TikTok Patches Vulnerability Used to Compromise Celebrity and Brand Accounts *

Australian Miner Northern Minerals Discloses Cyberattack, Data Leak *

Decoy Dog Trojan Targets Russian Power Companies, IT Firms, and Government Agencies *

Excel Macro Exploit Used in Multi-Stage Malware Attack on Ukraine *

Cox Modem Vulnerabilities Exposed Millions to Remote Hacking *

Critical Flaw in Telerik Report Server Allows Creation of Rogue Admin Accounts *

WhatsApp Cryptocurrency Scam Targets Cash Rewards *

Confluence RCE Patched (CVE-2024-21683) *

Google Chrome Users Must Update or Uninstall Within 72 Hours *

NPM Package Targeting Gulp Users Found Delivering RAT Malware *

Ransomware Gang RansomHub Claims Responsibility for Cyberattack on Telecom Giant Frontier *

Active Exploitation of OS Command Injection Flaw in Oracle WebLogic Server *

Microsoft India's X Account Compromised in Roaring Kitty Crypto Scam *

Kaspersky Releases Free Linux Virus Removal Tool KVRT *

Debt Collection Agency FBCS Reports Data Breach Affecting Over 3.2 Million People *

Chinese State-Sponsored Cyber Espionage Operation "Crimson Palace" Targets Southeast Asian Government *

Everbridge Reports Data Breach Involving Business and User Data *

Guardian Childcare Victoria Discloses Cyber Attack Leading to Data Breach *

Ticketek Reports Cyber Incident Impacting Customer Data *

BBC Notifies Employees of Data Breach Involving Pension Scheme Information *

BlueDelta Cyber-Espionage Campaign Targets European Networks with Headlace Malware *

Fake Browser Updates Delivering BitRAT and Lumma Stealer Malware *

CISA Warns of Active Exploitation of Linux Kernel Vulnerability CVE-2024-1086 *

Massive Cyber Attack "Pumpkin Eclipse" Bricks Over 600,000 SOHO Routers in the U.S *

Chinese Nationals Sanctioned for Botnet Linked to Massive COVID-19 Relief Fund Fraud *

Okta Issues Alert on Credential Stuffing Attacks Exploiting Cross-Origin Authentication *

New Study Exposes Most Hackable Pop Culture Passwords *

Linux Cyber Threat Actors Exploit Kiteshield Packer for Malicious Activities *

Critical WordPress Plugin Flaws Exploited for Malicious Script Injection and Backdoors *

RedTail Malware Exploits PAN-OS Flaw with Advanced Techniques and Private Mining Pools *

Cloudflare Disrupts FlyingYeti Phishing Campaign Targeting Ukraine *

US Shuts Down 911 S5 Botnet, Arrests Chinese Administrator *

Shell Data Breach Affects Thousands of Customers Worldwide *

Check Point Warns of Zero-Day Vulnerability in Network Security Gateway Products *

Critical Vulnerabilities Discovered in Eclipse ThreadX IoT Operating System *

Cooler Master Data Breach Exposes 103GB of Sensitive Information *

Cybercriminals Exploit Stack Overflow to Spread Malicious PyPi Package 'Pytoileur' *

Brazilian Banks Targeted in New AllaSenha Malware Campaign *

Microsoft Uncovers Moonstone Sleet: North Korean Threat Group's Diverse Cyber Campaign *

First American Financial and Fidelity National Financial Hit by Cyberattacks *

CatDDoS Botnet Exploits 80+ Security Flaws to Launch Widespread DDoS Attacks *

Christie’s Data Breach Highlights Cybersecurity Threats in the Auction Industry *

SingCERT Alerts Critical WordPress Plugin Vulnerabilities *

Mitigating Cybersecurity Risks: The Intersection of TLS and Dynamic DNS in Appliance Services *

ShinyHunters Allegedly Breach Ticketmaster and Live Nation, Offer Data for Sale *

Critical Vulnerabilities in Fortinet's SIEM Solution Exploited: PoC Exploit Released *

Eroding Trust: The Hidden Vulnerabilities Threatening Cybersecurity *

CERT-UA Warns of Surge in Cyberattacks by Financially-Motivated UAC-0006 *

Unveiling Targeted Malicious PyPI Packages on MacOS *

Sav-Rx Discloses Data Breach Impacting Over 2.8 Million Individuals *

Enhancing System Security with Fail2Ban: A Versatile and Proactive Approach *

New Phishing-as-a-Service Tool "Greatness" Exploits Microsoft 365 Credentials with Advanced Evasion Tactics *

TP-Link Archer C5400X Gaming Router Vulnerable to Critical Security Flaws *

Check Point Warns of Targeted Attacks on Remote Access VPN Devices and Issues Security Recommendations *

New Wave of Cyberattacks Targeting Indian Government and Aerospace Sectors Linked to Transparent Tribe *

New ATM Malware Threatens Global Banking Security with Flexible Payment Options *

New Malvertising Campaign Targets Users with Trojanized Arc Browser Installers *

Security Vulnerability Uncovered in AI-as-a-Service Provider Replicate *

Unveiling BloodAlchemy: Evolution of a RAT from ShadowPad to Deed RAT *

U.S. Pharmaceutical Giant Cencora Discloses Data Breach Affecting Sensitive Medical Information *

Microsoft Report Reveals Cybercriminal Operation Exploiting Retailers for Gift Card Fraud *

Python Minesweeper Game Used as Cover in Financial Cyberattacks *

Fake Antivirus Websites Spread Malware to Steal Sensitive Data *

Google Releases Chrome Update to Fix Fourth Zero-Day Vulnerability in Two Weeks *

Microsoft Outage Disrupts Services Including Bing and Copilot *

Ransom House Threatens Data Leak of Advance Press, Allegedly Steals 300GB of Data *

WhatsApp Warns of Government Surveillance Vulnerabilities Despite Encryption *

CentroMed Reports Data Breach Affecting Patient Confidentiality *

MITRE Reveals Cyberattack Exploiting VMware Systems for Persistence *

CISA Adds Actively Exploited Apache Flink Vulnerability to KEV Catalog *

ACSA Notifies 55,000 Individuals of Cyberattack Data Breach *

Malware Backdoored JAVS Courtroom Software Compromises Systems Worldwide *

Zoom Implements Post-Quantum Encryption for Enhanced Security *

Microsoft Introduces Recall Feature: Security and Privacy Implications *

Critical Remote Code Execution Vulnerability Discovered in Honeywell's Virtual Controller *

Nissan Oceania's Call Centre Hit by OracleCMS Data Breach *

Veeam Releases Critical Update for Backup & Replication Software *

China-Linked Hackers Increasingly Use Proxy Networks for Cyberespionage *

Newly Disclosed Threat Group Unfading Sea Haze Targets South China Sea Entities *

Blackbasta Group Claims Hack on Atlas, Major US Oil Distributor *

MediSecure Data Breach Prompts Calls for Enhanced Cybersecurity Measures *

GhostEngine Mining Campaign Disables EDR Security Through Exploiting Vulnerable Drivers *

ANZ Bank Faces Major Online Banking Outage: Customers Struggle to Access Accounts *

Critical Vulnerability Unveils Pre-auth RCE in Mirth Connect *

OpenSSF Launches Siren Mailing List for Open Source Threat Intelligence Sharing *

Western Sydney University Reveals Data Breach, Notifying 7,500 Affected Individuals *

SolarWinds Introduces Generative AI for Enhanced IT Management in Service Desk *

Critical Vulnerability "Linguistic Lumberjack" Identified in Fluent Bit *

Critical Vulnerability Discovered in Fluent Bit Utility *

Exposing Critical Infrastructure: The Risk of Public Internet Exposure for ICS Assets *

Hackers Exploit Foxit PDF Reader Vulnerability to Deploy Various Malware *

New Public RCE Exploit Targets Unpatched QNAP QTS Zero-Day Vulnerability *

New BiBi Wiper Malware Variant Deletes Disk Partition Tables, Targets Israel and Albania *

Unveiling LATRODECTUS: A Rising Threat in the Malware Landscape *

New 'Antidot' Trojan Hacks Android Devices for Data Theft and Remote Access *

Critical Vulnerability in Python Package Threatens AI Systems *

Chinese Nationals Arrested for Orchestrating $73 Million Laundering Scheme Through Pig Butchering Crypto Scam *

ARRL Cyberattack Disrupts IT Systems and Online Services *

Chinese Hackers Target U.S. AI Organizations in Sophisticated Cyber Campaign *

Ransomware Group Uses Malicious Ads to Target Windows Admins via PuTTY and WinSCP *

Grandoreiro Trojan Returns, Targets 1,500+ Banks Globally *

Chinese Cyber Espionage Group BlackTech Deploys Advanced Deuterbear RAT *

Data Breach at WebTPA Exposes Information of 2.4 Million Insurance Policyholders *

Critical Vulnerabilities Discovered in GE Ultrasound Systems *

Large-Scale Ransomware Attack Hits MediSecure E-Script Firm *

Indian Universities Targeted by a Sidecopy APT Campaign *

Facebook Messenger Exploited by North Korean Hackers in Targeted Malware Campaign *

Foxit Reader Users Targeted by PDF Exploits *

Critical Vulnerabilities Fixed in Ubuntu 24.04 LTS *

City of Wichita Ransomware Breach Exposes Personal Information *

Nissan Data Breach Compromises 53,000 Employees' Personal Information *

Cybercriminals Exploiting Ransomware Attacks Through Microsoft's Quick Assist Feature *

Intel Releases 41 Security Advisories Addressing 90 Vulnerabilities *

Massive Data Breach Affects 900k Individuals at Mississippi Healthcare Provider *

ICS Patch Tuesday: Siemens, Rockwell, Mitsubishi Electric Release Advisories *

Santander Customer and Employee Data Compromised in Third-Party Breach *

U.S. and China Clash Over AI Misuse and Restrictions *

Ebury Botnet Targets 400,000 Linux Servers *

Wireshark 4.2.5 Addresses Security Vulnerabilities and Enhances Network Analysis Capabilities *

Malicious Actors Exploit GitHub for Spreading Multiple Information Stealers *

Researchers Discover 64 Billion Annually Stolen by Southeast Asian Scam Syndicates *

Adobe Fixes Critical Flaws in Reader, Acrobat *

City of Helsinki Cyberattack Compromises Student and Personnel Data *

New Chrome Zero-Day Flaw CVE-2024-4761 Under Active Exploitation *

VMware Releases Patches for Exploited Vulnerabilities from Pwn2Own 2024 *

SAP Patches Major Vulnerabilities in CX Commerce and NetWeaver Platforms *

NHS Digital Warns of Potential Exploitation of Arcserve UDP Vulnerabilities *

Microsoft Patch Tuesday Security Advisory - May 2024 *

Black Basta Ransomware Hits Over 500 Organizations in North America, Europe, and Australia *

IoT Devices at Risk Due to Flaws in Integrated Cellular Modems *

Data Breach at FBCS Collection Agency Exposes Personal Information *

INC Ransomware Source Code Offered for Sale at $300,000 on Hacking Forums *

Apple Releases Patches for Code Execution Bugs in iPhones, iPads, and macOS *

PyPi Package Exploits macOS with Sliver Pen-Testing Suite Backdoor *

Nmap 7 95 Update Introducing Fresh OS and Service Detection Signatures *

Researchers Demonstrate GhostStripe Attack on Autonomous Vehicles *

Firstmac Limited Issues Data Breach Warning Following Cyberattack *

Ohio Lottery Data Breach Exposes Over 538,000 Individuals' Personal Information *

Google Releases Security Updates to Address Zero-Day Flaw in Chrome *

FIN7 Exploits Malicious Google Ads to Distribute NetSupport RAT *

Android Malware Impersonates Popular Apps for Credential Theft *

Ransomware Attacks Evolve into Psychological Warfare, Targeting Individuals and Families *

Government of British Columbia Investigating Cybersecurity Incidents on Government Networks *

French Medical Imaging Provider Coradix-Magnescan Faces Cyberattack, Patient Appointments at Risk *

Final Fantasy Servers Targeted by Ongoing DDoS Attacks, Players Face Login Issues *

Ascension Healthcare Cybersecurity Incident: Network Interruption Update *

Dell Technologies Issues Data Breach Notice to Customers *

LiteSpeed Cache Vulnerability Exploited by Hackers for Complete Control of WordPress Sites *

Brandywine Realty Trust Falls Victim to Ransomware Attack *

Critical Vulnerability Patched in Latest Android Update *

Critical Vulnerability Found in Tinyproxy Exposes Thousands of Instances to DoS and RCE Attacks *

BogusBazaar: Massive Online Fraud Network Scams Thousands, Stealing Millions *

Zscaler Investigates Potential Data Breach Following Hacker's Claims *

Hijack Loader Malware Adopts Advanced Anti-Analysis Techniques *

Poland Condemns Alleged Cyberattacks by Russian Group APT28 *

TunnelVision Attack Exposes Vulnerabilities in VPN Applications *

Indian Government Takes Action Against Cyber Terror, Blocks 14 Messenger Apps in J&K *

DocGo Reveals Cyberattack as Hackers Breach and Steal Patient Health Data *

LockBit Ransomware Administrator Unmasked and Charged by U.K. National Crime Agency *

Unveiling the Proliferation of Cyber Scams on Social Media and Messaging Platforms *

MITRE Corporation Reveals Details of Cyber Attack Targeting NERVE Environment *

Supply Chain Breaches Surge 68 Percent Year Over Year, Reveals DBIR *

UK Ministry of Defence Faces Data Breach Impacting Military Personnel *

New macOS Malware 'Cuckoo' Targets Intel and ARM-based Macs *

APT42 Expands Tactics with New Backdoors Targeting NGOs and Government Entities *

Law Enforcement Takes Down LockBit Group's Tor Website *

Xiaomi Devices Affected by Multiple Vulnerabilities in Apps and System Components *

City of Wichita, Kansas, Faces Ransomware Attack *

Mitigating Threats Posed by NiceCurl and TameCat Backdoor Variants *

Ukraine Reports Surge in Russian Cyberattacks Targeting Financial and Critical Infrastructure *

U.S. Reports North Korean Hackers Exploiting Vulnerable DMARC Settings *

Russian APT28 Exploits Outlook Flaw to Hack Czech, German Targets *

Chinese Researchers Identify Security Flaws in Government Websites *

Android Malware Campaign Targeting Bank Accounts in Finland *

Tamil Nadu Police Data Breach: Information Available for Sale on Dark Web *

US Government Warns of North Korean Phishing Campaigns Exploiting Weak Email Policies *

Bitwarden Debuts MFA Authenticator App for iOS and Android *

File Overwrite Flaw Endangers Popular Android Apps Xiaomi and WPS Office *

Russian Hackers Breached and Sabotaged Texas Water Treatment Plant *

LockBit Exposes Stolen Data from Cannes Hospital in France *

1,400 GitLab Servers Affected by Exploited Vulnerability *

Surge in DDoS Attacks Targeting Sweden Amid NATO Bid Process *

FortiGuard Labs Discovers Goldoon Botnet Exploiting Decade-Old D-Link Vulnerability *

Belarusian Cyber-Partisans Target KGB and State-Owned Enterprises in Recent Cyberattacks *

Latrodectus Malware Exploits Microsoft and Cloudflare Themes in New Attacks *

Data Breach at Dropbox Exposes Passwords and Authentication Information *

HPE Aruba Networking Releases Patch for Critical RCE Flaws in ArubaOS *

ZLoader Malware Evolution: New Anti-Analysis Feature and Stealthy Tactics Unveiled *

Siemens Energy Manager Software Vulnerability Highlights Persistent Deserialization Risks *

Cuttlefish: A New Malware Threat Targeting Networking Equipment and Cloud Authentication Data *

Critical Security Flaws in Judge0 Enable Sandbox Escapes and Host Takeover *

London Drugs Pharmacy Temporarily Closes Stores Due to Cybersecurity Incident *

GAO Identifies New Security Deficiencies in IRS Management Controls *

Unveiling the DarkGate Threat: Exploiting AutoHotkey and Evading SmartScreen *

Researchers Uncover Novel Attacks Targeting High-End Intel Processors *

JFrog and Docker Collaborate to Mitigate Malware Threats in Docker Hub Repositories *

U.K. Bans Default Passwords in Smart Devices to Combat Cyber Threats *

Muddling Meerkat Hackers Exploit China’s Great Firewall to Manipulate DNS *

Kaiser Permanente's Data Breach Affects 13.4 Million Patients *

Critical Vulnerability in R Programming Language Enables Supply Chain Attacks *

Google Enhances Security Measures on Play Store to Combat Malicious Apps *

Japanese Police Use Fake Payment Cards to Protect Elderly from Tech Support Scams *

DDoS Attacks Persist Against Russian Independent Media Site Meduza Post-Election *

Okta Warns of Surge in Credential Stuffing Attacks and Residential Proxy Abuse *

CISA's Ransomware Notification Pilot Resolves Over 800 Vulnerabilities *

Password Security Survey Highlights Urgent Need for Improved Cybersecurity Practices *

Ukraine Targeted in Cyber Attack Exploiting Microsoft Office Flaw *

Belarusian Hacker Group Claims Breach of KGB Network, Exposing Thousands of Personnel Files *

Security Breach Exposes 19,000 Welfare Program Accounts in California *

Organizations Remain Vulnerable to Cactus Ransomware Exploiting Qlik Sense Vulnerabilities *

New Android Banking Trojan Brokewell Enables Extensive Device Takeover and Remote Control *

Over 90,000 IP Addresses Affected by Self-Spreading PlugX USB Drive Malware *

North Korean Threat Actors Targeting Developers with Fake Job Interviews *

Malicious Websites Exploit SEO Poisoning to Spread Malware *

FTC Announces $5.6 Million Refunds to Ring Users Over Privacy and Security Issues *

North Korea-Linked Lazarus Group Unveils Complex Attack Chain Targeting Asia *

Security Research Reveals Vulnerabilities in Microsoft Warbird and Protected Media Path Technologies *

Phishing Campaign Exploiting Compromised Email Accounts Targets Autodesk Drive Users *

DOJ Announces Arrest of Samourai Wallet Founders for Money Laundering Conspiracy *

Critical Vulnerabilities in Brocade SANnav Management Application Expose Fibre Channel Infrastructure *

Hackers Exploit Cisco Zero-Days to Breach Government Networks *

Critical Security Vulnerabilities Expose Keystrokes of More Than 1 Billion Chinese Keyboard App Users *

Czech News Agency's Website Hacked, Spreads False Assassination Attempt Story *

Iran-Linked Hackers Execute Five-Year Cyber Espionage Campaign *

Multistage Attack Leveraging SSLoad and Cobalt Strike Detailed by Researchers *

Google Releases Update to Fix Critical Chrome Vulnerability *

Vulnerabilities in iSharing App Expose Millions to Location Tracking *

North Korean Hackers Target Dozens of South Korean Defense Companies *

Open-source Cloud Console Cartographer helps security teams transcribe log activity *

Russia-Linked Hacker Group Targets Indiana Water Treatment Plant *

Ransomware Report Highlights Shifts in RaaS Landscape and Increase in Victims *

Security Researchers Expose Windows Defender Vulnerability Enabling Database Deletion *

Phishing Campaign Exploiting Nespresso Website Vulnerability Evades Detection *

Kaspersky Uncovers Sophisticated Scam Targeting Telegram Users for Toncoin (TON) *

North Korean State-Sponsored Hackers Embrace AI in Cyber Operations *

GuptiMiner Malware Campaign Exploiting eScan Antivirus Update Mechanism *

JavaScript Malware Shifts to Server-Side Redirects & DNS TXT Records as Traffic Direction System (TDS) *

Critical Vulnerabilities Found in WordPress Plugin Forminator *

New PedoRansom Malware Targets Child Exploiters with Extortion Tactics *

Cyber Agency Warns of Increasing Targeting of Ukrainian Soldiers' Apps for Spying *

Androxgh0st Malware Exploits Servers Worldwide for Botnet Attacks *

Unveiling the Threat: Malicious PyPI Package "discordpy bypass 1.7" and Its Stealthy Tactics *

Uncovering a Dependency Confusion Vulnerability in an Archived Apache Project *

Surge in Quishing Attacks and Evolving Phishing Trends Highlight Latest Cybersecurity Threats *

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Vulnerabilities *

CrushFTP Urges Immediate Patching for Actively Exploited Zero-Day Vulnerability *

Beware of Sophisticated Google Ad Phishing Scam Targeting Whales Market Users *

Cannes Hospital Forced to Cancel Medical Procedures Due to Cyberattack *

Rise of Cheap, Disposable Ransomware on Dark Web Forums *

U.S. Dam Cybersecurity Raises Alarming Concerns Amid Growing Threats *

Frontier Communications Addresses Cyberattack, Works on System Restoration *

160 Ransomware Attacks Strike Food and Agriculture Sector in 2023 *

Data Breach at Michigan Healthcare Organization Affects 180,000 Individuals *

Malicious Hackers Target SAP Applications, Exploiting Cloud Migration and Security Vulnerabilities *

US Justice Department Charges Moldovan National for Operating Large-Scale Botnet *

International Law Enforcement Disrupts 'LabHost' Phishing Service, Arrests 30+ Worldwide *

Unveiling MadMxShell: A Sophisticated Malware Campaign Targeting IT Professionals *

Persistent OfflRouter Malware Infects Ukrainian Government Networks *

American Automaker's IT Staff Targeted by FIN7 in Phishing Campaign *

Mass Brute-Force Attacks Targeting VPN and SSH Services *

Czech Minister Warns of Russian Attempts to Sabotage European Railways *

Atlassian Vulnerability Exploited: Linux Variant of Cerber Ransomware Deployed *

Debian Security Update: Patching Critical Vulnerabilities in GTKWave *

Surge in Cyber Attacks Targeting Philippines Amidst South China Sea Tensions *

BreachForums Faces Cyber Attack, Admins Stand Resolute *

Kaspersky Discovers SoumniBot, a Innovative Android Banking Malware Evades Detection *

Iranian-Backed Hacking Group Allegedly Threatens Israeli Citizens with Radar System Hijack *

Threat Actors Target T-Mobile and Verizon Employees in SIM Swap Scheme *

Critical Security Flaw in Chirp Systems' Software Enables Remote Unlocking of Smart Locks *

Ukrainian Hacker Group Deploys Destructive Malware Fuxnet in Attacks Against Russian Infrastructure *

Imperva's 2024 Bad Bot Report Highlights Rising Threat of Malicious Bots *

Critical PuTTY Vulnerability Exposes NIST P-521 Private Keys *

Ivanti Alerts Users to Critical Vulnerabilities in Avalanche MDM Solution *

Orca Research Reveals LeakyCLI Vulnerability in AWS and Google Cloud CLI Tools *

LockBit Ransomware Resurfaces with Enhanced Self-Propagation Capabilities *

Global Organizations Targeted by SteganoAmor Attacks Leveraging Steganography *

Pune Cyber Crime Police Investigate 3.4 Crore Share Trading Scam *

Critical Vulnerability in Delinea Secret Server Requires Immediate Action *

Data Breach at Cisco Duo's Telephony Supplier Exposes MFA Messages Sent Over SMS and VOIP *

AI Voice Cloning: The Growing Threat to Financial Security *

Muddled Libra's Strategic Shift: Exploiting SaaS and Cloud for Extortion and Data Theft *

Omni Hotels Targeted by Daixin Ransomware Gang in Cyberattack *

Chipmaker Nexperia Confirms Data Breach by Dark Angels Ransomware Group *

Royal Mail's Barcoded Stamps Fail to Prevent Flood of Forgeries in the UK *

DPRK Utilizes Phantom DLL Hijacking and TCC Abuse by Leveraging Two MITRE Sub-Techniques *

Evolution of Earth Hundun's Cyberespionage Activities Using Waterbear and Deuterbear Malware *

Intel and Lenovo Servers Exposed to 6-Year-Old BMC Vulnerability *

Iranian Threat Actor MuddyWater Expands Arsenal with DarkBeatC2 Infrastructure *

XZ Utils Backdoor Files Found in Popular Rust Crate liblzma-sys *

Hoya Corporation Hit by Ransomware, Attackers Demand $10 Million *

Apple's Updated Warning System by Addressing Mercenary Spyware Threats and Zero-Day Exploits *

Massive SMS Phishing Scam Targets Americans with Fake Road Toll Notices *

Telegram Windows Desktop App Patched to Address Zero-Day Exploiting Python Script Launch *

Palo Alto Networks Issues Advisory for CVE-2024-3400 Exploiting Firewall Vulnerability *

Unveiling AWS's Battle Against IP Spoofing and DDoS Assaults *

FAQs from the 2024 State of the Phish Report: Understanding the Threat Landscape *

Revisiting MACT: Exploring Malicious Applications within Trusted Cloud Environments *

Security Alert: TA547 Strikes German Entities Using Rhadamanthys Malware *

Space Force Chief: US Faces Loss Without Assistance from Musk and Bezos *

X Resolves URL Error Potentially Facilitating Convincing Social Media Phishing Scams *

CISA Issues Warning: Federal Email Systems Targeted by Russian Hackers Exploiting Microsoft Accounts *

Microsoft Two-Step Phishing Campaign Targets LinkedIn Users: A Professional Hook *

Exploitation of Oversized LNK Files by Vedalia APT Group in Malware Campaign *

Circumventing SharePoint Security: Two Novel Methods for Evading Exfiltration Detection *

Data of 7.5 Million Customers Leaked in Attack on Consumer Electronics Giant boAt *

Spectre V2 Exploit Targets Intel CPU-Based Linux Systems *

Over 91,000 Smart LG TVs Exposed to Remote Takeover Due to Vulnerabilities *

New Ahoi Attacks Pose Threat to Confidential Virtual Machines *

Researchers Uncover 'Muliaka' Ransomware Group Targeting Russian Enterprises *

KernelCare Live: CVE-2024-1086 Patches Released for CloudLinux 6h and 7 Users *

Microsoft Addresses Critical Vulnerability in Azure Kubernetes Service Confidential Containers *

Browser Fingerprinting: Cybercriminal Utilization *

Phishing Deception Unveiled: Suspended Domains Unleash Malicious Payload in Latin America *

Microsoft Patch Tuesday Security Advisory - April 2024 *

Rising Trend: Malware-Initiated Vulnerability Scanning *

Hackers Focus on Human Rights Activists in Morocco and Western Sahara *

10-Year-Old Romanian Hacker Collective 'RUBYCARP' Emerges with Botnet Operations *

Security Alert: Multiple Adobe Software Products Affected by Code Execution Vulnerabilities on Patch Tuesday *

Fake E-Shop Campaign Targets Banking Security Across Regions *

New Latrodectus Malware Emerges in Phishing Campaigns *

Targus Discloses Cyberattack, Temporarily Disrupting Operations *

Google Sues Chinese Developers Over Fake Cryptocurrency Apps Scam *

UK Authorities Investigate 'Honey Trap' Scheme Targeting Westminster Figures *

D-Link NAS Devices Vulnerable to Critical Command Injection and Backdoor Flaw *

Massive Data Breaches Hit Hawai Based Insurance Giant and Healthcare Providers *

Home Depot Data Breach Exposes Employees to Phishing Risks *

Red CryptoApp Ransomware Group Unveils 'Wall of Shame' for Exposed Victims *

Cisco Alerts Users to Vulnerability in End-of-Life Small Business Routers *

Facebook Malvertising Campaigns Exploit Interest in AI to Spread Password-Stealing Malware *

Byakugan Malware Exploits Adobe Acrobat Reader Installers *

Emerging Threats to AI-as-a-Service Security *

Vulnerability in HTTP2 Protocol's CONTINUATION Frame Enables DoS Attacks *

Cyberattack Causes Disruption to Hoya's Optics Production and Orders *

City of Hope Notifies Over 800,000 Individuals of Data Breach Impacting Personal and Health Information *

Progress Software Releases Critical Patches for Flowmon Vulnerability *

Magento Shoplift Malware Targets WordPress Sites *

Visa Alerts Financial Institutions of JsOutProx Malware Surge Targeting Customers *

Rising Threat of SMS Phishing (Smishing) Targeting Enterprises *

SurveyLama Data Breach Exposes 4.4 Million Users' Personal Information *

Google Issues Patches for Actively Exploited Pixel Vulnerabilities *

Prudential Financial's Data Breach Affects 36,000 Individuals *

Ransomware Group INC Ransom Claims Responsibility for UK City Council Cyber Attack *

Security Alert: Highly Sensitive Files Disappear from Europol Headquarters *

Critical Linux Vulnerability 'WallEscape' Exposes User Passwords *

Agent Tesla Malware Targets American and Australian Organizations in Recent Campaign *

Ivanti Issues Emergency Patches for 4 Vulnerabilities in Connect Secure and Policy Secure *

Threat Actors Use YouTube Video Game Cracks to Deliver Malware *

Critical Vulnerability Detected in LayerSlider Plugin Installed on a Million WordPress Sites *

Google Settles 'Incognito Mode' Privacy Lawsuit, Agrees to Delete Billions of Browsing Records *

Surge in Cyberattacks Inflicting Physical Disruption *

Binarly Introduces Free Scanner to Detect Linux Executables Affected by XZ Utils Supply Chain Attack *

WordPress WP-Members Plugin Vulnerability Enables Script Injection *

NIST Faces Challenges with National Vulnerability Database, Urgent Calls for Action *

Google Introduces Device Bound Session Credentials (DBSC) for Enhanced Browser Security in Chrome *

Ransomware Suspected in Missouri County's Tax Payment Disruption *

Vulnerability in Hotel Self Check-In Kiosks Exposes Room Access Codes *

China-Linked Hackers Unleash Stealthy 'UNAPIMON' Malware for Covert Operations *

Malicious Android Apps Transforming Phones into Proxies for Cybercriminals Discovered *

PandaBuy Data Breach Exposes Information of 1.3 Million Users *

The Absence of Human Imperfections: AI's Identifying Flaw *

OWASP Foundation Discloses Data Breach Affecting Specific Members due to Misconfigured Legacy Wiki Server *

Indian Government Rescues 250 Citizens Compelled into Cybercrime Activities in Cambodia *

Pentagon Outlines Strategy for Enhancing Cybersecurity of Defense Industrial Base *

Sellafield Nuclear Waste Facility Faces Prosecution Over Cybersecurity Lapses *

MarineMax, a Yacht Retailer, Reveals Data Breach Following Cyberattack *

Vultur Banking Malware Masquerades as McAfee Security App on Android *

Prisma Finance Crypto Theft Concludes Unusual Week of Platform Breaches *

Activision Urges 2FA Activation for Accounts Compromised by Recent Malware Theft *

Google Podcasts Service to Close in the US Next Week *

More Than 100 Malicious Packages Aiming at Popular ML PyPi Libraries *

AT&T Reports Exposure of 73 Million Customers' Data on Dark Web *

Malicious Backdoor Discovered in xz: A Critical Data Compression Library for Linux *

Malicious Ads Distribute Stealer Malware, Targeting macOS Users *

Data Breach at Massachusetts Health Insurer Affects 2.8 Million Individuals *

Cisco Alerts Regarding Password-Spraying Attacks on Secure Firewall Devices in the US *

Darcula, The Global Threat of Phishing-as-a-Service Exploiting Victims Worldwide *

Emergence of Linux Variant of DinodasRAT in Global Cyber Campaigns *

Google Releases Chrome Browser Security Update to Patch Vulnerabilities *

NHS Scotland Contained Ransomware Attack, Ensuring Regional Isolation *

Vietnam's Leading Securities Brokerage Hit by Cyberattack, Halting Trading Operations *

Ransomware Strikes Municipalities in Texas and Georgia, Disrupting Essential Services *

Cyberattack Strikes Hot Topic with Credential Stuffing, Data Compromised *

Cryptocurrency Scammers Hijack Trezor's Twitter Account Using Fake Calendly Invite *

TheMoon Malware Rapidly Infects 6,000 ASUS Routers in 72 Hours for Proxy Service *

Code Execution Vulnerabilities Discovered in NVIDIA ChatRTX for Windows *

Chinese APT Groups Targeting ASEAN Entities Uncovered *

Guardio Labs Discovers Vulnerability in Microsoft Edge *

Hackers Target India's Defense and Energy Sectors with Malware Disguised as Air Force Invitations *

Dubious NuGet Package Raises Concerns of Chinese Industrial Espionage *

Chinese Cybersecurity Firm Linked to Communist Party Government Targets Australia *

Portugal Mandates Halt to Biometric Data Collection by Sam Altman's Worldcoin *

State Department Issues Alert on Fraudulent Scheme Targeting Payroll Systems *

UK Street Newspaper, Big Issue, Targeted by Ransomware Gang *

Japan Conducts First Cyber Defense Exercises with Pacific Island Nations *

Finland Confirms APT31 Hackers Responsible for 2021 Parliament Breach *

AMD Zen CPUs Vulnerable to New ZenHammer Memory Attack *

Giant Tiger Reports Customer Data Breach Linked to Third-Party Vendor *

Free VPN Apps on Google Play Convert Android Devices into Proxies *

Sophisticated Attack Campaign Targets GitHub with Malicious Packages Impacting Top.gg and Others *

New Zealand Reveals State-Sponsored Cyberattacks from China *

Critical 17,000 Vulnerabilities Found in German Microsoft Exchange Servers *

Raspberry Pi Transformed into Cybercriminals' Plug-and-Play Fraud Tools *

Lumen Technologies Uncovers 40,000-Strong Botnet Utilizing End-of-Life Devices *

Panera Bread Hit by Nationwide IT Outage Since Saturday *

Mitigating Shadow AI Risks in Organizational Settings *

Petersen Health Care Declares Bankruptcy Following Cyberattack and Loan Defaults *

Hacking Group R00Tk1t Targets Indian Political Party, Raises Concerns Ahead of Elections *

UK's Communications Workers Union Faces Cyberattack *

Google's AI-Driven Search Feature Accused of Promoting Scam Sites *

StrelaStealer Malware Targets Organizations in US and EU Through Large-Scale Phishing Campaigns *

Russian State-Backed Hackers Target Ukrainian Internet Providers in Sophisticated Cyberattacks *

SCAA Faces Cyberattack: Data of 70,000 Members Possibly Compromised *

Mozilla patches Firefox zero-days worth $100,000 after a two-day hackathon *

German Authorities Dismantle Major Online Marketplace for Drugs and Cybercrime *

Illinois County Government and Local College Hit by Ransomware Attacks *

FlowFixation Vulnerability in AWS Managed Workflows for Apache Airflow *

GoFetch Side-Channel Attack Targets Apple M1, M2, and M3 Processors *

Ivanti Fixes Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM *

Tax Phishing Attack Targets Small Business Owners for Social Security Numbers *

Security Researchers Uncover Critical Flaw in Hotel Door Systems *

Foxit Reader Vulnerability Exploit Sparks Urgent Patch Release *

GitHub Unveils AI-Powered Tool for Automatic Code Vulnerability Fixes *

Pwn2Own Vancouver: Successful Hacks on Windows 11, Tesla, and Ubuntu Linux *

Microsoft Releases Patch for Xbox Vulnerability After Initial Dismissal *

Chinese Hacker Exploiting Vulnerabilities Targets Global Institutions *

Malware-as-a-Service Campaign Targets Android Users in India *

Hackers Target Belgian Grand Prix Fans with Phishing Scam *

Critical Vulnerabilities Found in Argo GitOps Tool for Kubernetes *

Atlassian Fixes Critical Vulnerability in Bamboo Data Center and Server *

Windows Server Updates Trigger LSASS Memory Leak, Prompting Crashes *

Critical Vulnerabilities Addressed in Chrome 123 and Firefox 124 Updates *

US Department of Defense Celebrates Milestone in Ethical Hacking Program *

Exploitation of TeamCity Vulnerability Linked to Jasmin Ransomware and Other Malware *

New Loop DoS Attack Threatens Hundreds of Thousands of UDP-Based Hosts *

TMChecker: New Dark Web Toolset Targets Remote Access Services and E-Commerce Platforms *

Impact of Cyberattack on UnitedHealth Group's Change Healthcare Unit Sparks Legal Action *

Phishing Campaign Unveils Ingenious Microsoft Office Tactic to Distribute NetSupport RAT *

APIs Drive the Majority of Internet Traffic and Cybercriminals Exploit Them *

Pensacola City Government Phone Lines Disabled by Cyberattack *

Security Researchers Uncover Massive Data Leak from Misconfigured Google Firebase Instances *

AcidPour, A New Data-Wiping Malware Targeting Linux IoT Devices *

Expansion of International Spyware Agreement Includes Six New Countries *

Nations Direct Mortgage Data Breach Exposes 83,000 Individuals' Information *

Phishing Evolution: Hackers Target Popular Document Publishing Sites *

Relentless Cyber Activity Targeting Global Critical Infrastructure *

MediaWorks Investigates Alleged Data Breach Impacting 2.4 Million Individuals *

Machine Learning Model Repositories Vulnerable to Supply Chain Attacks *

Apex Legends Esports Tournament Temporarily Halted Due to Cheating Incident *

Key MITRE ATT&CK Techniques Exploited by Cyber Attackers *

Fujitsu Discovers Malware Breach, Customer Data Compromised *

Unveiling an Evasive Azorult Campaign Leveraging HTML Smuggling via Google Sites *

Fortra Fixes Critical Remote Code Execution (RCE) Vulnerability in FileCatalyst Transfer Tool *

Unveiling the Earth Krahang APT Campaign: Targeting Government Entities Worldwide *

Gitgub Malware Campaign Targets GitHub Users with RisePro Info-Stealer *

Ransomware Threat Targets South African Pension Data *

Unveiling a Novel Acoustic Side-Channel Attack on Keyboards *

GhostRace: New Data Leakage Attack Exploits Speculative Execution *

AT&T Denies Origin of Leaked Data Impacting 70 Million Individuals *

ShadowSyndicate Hackers Exploits CVE-2024-23334 in Aiohttp Python Library *

Scranton School District Faces Ransomware Attack, Disrupting Operations *

Encina Wastewater Authority Targeted by BlackByte Ransomware Group *

WordPress Sites Vulnerable to Takeover Due to Discontinued Security Plugins *

McDonald’s Experiences Global IT Failure Impacting Stores *

Cisco Fixes High-Severity IOS XR Vulnerabilities *

Oversubscribed and Outdated Supercomputers Cause Delays in NASA Missions *

Threat Actors Exploit Document Publishing Sites for Persistent Credential and Session Token Theft *

Irish Government Website Bug Exposing COVID-19 Vaccination Records Takes 2 Years to Publicly Disclose *

StopCrypt Ransomware: Evading Detection as the Most Widely Distributed Threat *

Real-Time URL Protection Integrated into Chrome's Standard Safe Browsing *

Researchers Outline Vulnerability in Kubernetes Allowing Takeover of Windows Nodes *

Alabama is Experiencing a DDoS Cyberattack with Alleged Support from Russian Hacktivists *

Phone Number Hijacking: SIM Swappers Targeting eSIMs *

Google's Gemini AI Vulnerable to LLM Threats, Researchers Warn *

Billion-Dollar Boat Seller MarineMax Discloses Cyberattack to SEC *

Vcurms Malware Sets Sights on Popular Web Browsers for Data Theft *

Cloud-Based Assault Targets Meson Crypto CDN Prior to Launch *

Chipmaker Patch Tuesday: Intel and AMD Tackle Fresh Microarchitectural Vulnerabilities *

Data Breach Exposes Over 2.3 Million Records from Family Entertainment Business *

Securing Third-Party App Usage in Mid-Market Companies Scaling from 500 to 5000 Employees *

Server Leak Exposes Wealth of Customer Data from Leading EV Charging Firm *

Exposed: Vulnerabilities in ChatGPT Plugins Compromise Data and Accounts *

Roku Refunds 15,000 Breached Accounts for Unauthorized Subscriptions *

Okta Denies Involvement in Data Leak on Hacking Forum *

Data of 27,000 Individuals Compromised in September Ransomware Attack on Stanford *

Microsoft Patch Tuesday Security Advisory - March 2024 *

Adobe Patches Critical Vulnerabilities in its Enterprise Products *

Siemens Ruggedcom Devices Vulnerable to Nozomi Component Flaws in ICS Patch Tuesday *

SAP Addresses Critical Command Injection Vulnerabilities with Patches *

Acer Confirms Leak of Philippine Employee Data on Hacking Forum *

EquiLend Alerts Employees of Data Theft by Ransomware Group *

Belgian Village Hit by Cyberattack on Brewery Now Faces Second Incident Targeting Coffee Roastery *

Personal Information Leaked in Jersey Data Breach *

The Global Rise of Sophisticated Vishing Campaigns *

Microsoft SCCM Misconfigurations Unveiled by Researchers as Cyberattack Vectors *

QNAP NAS Devices Vulnerable Due to Critical Security Flaw *

French Government Facing Unusually Intense Cyberattacks *

Leicester City Council Grapples with Extended IT Outage After Cyber Attack *

Russian Gov Hackers Steal Microsoft Source Code via Email Surveillance *

Paysign Investigates Potential Data Breach Amid Reports of Stolen Consumer Information *

Australian graphics company Canva says font security remains a significant issue *

Exploitation of WordPress Plugin Vulnerability Leads to Malware Infection on 3,300 Sites *

QEMU Exploitation: A Novel Tunneling Technique Threatens Company Networks *

In-Memory Web Shell Exploits Target Atlassian Confluence Vulnerability *

CISA Alerts of Exploited Pixel Phone Vulnerability *

Unpatched Sceiner Smart Lock Flaws Enable Unauthorized Door Access *

Evolution of Threats: Transition from Web3 Drainer to Distributed WordPress Brute Force Attack *

NTLM Authentication Vulnerability Exploited by TA577 Cyber Threat Actor *

Chinese Government Hacking Group Targets Tibetans in Cyber Espionage Campaign *

Swiss Government Documents and Credentials Leaked in Ransomware Attack *

Technology Disruption Under Investigation at South St. Paul Public Schools *

Snake Python-Based Information Stealer Targets Facebook Users in Cyberattacks *

Cisco Addresses High-Severity Vulnerabilities in Secure Client VPN Application *

Georgia Tech Redefines Industrial Cybersecurity Threats with Web-Based PLC Malware *

PetSmart Issues Password Resets Amid Credential Stuffing Attack *

Japanese Ministry Attributes Line Data Breach to Shared Technology with Naver *

Google's March 2024 Android Security Update Addresses Critical Vulnerabilities *

Beware of Fake Online Meeting Platforms Spreading Malicious RATs *

HHS Support Measures for Healthcare Providers Amid Change Healthcare Ransomware Attack *

Malicious Campaign Exploits Misconfigured Cloud Servers in Linux *

Organizations are deliberately launching applications with known vulnerabilities *

Canadian Financial Intelligence Agency Shuts Down Systems Amid Cyberattack *

North Korean Threat Actors Exploit ConnectWise Vulnerabilities to Deploy TODDLERSHARK Malware *

Cybercriminals Unleash Upgraded GhostLocker 2.0 Ransomware in Global Attack Campaign *

North Korean Hackers Breach South Korean Semiconductor Companies *

Apple Issues Urgent Software Update to Address Critical Security Flaws in iOS Platform *

Meta-Owned Facebook and Instagram Experience Global Outage, Prompting Swift Response *

Cybercriminals Utilize New DNS Hijacking for Investment Scams *

WogRAT Malware Exploits Online Notepad Platform in Stealthy Attacks *

FortiGuard Labs Discovers CHAVECLOAK Trojan Targeting Brazilian Banking Users *

Data Breach at Mr. Green Gaming Exposes Personal Information of 27,000 Users *

VMware Issues Urgent Patches for Critical ESXi Sandbox Escape Vulnerabilities *

Cybercriminals Embrace AI: Shaping a New Era of Malware Development *

Emerging Threat: Morris II Worm Exploits Generative AI for Malicious Propagation *

Expansion of Predator Spyware: New Network Infrastructure in Botswana and the Philippines *

RA World Ransomware: A Multistage Threat Employing Anti-AV Tactics and GPO Exploitation *

Critical Vulnerabilities in JetBrains TeamCity On-Premises Potentially Allowing Server Takeovers *

Sophisticated Phishing Attacks Target FCC Employees and Cryptocurrency Platforms *

American Express Notifies Customers of Third-Party Service Provider Data Breach *

Critical Vulnerabilities Patched in Hikvision's HikCentral Professional Security Management System *

Exploitation of Major Brand Subdomains in Large-Scale Spam Campaign *

Major Security Flaws Found in Doorbell Cameras Sold Online, Including Amazon *

FBI and CISA Release Indicators of Compromise for Phobos Ransomware *

Unit 42 Discovers New Linux Variant of Bifrost RAT with Innovative Evasion Tactics *

U.S. Court Mandates NSO Group's Disclosure of Pegasus Spyware Code to WhatsApp *

Golden Corral Data Breach Exposes Personal Information of 183,000 Individuals *

CISA Alerts to Exploitation of Windows Streaming Service Vulnerability *

Taiwan's Chunghwa Telecom Hit by Data Breach: 'Sensitive' Information Stolen by Hackers *

Meta Fixes Facebook Account Takeover Vulnerability *

North Korean Hackers Exploit Windows Zero-Day in Rootkit Attack *

SPIKEDWINE Exploits European Diplomats Through WINELOADER Attack *

BEAST AI: Disrupting Large Language Models in Just One Minute of GPU Time *

Enterprises Struggle with Mobile Fraud Amid Surge in AI-Powered Attacks *

Internet and Telecom Services Disrupted in Chad Amid Deadly Political Clashes *

New Linux Malware GTPDOOR Exploits GPRS Tunnelling Protocol for Telecom Network Attacks *

Cisco Fixes High-Severity Vulnerabilities in Data Center OS *

Irish Foreign Affairs Ministry Finds 'No Evidence' of Cyber Breach After Extortion Claim *

Pharmaceutical Distributor Cencora Discloses Data Exfiltration in Cybersecurity Incident *

Savvy Seahorse Unveils Innovative DNS CNAME Technique *

Travel Industry Faces Threat of Agent Tesla Malware Attacks Targeting Online Travelers *

New Malware Campaign "TimbreStealer" Targeting Mexican Users Discovered by Cisco Talos *

Bazaarvoice Targeted in Cyberattack by Mogilevich Ransomware Group *

Malicious JavaScript in Tornado Cash DAO Compromises Transaction Privacy *

medQ Acknowledges Data Breach Due to Software Encryption Incident *

Anycubic 3D Printers Hacked, Users Warned of Vulnerability *

Pepco Group's Hungarian Business Targeted in Phishing Attack, Suffers €15 Million Losses *

Newly Discovered Xeno RAT Trojan Poses Significant Threat on GitHub *

Web Check: Free Open-Source Intelligence Tool for Website Analysis *

LoanDepot Confirms Data Breach: Almost 17 Million Customers Affected by Ransomware Attack *

Hackers Exploit 14-Year-Old CMS Editor on Government and Education Sites for SEO Poisoning *

Critical SQL Injection Vulnerability in WordPress Plugin Puts Over 200K Websites at Risk *

Hugging Face Vulnerability Opens Door to Supply Chain Attacks on AI Models *

New IDAT Loader Version Utilizes Steganography to Distribute Remcos RAT *

Russian Cyberspies Exploit Dormant Accounts to Target Cloud Infrastructure *

North Korean Hackers Distribute Malicious npm Packages Targeting Developers *

Hackers Swipe Nearly $10 Million from Axie Infinity Co-Founder's Personal Accounts *

Critical Security Vulnerability Discovered in Popular 'Ultimate Member' WordPress Plugin *

Malawi Immigration Department Suspends Passport Services Due to Cyberattack *

ThyssenKrupp Automotive Body Solutions Business Unit Falls Victim to Cyber Attack *

Zyxel Addresses Remote Code Execution Vulnerability in Firewall Products with Patches *

Hackers Expose 2.5M Private Plane Owners' Data in LA International Airport Breach *

Major Brands' Subdomains Hijacked in Massive Spam Campaign *

Biden's Executive Order Aims to Strengthen Cybersecurity Measures at Ports *

Finance Department Expresses Regret Over Second Unintentional Data Leak in Four Months *

High-severity Vulnerability in Apple Shortcuts App Exposes Sensitive Data *

RCMP Probes Cybersecurity Incident During Ongoing Website Disruption *

Quik Pawn Shop Targeted in Alleged Cyberattack by Akira Ransomware Group *

UnitedHealth Confirms Optum Cyberattack, Leading to US Healthcare Billing Outage *

Rising Threat: Web3 Malware Exploits Cryptocurrency Assets *

SSH-Snake: Emerging Self-Modifying Worm Poses Threat to Networks *

FTC Alleges Avast Sold Customer Browsing Data to Advertisers Without Consent *

Singapore Sees Surge in Scams and Cybercrime Despite Anti-Scam Measures *

Authentication Bypass Vulnerabilities Discovered in Wi-Fi Software for Android, Linux, and ChromeOS *

Arizona Firm's Data Breach Affects 2.4 Million Patients *

Ubuntu Addresses Multiple FreeImage Vulnerabilities *

Tangerine Telecom Breach Impacts 232,000 Customers *

Signal Beta Introduces Custom Usernames for Enhanced Privacy *

Researchers Warn of Surging Banking Malware Campaign Exploiting Google Cloud Run *

Researchers Unveil 'VoltSchemer' Attacks Exploiting Wireless Charger Vulnerabilities *

Ransomware Attack Hits DC-Area School System, Affecting Data of 100,000 Individuals *

Malicious PyPI Packages Exploit DLL Side-Loading for Supply Chain Attacks *

Internal Documents from Chinese Hacking Contractor iSoon Exposed in Leak *

DDoS Attack Disrupts Top UK Universities' Services *

PSI Software, a Critical Infrastructure Vendor, Targeted by Ransomware Attack *

VietCredCare, A New Malware Threat Targeting Facebook Advertisers in Vietnam *

Chrome 122 and Firefox 123 Address High-Severity Vulnerabilities with Security Patches *

Global Law Enforcement Targets LockBit Ransomware Syndicate *

Linux Malware Campaign 'Migo' Targets Redis for Cryptomining *

Hacker group Cactus Ransomware Confirms Schneider Electric Hack *

North Korea Expands Revenue with Malware-Infused Gambling Websites as-a-Service *

Malware Attacks Increases as MacOS Adoption Rises: New Threats Target Apple Users *

M.O.R.E' Ransomware Surfaces on Dark Web, Posing Threat to Users Across Windows, Mac, and Linux Platforms *

Wyze Camera Breach Exposed 13,000 Strangers to View Inside Homes *

Critical Vulnerabilities Identified in ConnectWise ScreenConnect *

KeyTrap Vulnerability: Disrupting Internet Access with a Single DNS Packet *

Researchers Warn Smart Lawn Mowers could be a Target for Cyberattacks *

Revealing the Enigmatic 'MMS Fingerprint' Hack by NSO Group in Mobile and Wireless Networks *

Security Breach at Jaypee University in India: Allegations of Compromised Institute and Disclosure of Sensitive Data *

Anatsa Android Malware Infects Over 150,000 Devices Through Google Play Downloads *

Escalating DDoS Attacks Pose Threat to Media Freedom in Europe *

New Espionage Campaign Targets European and Iranian Embassies by Russia-Aligned Hackers *

New MonikerLink Flaw Puts Outlook Users at Risk of Data Theft and Malware Exposure *

Hackers Allegedly Breach Staffing Giant Robert Half, Offer Sensitive Data for Sale *

Critical Security Flaw in GL-AX1800 Router Allows Remote Code Execution by Attackers *

Hacker Caught Selling Bank Accounts of US and Canadian Users *

Cybersecurity Crisis Unfolds in India's Financial Sector as Motilal Oswal Breached *

Mastermind Behind FBI's Most-Wanted Zeus and IcedID Malware Cases Admits Guilt *

Eight Critical Vulnerabilities Revealed in the AI Development Supply Chain *

Cryptocurrency Firms Targeted by RustDoor macOS Backdoor Disguised as Job Offers *

Exploiting AWS for Mass Smishing: Unveiling the Malicious 'SNS Sender' Script *

U.S. Authorities Disrupt Russia-Linked Botnet Involved in Cyber Espionage Activities *

Unauthorized Access to U.S. State Government Network Exploiting Former Employee's Account *

ALPHV Ransomware Announces Successful Attacks on loanDepot and Prudential Financial *

CISA Urges Immediate Patching of Cisco ASA Flaw Exploited in Ransomware Attacks *

Critical RCE Vulnerabilities Patched by SolarWinds in Access Rights Manager *

CUSG CMS Vulnerabilities Exposed Credit Unions to Attacks *

TicTacToe Dropper Unleashes Data Theft and Multi-Threat Spread on Windows Systems *

New 'Gold Pickaxe' Malware on Android and iOS: Targeting Users through Facial Data Theft for Fraudulent Activities *

U.S. Internet Exposes Extended History of Internal and Customer Emails *

Chinese Hackers Utilize Deepfakes in Mobile Banking Malware *

RansomHouse Gang Launches MrAgent Tool for Automated VMware ESXi Attacks *

Uncovering Three Key Application Security Flaws Beyond Automated Scanner Detection *

South Korea Accuses North Korean Hackers of Breaching Presidential Office Email Account *

JabberZeus Leader Pleads Guilty to Zeus and IcedID Malware Operations *

Russian Threat Actor Turla Targets Polish NGOs with Newly Deployed TinyTurla-NG Backdoor *

ESET Fixes High-Severity Privilege Escalation Vulnerability *

Microsoft Acknowledges Exploitation of Critical Zero Day Vulnerability in Exchange Server *

Qakbot Malware Signals Potential Resurgence Post Law Enforcement Takedown *

Atlassian Vulnerability Identified as Cause of GAO Breach *

Microsoft and OpenAI Issue Alert Regarding Nation-State Hackers Utilizing AI for Cyber Attacks *

DNSSEC Vulnerability Single Malicious Packet Can Disable DNS Servers *

The Ubuntu Command not found Tool may cause Users to Install Rogue Packages *

Trans Northern Pipelines Investigates Cyber Breach by ALPHV or BlackCat Ransomware Gang *

Varta AG Halts Production Following Cyberattack on IT Systems *

Researchers Reveal KeyTrap DNS Vulnerability with Potential to Disable Large Parts of Internet *

Zoom Fixes Critical Vulnerability in Windows Applications *

Resurgence of Bumblebee Malware Attacks Following 4-Month Hiatus *

Data Breach at Integris Health Affects 2.4 Million Patients *

Cybercriminals Enhance Glupteba Botnet's Evasion Methods with Undocumented UEFI Bootkit *

Microsoft Patch Tuesday Security Advisory - February 2024 *

PikaBot Emerges with Enhanced Code Efficiency and Sneaky Strategies *

Jet Engine Dealer Reports Unauthorized Activity Amid Cybersecurity Incident *

Prudential Financial Reports Network Breach, Employee Data Compromised *

CISA Adds Roundcube Email Software Flaw to Known Exploited Vulnerabilities Catalog *

Microsoft Addresses Zero-Day Exploited in DarkMe RAT Distribution Campaign *

Cyber Fraud Epidemic: Telangana Loses 150 Crore in Just Over a Month *

Cybercriminals Exploit Three Familiar Vulnerabilities in Microsoft Word and Excel *

Ransomware Attack Shuts Down 21 Romanian Hospitals *

FCC Implements Stricter Data Breach Reporting Rules for Telecoms *

Bank of America Alerts Customers About Data Breach Following Vendor Cyberattack *

Microsoft Introduces Sudo for Windows 11 to Streamline Command Execution *

Senior Executives Targeted in Ongoing Azure Cloud Account Takeover Campaign *

Free Decryption Tool Released After Rhysida Ransomware Successfully Cracked *

Security Flaw in Smart Helmets Puts Millions in Danger of Hacking and Surveillance *

Largest Casino's Mobile App Exposes Customer Personal Information *

U.S. Justice Department Dismantles Warzone RAT Infrastructure and Apprehends Key Operators *

UK Shifts from Physical Biometric Immigration Cards to E-Visas *

Microsoft Outlook Clients Encounter Exchange ActiveSync Syncing Issues *

Canada Moves to Ban Flipper Zero and Similar Devices Amid Car Theft Concerns *

ExpressVPN Bug Exposes DNS Requests Over Years, Compromising User Privacy *

New Variant of MoqHao Android Malware Operates Without User Interaction *

Zardoor Backdoor Stealthily Targets Saudi Islamic Charity Organization *

New Ivanti Authentication Bypass Flaw Impacts Connect Secure and ZTA *

Raspberry Robin Exploits New One-Day Vulnerabilities, Enhancing Stealth and Persistence *

Advanced macOS Malware Disguised as Visual Studio Update *

Hyundai Motor Europe Hit by Black Basta Ransomware Attack *

Ransomware Attack Paralyzes Municipality of Korneuburg, Austria *

Microsoft Reveals New Windows 11 Feature: 'Sudo for Windows' *

LastPass Users at Risk from Counterfeit App on Apple App Store *

Escalating Iranian Offensive Cyber Operations Amid Israel-Hamas Conflict *

Analysis of HijackLoader Malware's Enhanced Defense Evasion Techniques *

APTs Exploit FortiOS Vulnerabilities in Critical Infrastructure Attacks *

Vulnerabilities in Cisco's Enterprise Communication Devices are Patched *

Google's Pilot Program Targets Financial Fraud by Blocking Risky Android APKs *

No Evidence of 3 Million Electric Toothbrushes Used in DDoS Attack *

Shim Vulnerability Poses Critical Risk to Majority of Linux Systems, Allowing Complete Compromise *

Security Flaw Exposes User Data in Spoutible, Prompting Concerns and Remedial Actions *

Danish Data Protection Authority Issues Injunction on Student Data Transfer to Google *

66,000 Individuals Impacted by SIM-Swapping Attacks Targeting US Insurance Giants *

Researchers Expose DiceLoader Malware Targeting Corporate Businesses *

U.S. Agencies Issue Warning on Chinese Cyber-Espionage Group's Threat to Critical Infrastructure *

Canon Mitigates 7 Critical Flaws in Small Office Printers with Urgent Patches *

Fortinet Addresses Critical Flaws in FortiSIEM with Immediate Patches *

False Facebook Job Ads Spreading 'Ov3r_Stealer' to Take Crypto and Credentials *

JetBrains Alerts of Fresh Authentication Bypass Vulnerability in TeamCity *

Verizon Insider Data Breach Impacts Over 63,000 Employees *

New Vulnerabilities Uncovered in Azure HDInsight Spark, Kafka, and Hadoop Services *

Android Addresses Critical Remote Code Execution Vulnerability with Patch *

Pennsylvania Courts Website Targeted in Denial-of-Service (DoS) Attack Disruption *

French Healthcare Firm Viamedis Faces Cyberattack, Potentially Impacting Millions *

AI SPERA Introduces Criminal IP ASM on Microsoft Azure Marketplace *

Dutch Ministry of Defence Targeted in Chinese State-Sponsored Cyberattack *

Cybercriminals Exploit Job Boards, Pilfering Millions of Resumes and Personal Data *

ApateWeb: Cybercriminals Exploit Over 130,000 Domains for Large-Scale Cyber Attacks *

Employee Falls Victim to $25.6M Deepfake Scam Involving AI-Generated CFO *

Microsoft Investigating Outlook Security Alerts Issue with .ICS Calendar Files *

Mitsubishi Electric Discloses Critical Vulnerabilities in Factory Automation Products *

Ivanti SSRF Zero-Day Actively Exploited at Scale, Warns Security Researchers *

Institute of Statistics in Albania Targeted by Iranian-Linked Hackers *

US Implements Visa Ban for Individuals Tied to Commercial Spyware Misuse *

NSO Group's Pegasus Spyware Targets Jordanian Activists and Journalists *

VajraSpy Malware Infecting Android Devices by using Patchwork's Romance Scam *

"Commando Cat", a new Cryptojacking Campaign Strikes Exposed Docker APIs *

QNAP Addresses High-Severity Vulnerabilities in QTS and Qsync Central with Patches *

A Cybercrime Operation Carried out by Interpol, Synergy, Takes Down 1,300 Servers *

Lurie Children's Hospital Halts IT Systems in Response to Cybersecurity Event *

APT28: Russian Hackers Utilize NTLM Relay Attacks to Target High-Value Organizations *

Leaky Vessels Flaws Allow Unauthorized Escape from Docker and runc Containers *

DirtyMoe Malware Strikes Over 2,000 Computers in Ukraine, Engaging in DDoS Attacks and Cryptojacking *

Latest Mispadu Banking Trojan Exploits Windows SmartScreen Vulnerability *

South African Railways Suffers Over $1 Million Loss Due to Phishing Scheme *

Critical Mastodon Flaw Enables Hijacking of Any Decentralized Account by Hackers *

Clorox Reveals $49 Million in Costs Resulting from Cyberattack *

AnyDesk Confirms Breach of Production Servers, Urges Users to Update Software and Change Passwords *

CISA Alert: Critical Security Vulnerabilities in Moby and OCI Components *

Unauthorized Access to Cloudflare via Compromised Okta Auth Tokens *

Romanian Parliament Faces Cybersecurity Breach, Exposing Officials' Confidential Information *

PurpleFox Malware Spreads Across Thousands of Computers in Ukraine *

CISA Urges Enhanced Security for SOHO Routers against Volt Typhoon Threats *

FTC Mandates Enhanced Security Measures for Blackbaud Following Major Data Breach *

FritzFrog's Return: Unleashing Log4Shell and PwnKit Exploits to Propagate Malware in Network Infrastructures *

Global Affairs Hit by Cyberattack, Initiates Shutdown of Computer Systems for Remediation *

HeadCrab 2.0 Embraces Fileless Strategy, Focuses on Exploiting Redis Servers for Cryptocurrency Mining *

CISA Issues Alert on Active Exploitation of Critical Flaws in Apple iOS and macOS *

Android Local Elevation Flaw Exploit Unleashed, Affecting 7 OEMs *

Fintech Giant Direct Trading Technologies Faces Data Leak Impacting Over 300K Traders *

Cybercriminals Leveraging Ivanti VPN Vulnerabilities to Distribute KrustyLoader Malware *

UNC4990 Strikes Italian Businesses with Weaponized USBs, Unleashing Cryptojacking Malware *

Telegram's Role in Cybercrime: Easy-to-Use Kits and Malware Fueling a Surge in Phishing Attacks *

Johnson Controls Reports $27 Million Cost and Data Breach from Ransomware Attack *

Ivanti Issues Alert on Actively Exploited Zero-Day in Connect Secure Product *

Mercedes-Benz Source Code Exposed Due to Mishandled GitHub Token *

Critical Workspace Creation Flaw in GitLab Requires Immediate Upgrade to Mitigate File Overwrite Risk *

Web-Based Ransomware Decryption Tool Facilitates Recovery of Partially Encrypted Files *

The Mother of All Breaches: Massive Release of 26 Billion Records Exposes LinkedIn, Twitter, and Major Organizations *

Threat Actors Sell 1.8TB Database of Personal Information for 750 Million Indian Mobile Users *

Ukrainian Prisoners of War Oversight Agency Faces Cybersecurity Breach *

Newly Discovered glibc Vulnerability Enables Attackers to Attain Root Access on Major Linux Distributions *

DarkGate Malware Spread Through Microsoft Teams Phishing in Group Chats *

Italian Data Protection Authority Accuses ChatGPT of Privacy Violations Under GDPR *

ZLoader Malware Resurfaces with 64-bit Windows Compatibility in Latest Variant *

Juniper Networks Issues Critical Junos OS Updates to Address High-Severity Vulnerabilities *

Rising Threat: Albabat, Kasseika, Kuiper - Emergence of New Ransomware Gangs Leveraging Rust and Golang *

Outlook Vulnerability Reveals NTLM Passwords, Researchers Warn *

Schneider Electric Faces Cactus Ransomware Attack with Threats of Data Leak *

FBI Warns of Tech Support Scams Employing Couriers for Money Collection *

Keenan & Associates Alerts 1.5 Million Individuals to Data Breach Following Summer Cyberattack *

Outlook Apps Encounter Connectivity Issues with Outlook.com, Microsoft Investigating *

45,000 Jenkins Servers Vulnerable to RCE Attacks Through Public Exploits *

Microsoft Teams Faces Second Outage in Three Days, Disrupting Services in North and South America *

Critical Jenkins Vulnerability (CVE-2024-23897) Poses RCE Threat *

Malicious PyPI Packages Deliver WhiteSnake InfoStealer Malware to Windows Systems *

Vulnerabilities in Westermo Lynx Switches Pose Risks for Industrial Organizations *

Ukraine's Major Energy, Postal, and Transportation Entities Targeted in Cyberattacks *

Pegasus Spyware Targets Mobile Devices of Journalists in Togo *

AllaKore RAT Malware Targets Mexican Companies Using Financial Fraud Techniques *

Healthcare Provider Alerts 4 Million Patients Regarding Data Breach at Perry Johnson & Associates (PJ&A) *

Ransomware Strikes Kansas City Public Transportation Authority *

Microsoft Issues Alert on Expanding APT29 Espionage Campaign Targeting Global Organizations *

Malicious Google Ads Target Chinese Users in Ongoing Malvertising Campaign *

Critical Cisco Flaw Enables Remote Takeover of Unified Communications Systems *

23andMe Confirms Data Breach: Attackers Exfiltrate Raw Genotype Data and Health Reports *

Blackwood Hackers Exploit WPS Office Update Mechanism for Malware Installation *

LODEINFO Fileless Malware Advances with Enhanced Anti-Analysis and Remote Code Techniques *

Mozilla Addresses 15 Vulnerabilities, Including Five High-Severity, in Firefox and Thunderbird Updates *

EquiLend Faces Disruptions Following Cyberattack, Initiates Investigation and Restoration Efforts *

BuyGoods.com Exposes 198GB of Internal and User Personally Identifiable Information (PII) and Know Your Customer (KYC) Data *

Critical Google Kubernetes Misconfiguration Allows Any Gmail Account to Control Clusters *

AI Expected to Escalate Ransomware Threat in the UK Over Next Two Years, Warns NCSC *

Pwn2Own Automotive 2024: Tesla Breached with Demonstration of 24 Zero-Day Exploits *

Russian Hackers Infiltrate Email Accounts of HPE Security Team *

Credential Stuffing Attack Affects Potential 340,000 Jason’s Deli Customers *

Lamassu Bitcoin ATMs Exposed to Exploits, Allowing Potential Wallet Draining *

Kasseika Ransomware Exploits Antivirus Driver to Disable Competing Security Software *

DDoS attacks are moving from megabits to terabits, according to Gcore Radar *

Malicious NPM Packages Compromise Developer SSH Keys, Exfiltrate Data via GitHub *

Fortra GoAnywhere MFT Authentication Bypass Vulnerability Exploited with Release of Exploit Code *

Ransomware Attack Strikes Veolia North America's Water Services Operations *

Active Exploitation: Critical Confluence Remote Code Execution Vulnerability Targeted in 40,000 Attacks Within 3 Days *

AerCap, Global Aviation Leasing Leader, Falls Victim to Ransomware Attack *

Apple Releases iOS 17.3, Issues Warning on WebKit Zero-Day Exploits *

Stealthy Malicious Web Redirect Scripts Concealed Within Compromised Websites *

Apple Swiftly Addresses 2024's First Zero-Day Exploit with Critical Security Updates *

North Korean Hackers Exploit Fake Research to Deploy RokRAT Backdoor *

Splunk Enterprise Addresses High-Severity Vulnerability in Latest Patches *

Apache ActiveMQ Vulnerability Exploited in Recent Wave of Godzilla Web Shell Attacks *

Java and Android Vulnerability: MavenGate Attack Poses Security Threat, Allowing Hackers to Hijack Systems via Abandoned Libraries *

MacOS Backdoor: The Lucrative Threat of Cracked Software Stealing Cryptowallets Surpasses Gold *

SEC Affirms X Account Compromised in SIM-Swapping Incident *

VMware Addresses Critical Code Execution Vulnerability in vCenter Server with Security Updates *

VF Corporation, Owner of Vans and The North Face, Discloses Ransomware Breach Impacting 35 Million Individuals *

NS-STEALER Exfiltrates Secrets from Popular Web Browsers by Using Discord Bots *

Critical Vulnerabilities Discovered in Leading Open Source AI/ML Platforms *

Brave Browser Discontinues 'Strict' Fingerprinting Protection Due to Website Compatibility Issues *

Ransomware Attack by Tietoevry Results in Disruptions for Swedish Companies and Municipalities *

Ransomware Attacks Utilize TeamViewer for Network Breaches *

Developer Charged with Hacking Following Disclosure of Cybersecurity Concerns *

Cyberattack Disrupts IT Network and Services at Kansas State University *

Docker Hosts Compromised in Ongoing Scheme for Website Traffic Theft *

Unpatched Vulnerabilities in Rapid SCADA Pose Risks to Industrial Systems *

Vulnerability in TensorFlow CI and CD Exposes Supply Chain to Poisoning Attacks *

Google Detects Deployment of Spica Backdoor Malware by Russian FSB Hackers *

Inferno Drainer's Scam-as-a-Service Drains 87 Million Dollars from 137000 Victims *

PixieFail UEFI Vulnerabilities Pose Risks of Remote Code Execution, Denial of Service, and Data Theft for Millions of Computers *

GitHub Rotates Keys to Mitigate Credential-Exposing Vulnerability *

VMware Issues Urgent Patch for Critical Aria Automation Flaw *

LeftoverLocals Attacks Expose AI Data Leak in GPUs from AMD, Apple, and Qualcomm *

A Botnet Bigpanzi has Infected 170,000 Android TV Boxes with Malware *

Microsoft Warns of Iranian Hackers Using Fresh MediaPl Malware to Target Researchers *

Exposes Pegasus Spyware on iPhone with a New iShutdown Method *

PAX PoS Terminal Vulnerability Enables Transaction Tampering by Attackers *

Have I Been Pwned adds 71 Million Emails from NazAPI Stolen Account Dataset *

Oracle Addresses 200 Vulnerabilities in January 2024 Critical Patch Update *

Atlassian Alerts Critical Remote Code Execution Vulnerability in Confluence Versions *

Google Addresses First Actively Exploited Chrome Zero-Day of 2024 *

FBI and CISA Issue Alert as Androxgh0st Malware Botnet Targets AWS and Microsoft Credentials *

New Attack Wave Spreads Remcos RAT Through Adult Games *

Ransomware Attack Hits Majorca's Calvia City, Extortionists Demand $11 Million *

Critical Zero-Day Vulnerabilities in Citrix Netscaler Exploited *

MyFlaw Security Flaw in Opera Browser Exposes Mac and Windows Users to File Execution Attacks *

Balada Injector Exploits Plugin Vulnerability, Compromising 7,100 WordPress Sites *

Windows SmartScreen Vulnerability Exploited to Deliver Phemedrone Malware *

High-Severity Vulnerabilities Detected in Bosch Thermostats and Smart Nutrunners *

Over 178,000 SonicWall Firewalls Exposed to DoS and Potential RCE Vulnerabilities *

Microsoft Working on Fix for Windows 10 0x80070643 Errors in KB5034441 Update Installation *

Lush, UK Cosmetics Retailer, Confirms Cyberattack *

Ivanti Connect Secure Exploited with Zero-Days to Deploy Custom Malware *

GitLab Issues Warning on Critical Zero-Click Account Hijacking Vulnerability *

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit *

Critical Remote Code Execution Vulnerability Discovered in Juniper SRX Firewalls and EX Switches *

CISA Warns of Actively Exploited Critical Microsoft SharePoint Vulnerability *

Atomic Stealer Upgrade Targets Mac Users with Encrypted Payload *

Microsoft Releases Script for Updating Windows 10 WinRE with BitLocker Fixes *

Python-Powered FBot Hacking Toolkit Targets Cloud and SaaS Platforms *

Major T-Mobile Outage Disrupts Account Access and Mobile App Functionality *

Risk Emerges for ERP Systems as New Proof-of-Concept Exploit Targets Apache OFBiz Vulnerability *

Critical Vulnerabilities Expose 150k WordPress Sites to Takeover Risk Through POST SMTP Mailer Plugin *

Framework Computer Reveals Data Breach Following Phishing Attack on Accountant *

Data Breach at Fidelity National Financial Exposes Personal Information of 1.3 Million Individuals *

Pro-Ukraine Hackers Retaliate, Breach Russian ISP in Response to Kyivstar Attack *

Free Decryptors Unveiled for Victims of Black Basta and Babuk's Tortilla Ransomware *

Hathway Faces Data Breach as Hacker Leaks KYC Data of 4 Million Users *

Cisco Addresses Critical Unity Connection Bug Allowing Attackers to Obtain Root Privileges *

The Newest Mirai-Based Botnet Exploiting SSH Servers for Cryptocurrency Mining *

Saudi Ministry Exposes Sensitive Data, Posing Substantial Cybersecurity Threat *

Significant Data Breach Raises Alarm Over Potential Exposure for Entire Brazilian Population *

Water Curupira Hackers Unleash PikaBot Loader Malware in Ongoing Cyber Threat Campaign *

Turkish Hackers Targeting Weakly Secured MSSQL Servers for Global Ransomware Attacks *

CISA Adds Six Actively Exploited Vulnerabilities to KEV Catalog Affecting Apple, Adobe, Apache, D-Link, and Joomla Products *

Security Flaws Discovered in QNAP and Kyocera Device Manager *

Windows 10 KB5034122 Update Addresses Shutdown Bug *

Microsoft Patch Tuesday Security Advisory - January 2024 *

Fake Hack-Back Offers Target Ransomware Victims, Warns Cybersecurity Firm *

CISA Issues Warning on Exploitation of Apache Superset Vulnerability *

Beirut International Airport experienced a cyber attack *

NoName Group's DDoS Assault Targets Ukrainian Government Websites *

Maldives Government Websites Recover After Cyberattack Amid Diplomatic Strains *

North Korea's DPRK Hackers Pilfered $600 Million in 2023 Cryptocurrency Heist *

NIST Highlights Security and Privacy Risks Amid Swift Deployment of AI Systems *

Cross Switch Faces Data Breach and 3.6 Million Records Potentially Compromised *

Hackers Exploit Netgear and Hyundai X Accounts for Crypto Draining Scams *

Toronto Zoo Confirms Ransomware Attack Had Zero Impact on Animal Wellbeing *

Syrian Cyber Group Unleashes Destructive SilverRAT Threat *

Sea Turtle Cyber Espionage Campaign Strikes Dutch IT and Telecom Sectors *

Cyberattack on loanDepot Mortgage Firm Disrupts IT Systems and Payment Portal *

Cyberattack Strikes Municipal Systems in West Virginia City *

Ivanti Warns of Critical EPM Vulnerability Allowing Device Hijacking *

Cyber Partisans Hacktivist Group Targets and Shuts Down Belarusian News Agency BelTA *

Pays Fouesnantais and France's Township Faces Municipal Service Disruption after Cyberattack *

New macOS Backdoor Threat SpectralBlur Linked to North Korean Hackers *

New Variant of Bandook RAT Targets Windows Machines *

Hackers Exploit Vulnerabilities in Apache RocketMQ Servers for RCE Attacks *

Data Breach at Now-Defunct Ambulance Service Affects Nearly 1 Million Individuals *

In an assault on KyivStar, Russian hackers erased thousands of Systems *

UAC-0050 Adopts Novel Phishing Strategies for Dispensing Remcos RAT *

Mandiant’s Twitter Account Recovered Following Six-Hour Crypto Scam Breach *

Malware Exploiting Google MultiLogin Vulnerability to Persist After Password Reset *

Linux Targeted by 3 Malicious PyPI Packages Deploying Crypto Miners *

SMTP Smuggling Flaw Enables Attackers to Bypass Security and Spoof *

CISA Alert: Actively Exploited Vulnerabilities Found in Chrome and Excel Parsing Library *

Australian Court Service Faces Breach, Hearing Recordings Potentially Compromised *

Xerox's U.S. Subsidiary XBS Falls Victim to Breach as Ransomware Gang Leaks Data *

Orbit Chain's $86 Million Loss in Year-End 2023 Fintech Hack *

Android Game Developer's Google Drive Misconfiguration Exposes Cloud Security Risks *

Windows 10 and 11 Face New DLL Search Order Hijacking Variant, Evading Protections *

Kimsuky Hackers Utilize AppleSeed, Meterpreter, and TinyNuke in Recent Attacks *

New Malware 'JinxLoader' Delivering Formbook and XLoader Threats *

EasyPark Reveals Data Breach Affecting Potentially Millions of Users *

Anna Jaques Hospital's Computer System Compromised in Cyberattack *

Albanian Parliament and Telecom Company Targeted in Cyberattacks *

Lockbit Ransomware Causes Emergency Care Disruption in German Hospitals *

Russian Military Hackers Unleash New MASEPIE Malware in Targeted Campaign Against Ukraine *

Ransomware Attack Strikes Trinidad and Tobago's Social Security Agency *

Microsoft Takes Action to Safeguard Against Malicious Exploitation, Disabling MSIX Protocol Handler *

Chinese Hackers Exploit Fresh Zero-Day in Barracuda's ESG Appliances *

Critical Zero-Day Vulnerability in Apache OfBiz ERP System Poses Business Threat *

Corewell Health Faces Another Data Breach, Affects Over 1 Million Patients *

DragonForce Ransomware Claims Cyberattack on Ohio Lottery *

LoanCare Notifies 1.3 Million Individuals Regarding Data Breach *

Microsoft Word docs used to impersonate the Nepali government in a Nim-based campaign *

Cyber-Phishing Attacks with Cryptocurrency Drainers are on the Rise *

A New Ransomware Variant of Carbanak Banking Malware has been Discovered *

Android or Xamalicious Stealth Backdoor Actively Infecting Devices *

Reports of a Data Breach have been Investigated by Video Game Giant UBISOFT *

LONEPAGE Malware Targets Ukrainian Companies with UAC-0099 Exploit Based on WinRAR *

ESET Resolves High-Severity Flaw in Multiple Product's Secure Traffic Scanning *

The Iranian Hackers have Developed a New Backdoor for Hacking Windows *

Cloud Atlas' Targeted Spear-Phishing Strikes: Russian Agro and Research Firms Under Attack *

New Instagram Phishing Campaign Targets 2FA Backup Codes *

Indian government Entities Targeted by Rust-based Malware *

WordPress Plugin Breach: E-Commerce Sites Vulnerable to Credit Card Theft *

Europol Alerts to 443 Online Stores Infected with Credit Card Theft Scripts *

Ubisoft Initiates Investigation into Recent Reports of Security Breach *

Akira Ransomware Group Takes Credit for Cyberattack on Nissan Australia *

Mint Mobile Reveals Fresh Data Breach, Unveiling Customer Information Exposure *

Chrome Extensions Forcing 1.5 million Fake VPNs to be Installed *

Chameleon Android Malware Disables Fingerprint Unlock to Pilfer PINs *

OpenAI Addresses ChatGPT Data Leak with Imperfect Fix Rollout *

Cyberattack Forces First American to Shut Down IT Systems *

A New FalseFont Malware Title Targets Defense Firms, According to Microsoft *

Healthcare Software Provider's Data Breach Affects 2.7 Million Patients *

Google Addresses the Eigth Actively Exploited Zero-Day Vulnerability in Chrome *

Critical Pre-Auth Stack Buffer Overflows Affect Ivanti Avalanche *

F5 BIG-IP Zero-Day Alert Emails Spreading Data-Wiping Malware *

HCL Technologies Faces Ransomware Attack: Ongoing Investigation Underway *

FBI Disrupts BlackCat Ransomware Operation and Develops Decryption Tool *

FBI Reveals ALPHV Ransomware Profited $300 Million from 1,000 Victims *

The Terrapin attack can compromise the security of OpenSSH connections *

GitHub Exploited by Hackers to Skirt Detection and Compromise Hosts *

Web Injections Campaign Targets 50000 Users, Stealing Banking Data in Ongoing Threat *

Mr. Cooper Data Breach Exposes 14.7 Million Individuals to Security Risks *

Iran's Gas Stations Hit by Suspected Cyberattack, Causing Widespread Disruption *

Microsoft Reveals High-Severity Remote Code Execution Flaw in Perforce Helix *

Xfinity Reveals Data Breach Following Citrix Server Hack *

Customer Data Exposed in Cyberattack on MongoDB, Company Confirms *

Qbot Malware Resurfaces in Phishing Campaign Aimed at Hospitality Sector *

Google Phishing Ads Target WordPress Hosting Provider Kinsta *

Rhadamanthys Stealer Malware Advances with Enhanced Capabilities *

Ransomware Threats Target Patients of Fred Hutch Cancer Center *

3CX Issues Warning to Disable SQL Database Integrations *

Data Breach at Delta Dental of California Exposes Personal Information of 7 Million Individuals *

U.S. Nuclear Research Lab's Data Breach Affects 45,000 Individuals *

A Cryptocurrency Wallet Supply Chain Attack Stole $600K from Ledger dApps *

NKAbuse Malware Leveraging NKN Blockchain for Covert Comms *

Kraft Heinz Probes Alleged Hack, Assures Normal System Operations *

Hackers Hijack SOHO Routers and VPN Devices with Stealthy KV-Botnet *

Phishing Evolution: BazarCall Adopts Google Forms for Credible Deception *

CISA Warns of Russian Hackers Targeting TeamCity Servers Since September *

Microsoft Takes Control of Domains Selling Fake Outlook Accounts *

Hackers Leverage Public PoC to Exploit Critical Flaw in Apache Struts *

1,450 Exposed pfSense Servers Vulnerable to RCE Attacks via Bug Chain *

Booking-Themed Scam Unleashes New MrAnon Stealer Malware, Targets German Users *

Threat Actor Exploits Recruiters with Malicious More Eggs Backdoor Malware *

Microsoft Warns of OAuth App Exploitation for BEC and Cryptomining Attacks *

Sophos Proactively Backports Remote Code Execution (RCE) Fix for Unsupported Firewalls Post-Attacks *

Russian APT28 Launches Cyber Espionage Campaign Across 13 Nations *

Microsoft Patch Tuesday Security Advisory - December 2023 *

HTML Injection Bug in Counter-Strike 2 Exposes Players' IP Addresses *

University of Wollongong Confirms Data Breach and Alerts Authorities *

Americold, Cold Storage Giant, Confirms Data Breach After Malware Attack in April *

Critical Bug in Backup Migration Plugin Exposes 50K WordPress Sites to RCE Attacks *

Emergency Apple Updates Address Zero-Day Vulnerabilities in Older iPhone Models *

Researchers have Unmasked Sandman APT's Hidden Connection to China's KEYPLUG Backdoor *

The Lazarus Hackers have Released a New RAT Malware Using a Two-Year-Old Bug in Log4j *

A Record 2.6 Billion Users Records have been Exposed by Apple, but End-to-End Encryption Wins Out *

The AutoSpill Attack Steals Passwords from Android Password Managers *

Ransomware Gang Confirms Cyber Hit on California Hospital *

Norton Healthcare Reveals Data Breach Following May Ransomware Attack *

New HeadCrab Variant Exploits Redis Servers for Root Access *

Google Drive Users Continue to Face Challenges Despite Proposed Fix for File Recovery *

Email Sending Challenges in Microsoft Outlook for Users with Extensive Folders *

5Ghoul Vulnerability Strikes Qualcomm and MediaTek Chip-Powered 5G Phones *

Iranian Threat Poses Risk to Israel's Critical Infrastructure Through 'Polonium' Proxy *

New Bluetooth Vulnerability Enables Hackers to Seize Control of Android, Linux, macOS, and iOS Devices *

WordPress Resolves POP Chain Vulnerability, Safeguarding Websites Against RCE Exploits *

Data Breaches at Two Cambridge Hospitals are Caused by Excel Spreadsheets *

Microsoft Alerts on COLDRIVER's Adaptive Evasion Techniques and Credential Theft Strategies *

Russian State-Sponsored Hackers Target NATO Rapid Response Corps in Cybersecurity Breach *

Linux Servers are Infected with the Krasue RAT Malware using Embedded Rootkits *

North Korean Hacker Group Andariel Targets South Korean Companies, Stealing Defense Secrets *

Austal USA, Navy Contractor, Confirms Cyberattack and Data Leak *

US Senator Exposes Government Surveillance via Mobile Notifications on Apple and Google Users *

Qualcomm Discloses Exploited Chip Flaws in Targeted Attacks *

Intel and AMD CPUs are Vulnerable to SLAM Attacks that Steal Sensitive Data *

Critical Infrastructure Routers Face 21 Sierra Vulnerabilities *

Nissan Proactively Investigating Cybersecurity Incident and Assessing Potential Data Breach *

Critical Remote Code Execution Vulnerabilities Patched in Various Atlassian Products *

Go Module Repositories on GitHub: The Growing Threat of Repojacking *

Kali Linux 2023.4 Features GNOME 45 and 15 New Tools in Latest Release *

Cyberattack Confirmed by HTC Global Services after Data was Leaked *

23andMe Confirms Hackers Accessed Data from Millions of Users *

Thousands of Israeli Hospital Documents have been Leaked by Iran-Linked Hackers *

U.S. Government Agencies Compromised Through Exploitation of Adobe ColdFusion Vulnerability by Hackers *

WALA, International Dog Breeding Organization, Reveals 25GB of Pet Owners' Data *

Beware: iPhone Users Alerted to Deceptive Fake Lockdown Mode Attack *

The SpyLoan Android Malware has been Downloaded 12 Million Times from Google Play *

Android Security Updates for December 2023 Address 85 Vulnerabilities, Including a Zero-Day RCE Vulnerability *

More than 20,000 Microsoft Exchange Servers at Risk of Exploitation in Cyber Attacks *

WeMystic Fortune-Telling Platform Exposes Over 13 Million User Records *

Tipalti Probes Allegations of Data Breach Amid Ransomware Attack *

Microsoft Issues Alert on Malvertising Campaign Propagating CACTUS Ransomware *

The Fake Security Advisory Pushes Backdoor Plugins for WordPress *

Russian Cyber Threat Actors Exploit Outlook Vulnerability to Hijack Exchange Accounts *

AeroBlade Hackers Target U.S. Aerospace Sector in Fresh Campaign *

MIPS Devices are Targeted by a Stealthier Version of P2Pinfect Malware *

Revolutionizing Browsing: Google Chrome's Cache Update *

Hospitals are urged to patch Citrix Bleed bug *

Since 2017, North Korea's State Hackers Have Stolen $3 Billion in Crypto *

Pirated Software Distributes Proxy Malware Targeting Mac Users *

Qilin Ransomware Linux Variant Concentrates on Targeting VMware ESXi *

Berglund Management Group Discloses Data Breach Affecting Over 50,000 Individuals in the US *

VMware Resolves Critical Authentication Bypass in Cloud Director After 2 Weeks of Unpatched Vulnerability *

Microsoft Windows KB5032278 Update Introduces Copilot AI Assistant, Addresses 13 Bugs *

Newly Discovered Agent Raccoon Malware Exploited by Hackers to Create Backdoors in US Systems *

Chinese Hackers Employ SugarGh0st RAT in Targeting South Korea and Uzbekistan *

FjordPhantom Android Malware Employing Virtualization for Evasion Tactics *

North Carolina's Hendersonville Exposes Employee Data in Thanksgiving Cybersecurity Breach *

Zyxel Issues Warning on Critical Vulnerabilities Found in NAS Devices *

Staples Confirms Cyberattack as Cause for Service Disruptions and Delivery Challenges *

JAXA, Japan's Space Agency, Falls Victim to Cyberattack *

Apple Addresses Two New iOS Zero-Day Vulnerabilities with Emergency Updates *

UEFI Code Vulnerabilities Exploitable for Bootkit Implantation Through Image Files *

Cybersecurity Incident Impacts Capital Health Hospitals, Resulting in IT Disruptions *

Numerous Undisclosed secrets discovered within application images on Docker Hub *

A Ransomware Attack Exploits Qlik Sense Flaws to Infect Networks with Cactus Ransomware *

Hackers Compromise US Water Facility Through Exposed Unitronics PLCs *

Third-Party Data Breach Affects 2 Million Individuals at Dollar Tree *

Automotive Giant Yanfeng Hit by Qilin Ransomware Attack *

Egyptian E-Payment Provider Recovers After LockBit Ransomware Attack *

US Authorities Seize Sinbad Cryptocurrency Mixer Utilized by North Korean Lazarus Hackers *

Okta Data Breach in October Impacts All Users in Customer Support System *

Play Ransomware Group Targets 17 Victims, Including 14 US-Based Companies *

New 'Xaro' Variant of DJVU Ransomware Poses as Cracked Software to Deceive Users *

Experts Warn of More than 200 Malicious Android Apps Targeting Iranian Banks *

Rapid Exploitation of Critical ownCloud Vulnerability in the Wild *

Google Addresses the Sixth Actively Exploited Zero-Day Vulnerability in Chrome for 2023 *

Critical Vulnerability Uncovered in Ray AI Framework *

Bluetooth Vulnerability BLUFFS Allows Attackers to Take Command of Connections *

Hackers Can Exploit the 'Forced Authentication' Feature to Steal Windows NTLM Tokens *

Government of Serbia accused of using Military-grade Spyware against Critics *

DP World Admits Cybersecurity Breach in Australia, Reveals Data Theft Without Ransomware Deployment *

North Korean Cyber Actors Utilize Hybrid macOS Malware Tactics for Enhanced Stealth and Evasion *

Ransomware Breach Strikes Slovenia's Primary Power Giant, HSE *

Ransomware Attack Disrupts Ardent Hospital Emergency Rooms Across Six States *

Gulf Air Experiences Data Breach, Assures No Impact on Critical Operations *

Ukraine Claims Successful Hack into Russian Aviation Agency, Leaks Data *

QRadar SIEM Vulnerability Enables Remote Attackers to Initiate Denial of Service Attacks *

Ransomware Strike Erases All Player Accounts for Indie Game Developer *

Rivers Casino Customers and Employees' Sensitive Data has been Compromised by Hackers *

Rhysida Ransomware Gang Claims Breach of China Energy *

Google Drive Users Frustrated After Losing Months of Stored Data *

Appscook, School App Developer, Exposes Sensitive Data of Hundreds of Children *

The General Electric Company investigates claims of cyber attack and data theft *

KyberSwap Reports $54.7 Million in Cryptocurrency Stolen in Cyberattack *

APT Attacks Targeting the Afghan Government Use a New Web Shell Called HRServ.dll *

Supply-Chain Attack Unleashes Zero-Day Exploit in UK and South Korea Cybersecurity Incident *

Israel Targeted by Rust-Powered SysJoker Backdoor in Cyberattacks Linked to Hamas *

Confidential Kubernetes Secrets from Fortune 500 Enterprises Unveiled in Public Repositories *

OwnCloud File Sharing App Vulnerability Exposes Admin Passwords *

Neanderthals Exploit Telegram Bot "Telekopye" for Large-Scale Phishing Scams *

Data Breach Exposes Personal Information of 27,000 Members of NYC Bar Association *

CTS Cyberattack Rattles Dozens of UK Law Firms *

Germany's Federal Bar Association Probes Ransomware Attack *

Kansas Courts Affirm Data Breach and Ransom Request Following Cyberattack *

Latest Attacks by Konni Group Utilize Malicious Word Documents in Russian Language *

The Black Basta Ransomware Group has Compromised New Targets *

Widespread Distribution of New WailingCrab Malware Loader Through Shipping-Related Emails *

Indian Railway Catering and Tourism Corporation (IRCTC) Suffers Server Down Affecting E-Ticket Booking *

Expansion of ClearFake Campaign Takes Aim at Mac Systems with Atomic Stealer *

Windows Hello Authentication Bypass Identified on Microsoft, Dell, and Lenovo Laptops *

North Korean Threat Actors Employ Malware Campaigns Disguised as Job Recruiters and Seekers *

Data Breach at Welltok Exposes Information of 8.5 Million US Patients *

Tmax Enterprise software provider Experiences Data Breach, Exposing 2 Terabytes of Information *

Microsoft Reports CyberLink Breach by Lazarus Hackers in Supply Chain Attack *

Dragon Touch Children's Tablet Compromised by Corejava Malware *

Fresh Botnet Malware Leverages Pair of Zero-Day Vulnerabilities to Target NVRs and Routers *

CISA Issues Urgent Directive for Immediate Response to Looney Tunables Linux Vulnerability *

Wolf Haldenstein Adler Freeman & Herz LLP Issued a Data Breach Alert on Midwest Gaming & Entertainment, LLC. *

AutoZone Alerts of Data Breach Due to MOVEit Vulnerability *

Hacktivists Breach U.S. Nuclear Research Lab, Compromising Employee Data *

CISA's Cybersecurity Guide: Safeguarding Healthcare and Public Health Organizations *

Play Ransomware Shifts to Commercial Model, Offered as Service to Cybercriminals *

Deceptive Campaign Aims at Indian Android Users, Impersonating Banks and Government Bodies *

Latest Agent Tesla Malware Iteration Employing ZPAQ Compression in Email-Based Assaults *

South China Sea Tensions Prompt Mustang Panda Hackers Target Philippines Government *

Critical Vulnerability in Industrial Refrigeration Products Patched by Johnson Controls *

LittleDrifter USB Malware Linked to Gamaredon Spreads Outside Ukraine *

Contractor Hacks Lead to Canadian Government's Data Breach Disclosure *

Apache ActiveMQ RCE Exploited by Kinsing Malware to Install Rootkits *

New Version of LummaC2 Malware Unveils Innovative Trigonometry-Based Anti-Sandbox Technique *

Increase in NetSupport RAT Infections: Targeting Government and Business Sectors *

Phobos Ransomware Accuses VX-Underground Malware Collective of Framing *

Indian Hackers Targeting U.S., China, and Other Nations for More Than Ten Years *

FCC Implements New Regulations Safeguarding Consumers Against SIM-Swapping Threats *

RSA Keys Extracted from SSH Server Signing Errors by Researchers *

Russian Hackers Exploit WinRAR and Ngrok Features in Embassy Attacks *

Yamaha Motor's Philippine Subsidiary Hit by Ransomware Assault *

Discord Phishing Scam Emerges Following Bloomberg Crypto X Account Mishap *

CISA Adds Three Actively Exploited Vulnerabilities in Windows, Sophos, and Oracle into KEV Catalog *

Vietnam Post Corporation Leaks 1.2TB of Data, Revealing Email Addresses of Employees *

Deceptive Google Ads Lure WinSCP Users into Installing Malicious Software *

Security Researchers Uncover Malicious Packages on PyPI and NPM Repositories Targeting Developers *

Fortinet Alerts Users to Critical Command Injection Vulnerability in FortiSIEM *

Experts Reveal DarkCasino as New APT Threat Leveraging WinRAR Security Flaw *

Ransomware Group Lodges SEC Complaint Regarding Victim's Unreported Breach *

Exploitation of Zimbra Email Software's Zero-Day Flaw by Four Hacker Groups *

Toyota Acknowledges Security Breach as Medusa Ransomware Threatens Data Leak *

Significant Data Breach Reported at Smart WiFi Provider Plume by Alleged Hackers *

Long Beach, California Shuts Down IT Systems Following Cyberattack *

FBI Exposes Tactics Used by the Notorious Scattered Spider Hacker Group *

Google Workspace and Cloud Platform Vulnerable to Potential Ransomware Exploits *

FBI and CISA Alert on Opportunistic Rhysida Ransomware Attacks *

Toronto Public Library Acknowledges Data Breach in Ransomware Attack *

North Carolina County Faces Unauthorized Data Access in Cyberattack by Hackers *

Australian Agency Raises Alarm Over Threat from State-Supported Hackers *

Dolly.com's Ransom Payment Doesn't Stop Attackers from Releasing Data *

Latest PoC Exploit for Apache ActiveMQ Vulnerability Enables Low-Profile Attacks *

Denmark's Critical Infrastructure Faces Largest Coordinated Cyberattack, Targeting 22 Energy Firms *

PJ&A Cyberattack Exposed Nearly 9 Million Patient Records *

Recent Data Breach Impacts Customers of Samsung's UK Store *

FBI Announces Success in Disrupting IPStorm Botnet and Its 23,000 Malicious Proxies *

Targeted Attacks on MySQL Servers and Docker Hosts Using DDoS-Enabled Malware Detected by Researchers *

LockBit Ransomware Exploits Citrix Bleed Vulnerability, Exposing 10,000 Servers in Attacks *

Truepill Pharmacy Platform Reports Data Breach Affecting 2.3 Million Customers *

VMware Reveals Critical Authentication Bypass in VCD Appliance Without Available Patch *

New Reptar CPU Bug Impacts Intel's Desktop and Server Systems *

Vulnerability in WP Fastest Cache Plugin Puts 600k WordPress Sites at Risk of Attacks *

Vietnamese Cybercriminals Employ Delphi-Based Malware to Attack Indian Marketing Professionals *

Critical Azure CLI Vulnerability Addressed by Microsoft, Preventing Credential Leakage in Logs *

AMD CPU Vulnerability "CacheWarp" Allows Root Access in Linux VMs *

Microsoft Patch Tuesday Security Advisory - November 2023 *

Chinese Hackers Conduct Stealthy Espionage Assaults on 24 Cambodian Entities *

Lorenz Extortion Group Leaks Stolen Data from Cogdell Memorial Hospital in Texas *

IP Criminality & Advanced Cyber Threat Analysis with Cisco SecureX-XDR *

Emergence of a New Ransomware Faction Armed with Hive's Source Code and Infrastructure *

Ethereum's 'Create2' Function Abused in $60M Cryptocurrency Theft *

DP World Hit by Cyberattack, Paralyzing Thousands of Containers in Ports *

"Chess.com" Grapples with Dual Data Breaches as Threat Actors Leak 1,276,000 Scraped User Records *

Israel Alerts Organizations to BiBi Malware Wiper Attacks Targeting Linux and Windows *

Microsoft Issues Alert Regarding Fraudulent Skills Assessment Portals Targeting IT Job Seekers *

Microsoft Resolves Slow Saving Issues in Outlook Desktop with Bug Fix *

Tri-City Medical Center in Oceanside is Impacted by Ongoing Cyberattacks *

Law Enforcement Dismantles BulletProftLink, a Major Phishing Service Provider *

Data Breach at McLaren Health Care Impacts 2.2 Million People *

Healthcare Organizations Compromised as Hackers Exploit ScreenConnect Remote Access *

Iran-Linked Imperial Kitten Cyber Group Focuses its Attack on Middle East Entities *

Mr. Cooper, Major Mortgage Servicer Reports Customer Data Exposure in Security Breach *

Microsoft Warns of BlueNoroff Hackers Plans for Fresh Crypto Theft Attacks *

Maine Government Alerts 1.3 Million Individuals About MOVEit Data Breach *

Clop Ransomware Attacks Exploit Zero-Day Flaw in SysAid, Microsoft Reports *

Anonymous Sudan Claims Responsibility for DDoS Attack Leading to Cloudflare Website Outage *

Google Ads Distribute Malicious CPU-Z App via Counterfeit Windows News Site *

Ransomware Attack Affects 39,000 Individuals at Kyocera AVX *

Ransomware Attack Strikes Industrial and Commercial Bank of China *

Microsoft Provides Temporary Solution for Windows Server 2022 VMs Facing Issues *

Russian Hackers Employ LOTL Technique to Potentially Trigger Power Outages *

Data Breach at Perry Johnson & Associates, Inc. Impacts Cook County Health due to Security Incident *

CISA Issues Alert as High-Severity SLP Vulnerability Faces Active Exploitation *

Microsoft Enhances Windows 11 Security by Eliminating SMB1 Firewall Rules *

Iranian Hackers Employing New C2 Framework MuddyC2Go to Target Israel *

Datacenter Overheating Disrupts 2.5 Million Bank Transactions *

Sberbank Confronts Massive DDoS Attack with 1 Million Requests Per Second *

Undetectable Crypto Mining Technique Revealed in Azure Automation by Researchers *

Security Alert: Python Packages on PyPI Infected with Blaze Stealer Malware *

WhatsApp Unveils Enhanced Privacy Feature: Safeguarding IP Addresses During Calls *

Major Outage Knocks ChatGPT Offline, Affecting OpenAI Systems *

Hacker Exposes 35 million LinkedIn User Database on Breach Forums *

Russian-speaking Threat Actor "Farnetwork" Connected to Five Ransomware Groups *

FBI Warns of Ransomware Gangs Targeting Casinos via Third-Party Gaming Vendors *

Security Breach Unveiled by Sumo Logic, Recommends API Key Resets *

Japan Aviation Electronics Reports Unauthorized Server Access in Recent Cyberattack *

Android Security Updates for November 2023 Address 37 Vulnerabilities *

BlueNoroff Hackers Utilize ObjCShellz Malware to Create Backdoors on Macs *

GootLoader's Advanced Malware Variant Operates Covertly and Expands Swiftly *

Cisco Addresses 27 Vulnerabilities with Security Updates for Network Security Products *

Fraudulent Ledger Live App on Microsoft Store Scams Users out of $768,000 in Cryptocurrency *

Emergence of New Jupyter Infostealer Version with Advanced Stealth Tactics *

Marina Bay Sands Discloses Data Breach Impacting Information of 665,000 Customers *

China-Based E-commerce Store "Zhefengle" Exposes Millions of Chinese Citizen IDs *

Hilb Group Reveals Email Security Breach Impacting Personal Data of 81,000 Individuals *

QNAP's Alert on Critical Command Injection Vulnerabilities in QTS OS and Apps *

Multi-Platform Attack by SideCopy Threat Actor Utilizes WinRAR Zero-Day and Ares RAT to Target Indian Organizations *

Ransomware TellYouThePass Executes Remote Code Execution (RCE) Attack on Apache ActiveMQ *

Android Security Bypassed by Cybercrime Service for Malware Installation *

Veeam Issues Critical Bug Warnings for Veeam ONE Monitoring Platform *

Google Alerts Users to Possible Misuse: Cybercriminals Using Calendar Service as a Covert C2 Channel *

Socks5Systemz Proxy Service Compromises 10,000 Systems Globally *

DarkGate Malware Exploiting Microsoft Installer Files After Targeting Microsoft Teams *

DDoS Attacks Cause Disruptions in Singapore's Public Health Services *

Kinsing Actors Leveraging Latest Linux Vulnerability to Compromise Cloud Environments *

NodeStealer Malware Exploiting Facebook Business Accounts to Run Malicious Advertisements *

Allied Pilots Association of American Airlines Pilots Reveals Ransomware Attack *

CanesSpy Spyware Distributed Using Altered WhatsApp Versions *

Microsoft Exchange New Zero-Day Vulnerabilities Enable Remote Code Execution and Data Theft Attacks. *

Boeing Company Affirms Cyberattack Involving LockBit Ransomware *

Cloudflare's Data Center Power Outage Disrupts Dashboard and API Services *

Researchers Identify 34 Windows Device Drivers Vulnerable to Complete Device Compromise *

Employee Records at OKTA Exposed in Third-Party Vendor Breach of Rightway Healthcare *

Atlassian Issues Urgent Warning for Patching After Confluence Data Wiping Vulnerability Exploit *

Iran's MuddyWater Launches Spear-Phishing Campaign Targeting Israel *

Cyberattack Targets Mortgage Giant Mr. Cooper, Disrupting IT Operations *

Ace Hardware Reports Cyberattack Affecting 1,202 Devices *

Hackers from North Korea are Targeting Crypto Experts with KANDYKORN MacOS Malware *

Critical Vulnerabilities in F5 BIG-IP Products Actively Exploited in the Wild *

Mysterious Kill-Switch Deactivates Mozi Malware Botnet Operations *

CVSS 4.0: New Vulnerability Severity Rating Standard Unveiled *

Middle East Financial and Government Sectors Targeted by Iranian Cyber Espionage Group *

Citrix Bleed Vulnerability Exploited by Hackers in Global Government Network Attacks *

Over 3,000 Internet-Facing Apache ActiveMQ Servers at Risk of Remote Code Execution Attacks *

Avast Antivirus SDK Misidentifies Google App as Malware on Huawei, Vivo, and Honor Smartphones *

British Library Faces Weekend Cyberattack, Leading to Internet Access Disruptions *

Discovery of Malicious NuGet Packages Distributing SeroXen RAT Malware *

Bluetooth Spam Attacks Inspired by Flipper Zero Now Available as Android App *

The Elektra Leak Campaign Leveraging Exposed AWS IAM Credentials on GitHub for Cryptocurrency Mining Attacks *

Hackers Exploiting MSIX App Packages to Spread GHOSTPULSE Malware on Windows PCs *

SEC Files Lawsuit Against SolarWinds for Investor Misrepresentation Preceding 2020 Cybersecurity Breach *

New Phishing Campaign Utilizes Disguised Remcos RAT as Fake Payslip *

Bibi-Linux Wiper Malware Launches Destructive Attacks on Israeli Organizations *

Cyberattack Disrupts Toronto Public Library Services Over the Weekend *

India's Biggest Data Breach: 815 million COVID Test Records for Sale, Sample Authenticity Confirmed *

Hunters International Ransomware: A Potential Rebranding of Hive *

Check Point Records a High Surge in QR Code Quishing Compared to the Previous Year *

Researchers Discovered XMPP-Based Instant Messaging was Being Wiretapped *

Nevada School District Parents Receive Emailed Student Data Stolen by Hackers *

Android Adware Apps on Google Play Accumulate Over Two Million Installs *

Latest iLeakage Exploit Extracts Email Addresses and Passwords from Apple Safari *

Microsoft Reveals Octo Tempest as a Significant Threat to Financial Security *

Critical Vulnerability in NextGen's Mirth Connect Puts Healthcare Data at Risk *

StripedFly Malware Framework Infects Over One Million Windows and Linux Systems *

Iranian APT Group Tortoiseshell Unleashes Fresh IMAPLoader Malware Assaults *

Seiko Discloses Ransomware Breach Compromising Customer Data *

Alleged Cybersecurity Incident: Researcher Reports Exposure of 12 Million Patient Records at Redcliffe Labs; Company Denies Data Breach *

Potential Data Breach: 1.2 Million Airbnb User Records Reportedly Exposed *

Ransomware Attack by Rorschach Gang Disrupts Chile's Telecom Giant GTD *

GoPIX Malware Malvertising Campaign Takes Aim at Brazil's PIX Payment System *

European Government Email Servers Hacked Using Roundcube Zero-Day Exploit *

ASVEL Basketball Team Acknowledges Data Breach After NoEscape Group's Ransomware Attack Assertion *

Security Breach Impacts Five Canadian Hospitals Linked to TransForm Health Services Provider *

Modified Backdoor on Compromised Cisco Devices Evades Detection *

VMware Issues Alert About POC Availability for vRealize RCE Vulnerability *

1Password Identifies Suspicious Activity in Wake of Okta Support Breach *

BHI Energy Discloses Details of Akira Ransomware Attack on Its Systems *

City of Philadelphia Reveals Data Breach After Five Month Delay *

Firebird Backdoor by DoNot Team Targets Pakistan and Afghanistan *

Quasar RAT Exploits Dual DLL Side-Loading Technique for Covert Operations *

Associated Wholesale Grocers Claimed as a Victim by Play Ransomware Group *

Researchers Discover ExelaStealer, a Low-Cost Information Stealer Targeting Windows Systems *

American Family Insurance Confirms IT Outages Caused Due to Cyberattack *

TetrisPhantom Hackers Target Government Systems in Asia-Pacific, Stealing Data from Secure USB Drives *

Thousands of Devices Infected with Malicious Lua Backdoor Exploiting Cisco Zero-Day Vulnerability *

Significant Remote Code Execution Vulnerabilities Discovered in SolarWinds Access Audit Solution *

Okta Support System Breached Through Compromised Credentials *

DarkGate Malware Strikes U.K., U.S., and India in Vietnamese Hacking Campaign *

A Cyberattack Disrupts the Operations of Healthcare Solutions Giant Henry Schein *

Fraudulent KeePass Website Leverages Google Ads and Punycode to Distribute Malware *

Iran-Linked OilRig Launches 8-Month Cyber Campaign Targeting Middle East Governments *

BlackCat Ransomware Employing Innovative 'Munchkin' Linux VM for Covert Attacks *

A Malware Framework Named MATA Exploits EDR to Attack Defense Firms *

Casio's Data Breach Affects Customers in 149 Countries *

Synology's DiskStation Manager Admin Takeover Vulnerability Exposes NAS Devices *

Data Breach at TrueCoin's Third-Party Vendor Exposes TUSD User Information *

Lazarus Group Uses Trojanized VNC Apps to Deceptively Target Defense Experts with Fake Interviews *

Qubitstrike's Campaign Targets Cloud Environments via Jupyter Notebooks for Crypto Mining *

Security Research Reveals IT Administrators' Use of Weak Passwords on Critical Portals *

ClearFake Introduces Deceptive Browser Updates for Malware Distribution *

North Korean Hackers Exploit Critical TeamCity Vulnerability to Breach Networks *

Ampersand, a TV Advertising Sales Giant Hit by Ransomware Attack *

Knight Ransomware Group Claims BMW Munique Motors Cyberattack *

D-Link Confirms Data Breach as Data Appears on Sale at BreachForums *

The SpyNote Android Malware Spreads Through Fake Alerts about Volcanic Eruptions *

Nation-State Hackers Leveraging Discord Platform to Target Critical Infrastructure *

Open Source CasaOS Cloud Software Reveals Significant Security Vulnerabilities *

Vulnerabilities in Weintek HMIs Pose Significant Security Risks *

The 'RedAlert' Rocket Alert App for Israel was Found to Install Spyware on Android Devices *

Cisco Issues Alert Regarding Actively Exploited Zero-Day Vulnerability in IOS XE *

Threat Actors are Exploiting Potential Milesight Industrial Router Vulnerability *

Kansas Courts Shutdown IT Systems Following Security Incident *

Critical Vulnerability in WordPress Royal Elementor Plugin Exploited by Hackers *

Russian Hackers Exploit Latest WinRAR Vulnerability in Fresh Campaign *

Researchers Warn Against SpyNote, an Android Trojan that Records Calls and Audio *

Vietnam Faces Accusations of Utilizing Predator Spyware for Surveillance of EU and US Legislators *

AI Algorithm Developed to Counter Man-in-the-Middle Attacks on Unmanned Military Robots *

Steam Platform Enforces SMS Verification to Prevent Malware-Laden Updates *

Indian State Government Addresses Bug Exposing Aadhaar Numbers and Fingerprints *

Juniper Networks Addresses Over 30 Vulnerabilities in Junos OS with Security Patches *

Mysterious Network Incident Triggers Kwik Trip IT Systems Outage *

DarkGate Malware Disguised as PDF Files Spreads Through Messaging Services *

Latest PEAPOD Cyberattack Initiative Focuses on Female Political Leaders *

Shadow PC Issues Data Breach Warning as Hacker Attempts to Sell Gamer Data *

FBI Releases AvosLocker Ransomware Technical Analysis and Defense Strategies *

ToddyCat Hackers Employ 'Disposable' Malware for Asian Telecoms' Targeted Attacks *

ShellBot Employing Hex IPs for Evasion in Linux SSH Server Attacks *

NuGet Developers Infected by SeroXen RAT Through Malicious Solana and KuCoin Packages *

Philippine Statistics Agency Investigates Suspected Data Breach *

Simpson Manufacturing's Cyberattack Results in IT System Suspension *

Enterprise Systems Vulnerable to Critical SOCKS5 Vulnerability in cURL *

LinkedIn Smart Links Resurge in Phishing Campaigns Against Microsoft Accounts *

CISA Alerts to Ongoing Exploitation of Adobe Acrobat Reader Vulnerability *

Deceptive Backdoor Targets WordPress Sites by Posing as Genuine Plugin *

Chrome 118 Addresses 20 Security Vulnerabilities with Patches *

Unprecedented DDoS Assaults Leveraging Zero-Day Flaw in HTTP2 Rapid Reset Technique *

Air Europa Data Breach Sparks Urgent Warning to Customers Cancel their Credit Cards *

Safexpay Technology's Payment Gateway Breach Unveils Rs 16,180 Crore Scam *

Critical Citrix NetScaler Vulnerabilities Exposes Sensitive Data *

Massive Ad Fraud Botnet PEACHPIT Harnesses Millions of Compromised Android and iOS Devices *

Researchers Detect Grayling APT's Continuous Attacks on Various Sectors *

Mirai Variant Targets Linux Routers with 13 New Payloads *

Microsoft Patch Tuesday Security Advisory - October 2023 *

Critical Memory Corruption Vulnerability in libcue Library Threatens Linux GNOME Environments *

IoT Security Concerns Raised Due to Flaws in ConnectedIO's 3G 4G Routers *

D-Link WiFi Range Extender Susceptible to Command Injection DoS Attacks *

Over 17,000 WordPress Sites Targeted by Balada Injector by Exploiting Unpatched tagDiv Plugin *

Magecart Card Skimming Campaign Manipulate Online Store 404 Pages for Credit Card Theft *

Israeli Energy and Defense Sectors Targeted by Cyber Threat Actor with Gaza Ties *

Flagstar Bank Suffers Third Data Breach Since 2021, Impacting 800,000 Customers *

Microsoft 365 Administrators Receive Cautionary Notice About Recent Google Anti-Spam Regulations *

D.C. Board of Elections Confirms Voter Data Breach in Website Hack *

23andMe Genetics Company Reports User Data Breach in Credential Stuffing Attack *

Blackbaud Reaches $49.5 Million Settlement Over Ransomware Data Breach *

Backdoored Firmware Discovered in Android Devices Used in US Schools *

Multiple Critical Vulnerabilities Uncovered in Supermicro BMC IPMI Firmware *

3 Million Customer Records Exposed in Major CRM Provider Really Simple Systems Data Breach *

Lyca Mobile Probes Customer Data Breach Following Cyberattack *

Cyber Espionage Campaign Linked to China Deploys Cobalt Strike Backdoor in Semiconductor Firms *

New Android Trojan GoldDigger Targets Financial Apps in Asia Pacific *

Cyber Espionage Attack Targets Guyana Governmental Entity with DinodasRAT *

BitSight Uncovers 100,000 Vulnerable Industrial Control Systems (ICS) Exposed to Cybersecurity Risks *

Data Breach at European Telecommunications Standards Institute (ETSI) Following Cyberattack *

Atlassian Releases Critical Patch for Exploited Zero-Day Vulnerability in Confluence *

Hackers Exploit Breached SQL Servers to Target Azure Cloud VMs *

Cisco Resolves Hard-Coded Root Credentials Vulnerability in Emergency Responder *

Sony Confirms Data Breach Affecting Thousands of Employees in the United States *

Researchers Uncover Connection Between DragonEgg Android Spyware and LightSpy iOS Surveillanceware Tool *

New Supply Chain Attack Unleashes Open-Source Rootkit via Rogue npm Package *

Critical Apple Update Addresses Zero-Day Vulnerability Exploited in iPhone Hacks *

Cyber Security Vulnerability at National Logistics Portal (Marine) Exposes Sensitive Data *

Security Flaws in TorchServe Enable Remote Code Execution in PyTorch Models *

Mirai Botnet's Latest Variants hailBot, kiraiBot, catDDoS Found Active in Recent Attacks *

MEDUSA Ransomware Group Claims Attack on Two New Victims *

Qualcomm Releases Patch for 3 New Zero-Days Under Active Exploitation as Hackers Target GPU and DSP Drivers *

'Looney Tunables' Linux Bug Grants Root Privileges on Major Distributions *

EvilProxy Exploits indeed.com's Open Redirect for Microsoft 365 Phishing *

Lorenz Ransomware Group Launches a Major Cyberattack on Allcare Pharmacy *

Ransomware Threat Groups Targeting JetBrains' TeamCity Servers *

Arm Alerts about Exploited Mali GPU Flaws, Suspects Targeted Attacks *

Motel One Group Reveals Data Breach After Ransomware Attack *

Zanubis Android Banking Trojan Impersonates Peruvian Government App to Target Users *

Exim Releases Patches for Three of Six Zero-Day Vulnerabilities Disclosed Recently *

Zip Slip Vulnerability in OpenRefine Leads to Malicious Code Execution *

BunnyLoader, New Malware-as-a-Service (MaaS) Threat Emerges with New Capabilities *

Iran's APT Group OilRig Unleashes Menorah Malware for Stealthy Operations *

DDoS protections provided by Cloudflare ironically bypassed. *

RSA Decryption Vulnerability from 1998 Returns in Marvin Attack *

Amazon Accidentally Sends Out Mastercard and Google Play Gift Card Order Emails *

WS_FTP Server Hotfixes Released by Progress Software for Multiple Security Flaws *

The New ASMCrypt Malware Loader Allows Cybercriminals to Fly Under the Radar *

An Exploit has been Released for the Microsoft SharePoint Server Authentication Bypass Flaw *

Zero-day RCE Attacks on Millions of Exim Mail Servers *

Cisco Alerts About Exploitation Attempts Post Vulnerability Discovery in IOS and IOS XE Software *

Critical Flaw in Cisco Catalyst SD-WAN Manager Enables Remote Server Access *

Microsoft Breach by Chinese Hackers Results in Theft of 60,000 U.S. State Department Emails *

Malware-Infested Ads Infiltrating Bing's AI Chatbot *

Progress Software Issues Warning About Critical Vulnerability in WS FTP Server Software *

Password-Stealing Commits Disguised as Dependabot Contributions Target GitHub Repositories *

Budworm Hackers Launch Custom Malware Attacks on Telcos and Government Organizations *

Firefox 118 Addresses High-Severity Vulnerabilities with Security Patches *

DarkBeam Exposes Massive Cache of Email and Password Combinations in DataBreach *

Researchers Discover Modern GPUs Vulnerable to New GPU.zip Side-Channel Attack *

Malicious PyPI and npm Packages Utilised in SSH Key Compromises *

US and Japan Warn of BlackTech Hackers Backdooring Cisco Routers *

Johnson Controls, a Leading Building Automation Company, Falls Victim to Ransomware Attack *

Google Resolves the Fifth Actively Exploited Zero-Day Vulnerability in Chrome for 2023 *

ZenRAT Malware Targeting Windows Users by using the Fake Password Manager Software *

PhilHealth Faces $300K Ransom Demand Following Data Breach *

Google Reassigns Top CVE Rating to libwebp Vulnerability Impacting Browsers and Applications *

ShadowSyndicate Cybercriminals Linked to Multiple Ransomware Operations Across 85 Servers *

Chinese Hackers in Multi-Year Campaign Target South Korean Organizations *

American Red Cross Exploited as Phishing Lure by New AtlasCross Hackers *

Openfire Flaw Exploited by Hackers to Encrypt Servers *

ZeroFont Phishing Manipulates Microsoft Outlook to Display Fake AV Scans *

Critical JetBrains TeamCity Flaw Exposes Source Code and Build Pipelines *

Hong Kong Consumer Watchdog Hit by Severe Ransomware Attack *

Clop Ransomware Attack on BORN Ontario Child Registry Affects 3.4 million Individuals *

Mixin Network Halts Operations After Suffering a $200 Million Hack *

Critical BIND DNS System Vulnerabilities Enable DoS Attacks *

Three Unique Categories of Cyberattacks with Ties to China Targeting Southeast Asian Government Entities *

Xenomorph Android Malware Targets U.S. Banks and Cryptocurrency Wallets *

Phishing Campaign Lured as Drone Manuals Targets Ukrainian Military *

Spyware Operation EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese Through Watering Hole Attacks *

Data Breach at National Student Clearinghouse Affects 890 Schools *

Sony Corporation Allegedly Breached by RANSOMEDVC Ransomware Group *

Nansen, a Cryptocurrency Analytics Company, Urges Password Resets After Vendor Data Breach *

OpenSea API Users Requested to Rotate API Token Following a Third-Party Security Breach *

Stealthy and Modular Deadglyph Malware Cyberespionage Attack Targets Middle East Government Entities *

Gelsemium APT Group Targeting Southeast Asia's Government Entities *

Data Breach at Ohio Community College Exposes Nearly 300,000 Individuals *

Spyware Attacks Exploit Newly Resolved Apple and Chrome Zero-Day Vulnerabilities *

BBTok Banking Trojan's Latest Variant Takes Aim at Moreover 40 Latin American Banks *

Bermuda Government Attributes Cyberattack to Russian Hacker Group *

Cybercriminals Redirect Hotel Guests to Fake Booking.com Site to Swipe Credit Card Information *

Atlassian Addresses High-Severity Vulnerabilities with Security Updates *

New LuaDream Malware Used by 'Sandman' Hackers to Infiltrate Telecommunication Providers *

Suspected Ukrainian Hacker Linked to 'Free Download Manager' Malware Attack *

CISA and FBI Warns About Snatch Ransomware Group's Attacks *

Air Canada Confirms Security Breach, Reveals Exposure of Employee Records *

Cyber Group 'Gold Melody' is Marketing Compromised Access to Ransomware Attackers *

Apple Releases Urgent Updates to Fix Three Zero-Day Exploits *

Pizza Hut Australia Faces Data Breach Affecting 200,000 Customers *

Researchers Found Fake POC on GitHub Distributing VenomRAT Malware *

Hackers Selling Over 2million Pakistanis' Data from Restaurants After a Massive Breach *

City of Pittsburg Suffers Cyberattack Results in Outage *

Advanced Phishing Attacks Aimed at Chinese Users Using ValleyRAT and Gh0stRAT Malwares *

Nagios XI Network Monitoring Software Fixes Critical Security Flaws *

Security Flaws in Atos Unify Expose Systems to Backdoor Attacks *

Fortinet Releases Critical Security Updates for FortiOS, FortiProxy, and FortiWeb Products *

P2PInfect Botnet Updates to Stealthier Variant with Activity Surges by 600 Times *

T-Mobile App Glitch Exposes User Account Information to Others *

Hackers from China Target North American and APAC Firms with Web Skimmer Campaigns *

New Rust-Based Malware Campaign 'Operation Rusty Flag' Targets Azerbaijan Entities *

AMBERSQUID Cryptojacking Operation Attacks Leverages AWS Services *

Phishing Attack Targets Victims of Celsius Crypto Bankruptcy *

Hackers Employ new HTTPSnoop and PipeSnoop Malware to Target Telecom Companies *

Next-Gen Android Banking Trojan Hook Builds Upon ERMAC's Legacy *

International Criminal Court Systems Compromised in Recent Cyber Attack *

GitLab Urges on Users to Apply Critical Pipeline Flaw Security Updates *

Trend Micro Fixes a Critical Zero-Day vulnerability in Apex One Endpoint Security Products *

Hackers from APT36 Infect Android Devices with Clones of the YouTube App *

Unauthenticated RCE vulnerability Affects Thousands of Juniper Devices *

Bumblebee Malware Makes a Comeback, Leveraging WebDAV for New Assaults *

38TB of Private Data leaks from Microsoft's Unsecured Azure Storage *

SprySOCKS, a New Linux Malware, has been Used in Cyber Espionage Attacks *

Shell's Australian BG Group Business Affected by MOVEit Breach *

Lazarus Group Targets CoinEx Exchange in Ongoing Cryptocurrency Platform Attacks *

Cuba Ransomware Gang Targets Mutiple Sectors with Newly Updated Malware *

UNC3944, a Financially Motivated Threat Actor, Shifts Efforts Toward Ransomware Attacks *

TikTok Flooded with Cryptocurrency Giveaway Scams Impersonating 'Elon Musk' *

Auckland Transport Authority Experiences Alleged Ransomware Attack *

Ransomware Attack on ORBCOMM Leads to Disruption in Trucking Fleet Management *

Retool Attributes Security Breach to Google Authenticator's MFA Cloud Sync Function *

NodeStealer Malware Targets Facebook Business Accounts Across Various Browsers *

MGM Casino Faces Ransomware Attack with ESXi Server Encryption *

Caesars Entertainment Pays Ransomware After Suffering a Data Breach *

Microsoft Discovers Flaws in the ncurses Library that Exposes Linux and macOS Systems *

Malicious Google Ads Exploit Cisco Webex to Distribute Malware via Tracking Templates *

Iranian Cyberattackers Infiltrate Defense Organizations through Password Spray Tactics *

Proof-of-Concept Exploit Demonstrates Windows 11 'ThemeBleed' RCE Vulnerability *

Vulnerability in N-Able's Take Control Agent Exposes Windows Systems *

Rollbar Discloses a Data Breach, Exposing its Clients Access Tokens *

Airbus Launches Inquiry After Hacker Exposes Data *

Mozilla Addresses Critical Zero-Day Exploit in Firefox and Thunderbird by Patching WebP Vulnerability *

Kubernetes Flaws Expose Windows Endpoints to Remote Attacks *

Hackers Employ 3AM Ransomware to Salvage Unsuccessful LockBit Assault *

Eight Vulnerabilities Exposed in Microsoft Azure HDInsight Analytics Service *

The Latest WiKI-Eve Attack is Capable of Stealing Numeric Passwords Through WiFi *

Espionage Group 'Redfly' Quietly Exploits Power Supplier's Network for Half a Year *

Adobe Exploited the Zero-Day Vulnerability in Acrobat and Reader Software *

MetaStealer Malware Takes Aim at Apple macOS in Recent Attacks *

GitHub Fixes a Security Vulnerability which Exposed More Than 4,000 Repositories to Repojacking Attack *

Advanced Phishing Operation Targets Windows Machines by Utilizing Agent Tesla, OriginBotnet, and RedLine Clipper *

Microsoft Patch Tuesday Security Advisory - September 2023 *

Rhysida Ransomware Group Continues its Attack on US Hospitals with Demanding 1.3 million Dollar Ransom *

Newly Emerged Sponsor Backdoor by Charming Kitten Targets Brazil, Israel, and U.A.E. Entities *

MGM Resorts Suffers a Cyberattack, Resulting in the Shutdown of IT Systems *

HijackLoader Modular Malware Gains Traction in Cybercrime Circles *

Google Addresses Another Chrome Zero-Day Vulnerability Exploited in Attacks *

Vietnamese Cybercriminals Use Facebook Messenger to Distribute Python Stealer *

New Steal-It Campaign Steal NTLMv2 Hashes from Compromised Windows Using PowerShell *

Malicious Telegram Clones on Google Play Infect Over 60,000 Users with Spyware *

Phishing Campaign in Microsoft Teams Distributes DarkGate Malware *

Cybercriminals Exploit Genuine Advanced Installer Tool for Crypto-Mining Attacks *

Cybercriminals Steals More Than $690,000 Following Takeover of Vitalik Buterin's Twitter Profile *

Dymocks Booksellers Data Breach Impacts 836000 Customers *

Ragnar Locker Ransomware Gang Claims Responsibility for Israel's Mayanei Hayeshua Hospital Cyber Attack *

Cisco is Warning About Zero-Day Exploit of Cisco ASA and FTD Software in the Wild *

Notepad++ Releases Version 8.5.7 to Resolve Four Security Flaws *

Apache Superset Flaws Exploit Enables Remote Code Execution Attacks on Servers *

Google Looker Studio Exploited in Phishing Attacks to Target Cryptocurrency Enthusiasts *

Apple Releases Emergency Updates to Fix Two Actively Exploited Zero-Day Vulnerabilities Targeting iPhones and Mac *

Security Experts Warn of Iranian Hackers Using Fortinet and Zoho Flaws in Breach of US Aviation Organisations *

IBM Reveals Data Breach Affecting Janssen Healthcare Platform *

Cisco BroadWorks Platform Affected by Authentication Bypass Flaw *

Mirai Variant Strikes Low-Cost Android TV Boxes, Turning Them into DDoS Weapons *

Dunghill Leak Ransomware Group Claims Responsibility for Sabre Data Breach *

Security Researchers Uncovered Nine Vulnerabilities in SEL's Power Management Products *

September 2023 Android Updates Addresses Multiple Vulnerabilities Including an Actively Exploited Zero-Day *

New SideTwist Backdoor and Agent Tesla Variant Unleashed via Phishing Campaigns *

IOS Devices Can be Exploited with Flipper Zero's Bluetooth Spam Attack Functionality *

Microsoft Signature Key Stolen from Windows Crash Dump Used by Storm-0558 to Target Organizations *

W3LL's Phishing Kit Breaches Thousands of Microsoft 365 Accounts, via Bypassing MFA *

NXP Semiconductors Alerts its Customers to Data Breach Impacting Personal Information *

Critical Remote Code Execution Vulnerabilities Found in ASUS Routers *

Coffee Meets Bagel Confirms Recent Outage Caused Due to Cyberattack *

Chaes Malware Incorporates Google Chrome DevTools Protocol for Data Theft *

Zero-Day Vulnerability in Atlas VPN Exposes Users Actual IP Addresses *

MinIO Storage System Vulnerabilities Exploited by Hackers to Compromise Servers *

Zaun, a Fence System Company's Data Breach, Exposes Sensitive Data about UK Military Sites *

Freecycle Confirms Enormous Data Breach Affecting 7 Million User Accounts *

An Attack on a German Financial Agency's Website Began in September 2023 Has Been Disrupted Ever Since *

Chinese-Speaking Hackers Unleash Extensive iMessage Smishing Campaign Across the United States *

Vietnamese Cybercriminals Employing Malicious Malvertising Campaign to Target Facebook Business Accounts *

Security Researchers Discover Breach of Ayush Jharkhand Portal, Exposing Records of 320,000 Patients *

Okta Issues Warning About Social Engineering Attacks Targeting Super Administrator Privileges *

Plaintext Passwords can be Stolen from Websites using Chrome Extensions *

A Data Breach at the University of Sydney has Affected Recent Applicants *

Vulnerability in VMware SSH Authentication Bypass Now Has an Exploit in the Wild *

Emerging SuperBear Trojan Utilized in Targeted Phishing Attack Against South Korean Activists *

Russian-Backed 'Infamous Chisel' Android Malware Targeting the Ukrainian Military *

Cybercriminals Focusing on Microsoft SQL Servers for FreeWorld Ransomware Deployment *

Threat Actors Hacked Sourcegraph Website Using a Leaked Admin Access Token *

Earth Estries' Targets Governments and Tech Companies from Multiple Continents in an Espionage Campaign *

LogicMonitor SaaS Platform Users Targeted in Ransomware Attacks *

Hackers Breach Forever 21 Systems to Access more than 500,000 Members Information *

Lazarus Hackers from North Korea Linked to VMConnect Malicious Packages on PyPI *

Anonymous Sudan Shuts Down X Platform in Demand for Elon Musk's Starlink Service *

Windows Container Isolation Framework can be Exploited by Hackers to Bypass Endpoint Security *

Paramount Suffers a Data Breach After a Security Incident *

Google Chrome Security Patch Released to Fix High-Severity Vulnerability *

VMware Warning About a Critical SSH Authentication Bypass Flaw in VMware Aria Operations *

All in One WP Migration Flaw Exploit Could Result in a Data Breach *

DreamBus Malware Infects Servers by Exploiting a Vulnerability in RocketMQ *

Chinese Hackers Suspected of Breaching Japanese Cybersecurity Agency in Prolonged Attack *

Hackers Utilize Automated Tools to Overwhelm Mobile Devices with OTP SMS Messages *

Cisco VPNs Compromised Through Brute Force Attacks in Hacking Campaign *

DarkGate Malware Operations Increases as Creator Rents Malware to Affiliates *

New Android MMRat Malware Steals Data via the Protobuf Protocol *

University of Michigan Has Shut Down its Network Following a Cyberattack *

Spain's Police Warn About LockBit Locker Ransomware Phishing Attacks Against Architectural Firms *

Mom's Meals Disclosed a Data Breach That Affected More than 1200000 Individuals *

KMSDBot Malware Gets an Upgrade with Enhanced Capabilities to Attack IoT Devices *

JPCERT Uncovers Innovative 'MalDoc in PDF' Attack Technique *

Experts Discovered a Microsoft Entra ID Exploit That Grants Attackers Elevated Privileges *

Metropolitan Police Force's Data Exposed After Its Contractor's IT System Gets Breached *

Ohio History Connection Suffers a Ransomware Attack Affecting Thousands of People *

Leaseweb, World's Top Cloud and Hosting Provider, is Restoring 'Critical' Services Following a Security Incident *

Flax Typhoon Hackers Employ Advanced Tactics, Leveraging LOLBins for Stealthy Operations, Microsoft Reports *

Major Data Breach at Kroll Exposes Confidential Information of FTX, BlockFi, and Genesis Creditors *

The Telegram Bot "Telekopye" is Powering Large-Scale Russian Phishing Scams *

NVIDIA Graphics Driver Vulnerability Could Lead to Memory Corruption *

Smoke Loader Dropped New Whiffy Recon Spyware Utilises WiFi to Pinpoint Location *

Jupiter X Core WordPress Plugin Flaws Enable Hackers to Take Over Websites *

Pole emploi, France's National Employment Authority Suffers Data Breach Affecting 10 Million People *

Hackers Breach Internet Organization Using Public ManageEngine Exploit *

Danish Hosting Firms, CloudNordic and AzeroCloud, Lost all Customer Data After a Ransomware Attack *

Scarab Ransomware Spreads Worldwide with the Help of Spacecolon Toolset *

Cybercriminals Exploit WinRAR Zero-Day Vulnerability to Hack Trading Accounts *

Over 3000 Unpatched Openfire Servers Found Vulnerable to Hackers Exploit *

EVLF, a Syrian Threat Actor, Found to be Creator of CypherRAT and CraxsRAT Malware. *

Roblox Game Developers Targeted by Dozens of Malicious npm Packages *

Hacking Forum Selling Scraped Data of 2.6 Million Duolingo Users *

XLoader macOS Malware Takes on New Identity as 'OfficeNote' Productivity Application *

University of Minnesota is Investigating Potential Security Breach Incident *

Carderbee Hacking Group Utilises PlugX Malware to Target Asian Organisations in Supply Chain Attack *

Energy One Launches Investigation into Recent Cyberattack *

Cisco VPN Products are Targeted by Akira Ransomware to Breach Organizations *

Vulnerabilities in TP-Link Smart Bulbs Could Expose WiFi Passwords to Hackers *

HiatusRAT Malware Resurfaces, Attacking Taiwanese Firms and US Military Personnel *

CISA Adds Adobe ColdFusion Flaw to Known Exploited Vulnerability Catalog *

BlackCat Ransomware Group Targets Japanese Watchmaker Seiko in Cyberattack *

New Vulnerability in Ivanti Sentry is Exploited in the Wild *

Tesla Reports Over 75,000 Individuals Affected by Large-Scale Data Breach in May 2023 *

Numerous Android Malware Applications Employing Sneaky APK Compression to Bypass Detection *

Cuba Ransomware Exploits Veeam Vulnerability to Target Vital U.S. Entities *

Juniper Networks Warning Regarding New Juniper Junos OS Flaws That Expose Devices to Remote Attacks *

Ransomware variant BlackCat adopts advanced Impacket and RemCom tools *

New Google Chrome Feature Notifies Users Regarding Automatic Removal of Harmful Extensions *

Microsoft's DNS Misconfiguration Causes Hotmail Email Delivery Failures *

Security Vulnerability in WinRAR Allows Hackers to Execute Programs via Opening RAR Archives *

Apple iOS 16 Vulnerability Facilitates Covert Cellular Connectivity While Simulating Airplane Mode *

Global Wave of Phishing Attacks Targets Zimbra Email Server Accounts *

Bronze Starlight Group is Using Cobalt Strike Beacons to Target Asian Gambling Industry *

Zulip Chat App Employed by Russian Hackers for Stealthy Diplomatic Phishing Operations and Covert C&C Operation *

LABRAT Campaign Takes Advantage of GitLab Vulnerability for Cryptomining and Proxy Hijacking Operations *

CISA Issues Alert on Exploitation of Critical Citrix ShareFile Flaw in the Wild *

Stealthy Malware Infections Build 400,000 Proxy Botnets *

Critical Vulnerability Exploited to Hack Nearly 2,000 Citrix NetScaler Instances *

Google Chrome 116 Release Patches a Total of 26 Vulnerabilities *

QR Code Phishing Attack Employed to Target Multiple U.S. Organizations *

PowerShell Gallery Weaknesses Expose Users to Supply Chain Attacks *

Cybercriminals Exploit Cloudflare R2 for Hosting Phishing Pages *

Threat Actors Hijacking LinkedIn Accounts in a Widespread Campaign *

Norfolk and Suffolk Police Unintentionally Disclose Personal Data of 1,230 Individuals *

Numerous Vulnerabilities Detected in 'ScrutisWeb Software' Pose a Remote Hacking Risk to ATMs *

Android Banking Malware Gigabud RAT Targets Institutions of Various Countries *

New Remote Access Trojan QwixxRAT Distributed via Telegram and Discord Platform *

VMware ESXi Servers are Targeted by the Monti Ransomware with its New Linux Locker *

Data Center Vulnerability Exposed by Multiple Issues in CyberPower and Dataprobe Products *

The Info-Stealing Malware Exposed over 100K Hacking Forum Accounts *

Discord.io Confirmed a Breach of Its User Database After a Hacker Stole Data From 760K Users *

New Spam Campaign Distributes Knight Ransomware as Disguised TripAdvisor Complaints *

Ernst & Young's (EY) MoveIt Breach Exposes Bank of America Customers Data *

Indian Government's Parivahan Website Suffered Data Breach Exposing Source Code and 10K User Sensitive Data *

A New Set of CODESYS SDK Flaws Exposes OT Environments to Remote Attacks *

In Early 2022, a Critical Vulnerability in Magento Shopping Carts was Discovered and Exploited *

Researchers Uncover APT31's Sophisticated Backdoors and Data Exfiltration Methods *

SystemBC Malware Evolves to Target Power Company in Southern Africa *

Cyber Espionage Group 'MoustachedBouncer' Utilizes Adversary-in-the-Middle (AiTM) Attacks for Diplomatic Espionage *

Critical Flaw in Dell Compellent Integration Tools Exposes VMware vCenter Admin Credentials *

CISA Links Barracuda ESG Attacks to New Whirlpool Backdoor *

New Statc Stealer Malware Targeting the Microsoft Windows to Steal Sensitive Personal and Payment Information *

Gafgyt Malware Exploits Half-Decade Old Vulnerability in End-of-Life Zyxel Router *

CISA Adds Actively Exploited Microsoft .NET and Visual Studio Vulnerability to KEV Catalog *

Cybercriminals Abusing Open-Source Merlin Post-Exploitation Toolkit to Breach Entities *

Microsoft Office Update Disrupts Actively Exploited RCE Attack Chain *

Missouri Issues Alert Regarding Stolen Health Information Due to IBM MOVEit Data Breach *

Massive EvilProxy Phishing Campaign Targets the 120,000 Microsoft 365 Users *

New Rhysida Ransomware is Targeting Healthcare Organizations *

Code Flaw in Microsoft Visual Studio Lets Extensions to Collect Credentials *

Downfall Attack Exploit Targets Intel Processors, Extracting Encryption Keys and Sensitive Data *

AMD Zen CPUs Leak Sensitive Data Due to a New Inception Attack *

Latest Variant of Yashma Ransomware Targets Several English-Speaking Nations *

8 Years of Voter Data Exposed in UK Electoral Commission Data Breach *

Microsoft Patch Tuesday Security Advisory - August 2023 *

QakBot Malware Group Increases Command and Control Network with Additional 15 New Servers *

Vulnerable Redis Servers are Targeted by a New SkidMap Linux Malware Variant *

Cyber Attack Hits Prospect Medical Holdings' Healthcare Facilities Affecting Five Cities *

New Malware Campaign Uses OpenBullet Configurations to Target Rookie Cyber Criminals *

ScarCruft Breach 'NPO Mashinostroyeniya,' a Russian and Indian Defence Manufacturing Company *

Colorado Department of Higher Education Suffers Data Breach *

Researchers Identified Weaknesses in Tesla's Infotainment System that Unlock Paid Features and Exposes Secrets *

Threat Actors Using Reptile Rootkit Malware Targeting South Korean Systems *

Cybercriminals Target IT Pros with Fake VMware vConnector Packages on PyPI *

A New PaperCut Critical Bug Allows for Remote Code Execution Attacks on Unpatched Servers *

Malicious NPM Packages Were Found to Exfiltrate Sensitive Data From Developers *

Mozilla Firefox 116 Fixes Multiple High-Severity Vulnerabilities *

Rilide Malware Incorporates Chrome Extension Manifest V3 Adaptation For Data Theft *

Massive Cyber Attack Targets Hundreds of Citrix NetScaler ADC and Gateway Servers *

New Microsoft Azure AD CTS Feature Exploited to Move Laterally in Network *

Malicious Apps Avoid Google Play Store Scanners by Using Sneaky Versioning Techniques *

Google Chrome 115 Updates Include Patch for Critical V8 Vulnerabilities *

Slack Messaging Platform Experiences Outage Affecting Its Users *

Salesforce's Email Services Critical Zero-Day Exploited Using Facebook Phishing Campaign *

New Collide Power Widespread Side-Channel Attack Exploits Vulnerability in All CPUs *

Researchers Uncover Authentication Bypass Flaw in Ivanti EPMM Versions *

Researchers Discover AWS SSM Agent Abused as a Stealthy Remote Access Trojan *

Russian Hackers are Using Microsoft Teams Phishing Attacks to Target Government Organizations *

Space Pirates Target Multiple Organizations in Russia and Serbia by Using Deed RAT Malware *

Hundreds of European Bank Customers Targeted by SpyNote Android Trojan *

China's APT31 Allegedly Targeting Air-Gapped Systems in Eastern Europe *

NodeStealer's Latest Variant Targets Facebook Business Accounts and Crypto Wallets *

Threat Actors Targeting Italian Organizations with WikiLoader Malware *

Patchwork Hackers Targeting Chinese Research Organizations with EyeShell Backdoor *

Hackers Exploiting 'BleedingPipe' Vulnerability to Target Minecraft Servers and Players *

P2PInfect Malware Botnet Breach Redis Servers Using Replication Feature *

Hackers Stealing Signal and WhatsApp User Data via Fake Android Chat App *

AVRecon Botnet Providing Illegal Proxy Service Using Compromised Routers *

'Maximus' US Government Contractor Data Breach Affects 8 Million People *

Cyber Criminals Hack Israel's Largest Oil Refinery Operator 'BAZAN Group' *

Critical Security Vulnerability Found in Metabase BI Software *

Ivanti Fixes a Zero-Day Flaw in its Endpoint Manager Mobile (EPMM) Software *

Hackers Employ SUBMARINE Backdoor in Barracuda Email Security Gateway Hack *

Abyss Locker Ransomware Encrypts VMware ESXi Servers *

Hackers Exploit Windows Search Feature to Distribute Remote Access Trojans *

New Android Malware Steals Crypto Credentials Using uses OCR *

STARKMULE Employs U.S. Military-themed Document Lures to Target Koreans *

BlueBravo Targets European Diplomatic Entities Using GraphicalProton Backdoor *

IDOR Web App Flaws Enables Unauthorized Access *

Hawai'i Community College Suffers Data Breach *

Fenix Cybercrime Group Targets Taxpayers from Mexico and Chile *

Decoy Dog Malware Poses Grave Risk to Enterprise Networks *

Hackers Actively Exploiting Vulnerable Apache Tomcat Servers *

WordPress Ninja Forms Plugin Flaws Expose Websites to Data Leak *

Zimbra Addresses Zero-Day Vulnerability Exploited in XSS Attacks *

Over 900k MikroTik Devices Affected by Code Execution Vulnerability *

Researcher Discovers New AI Tool Dubbed 'FraudGPT' Used in Sophisticated Cyber Attacks *

Ubuntu Linux Vulnerabilities Affect 40 Percent of Ubuntu Users *

ALPHV Ransomware Integrates Data Leak API for Enhanced Extortion Approach *

NATO's Communities of Interest (COI) Cooperation Portal Suffers Data Breach *

Nitrogen Malware Exploits Google Ads to Deliver Ransomware Attacks *

JumpCloud Cyberattack Exposes North Korean Nation-state Actors IP Address *

Casbaneiro Banking Malware Adopts UAC Bypass Technique for Stealthy Attacks *

400,000 Corporate Credentials Stolen by Info-stealing Malware Families *

Realst macOS and Infostealer Malware Targeting Cryptocurrency Wallets *

VMware Fixes Critical Bug Exposing Cloud Foundry API Admin Credentials in Audit Logs *

Indian Railway Catering and Tourism Corporation (IRCTC) Suffers Massive Outage *

Zenbleed Attack Exposes Sensitive Data in AMD Zen2 Processors *

Norwegian Government's ICT Platform Hacked Via Zero-Day Vulnerability *

Ivanti Addresses A Zero-Day Flaw in its MobileIron Platform *

OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection *

Atera Windows Installers Vulnerable to High-Risk Privilege Escalation Attacks *

Open-Source Software Supply Chain Attacks Target Banking Sector *

Microsoft Azure AD Token Forging Technique Goes Beyond Outlook And Wiz Reports *

Clop Ransomware Gang Employing Clearweb Sites to Expose Data Stolen in MOVEit Attacks *

Coastal Mississippi County Hacked in a Ransomware Attack *

Threat Actors Distribute HotRat Malware Via Pirated Softwares *

DDoS Botnets are Exploiting Critical Vulnerability in Zyxel Devices *

BundleBot Malware Distributed Via Masqueraded Google AI Chatbot and Utilities *

Lazarus Group's Campaign Targets Crypto, Gambling and Cyber Sector Developers *

Mallox Ransomware Exploits Vulnerable MS-SQL Servers to Breach Networks *

New Peer-to-Peer Malware 'P2PInfect' Targets Redis Servers Running Windows and Linux Systems *

Critical Vulnerabilities Found in Apache OpenMeetings Web Conferencing Tool *

JumpCloud Breach Attributed to North Korean APT Lazarus Group *

Critical AMI MegaRAC Flaws Enable Hackers to Crash Vulnerable Servers *

Chinese APT41 Using New WyrmSpy and DragonEgg Spyware to Target Mobile Devices *

Two Ransomware Groups Target Beauty Giant 'Estée Lauder' *

Hackers Target Pakistani Organizations with ShadowPad Malware *

Threat Actors Transform Microsoft Exchange Servers as Malicious C2 Servers *

Adobe Releases Patches for Actively Exploited ColdFusion Flaws *

Citrix Patches Zero-Day Vulnerabilities in its ADC and Gateway Products *

FIN8 Utilizes Upgraded Sardonic Malware Variant to Deploy BlackCat Ransomware *

VirusTotal Data Breach Exposes Personal Details of Registered Customers *

Microsoft Exchange Online Service Suffers New Outage Blocking Emails *

SophosEncrypt Ransomware: Impersonating the Popular Sophos Brand *

Supply Chain Attack Enabled by Critical Privilege Escalation Design Flaw in Google Cloud Build *

Hackers Exploit WebAPK to Trick Android Users into Installing Malicious Apps *

Hackers Exploiting WordPress WooCommerce Payments Flaw in Massive Campaign *

Threat Actors Exploit Microsoft Word Vulnerabilities to Distribute LokiBot Malware *

Threat Actors Utilising Malicious USB Drives to Distribute SOGU and SNOWYDRIVE Malware *

Companies Attempt to Bolster their Cyber Defenses as Ransomware Threatens Data Security *

Researches Uncover Critical Security Vulnerabilities in Honeywell Experion DCS and QuickBlox Services *

Hackers Exploit Lemmy Instances Via Zero-Day Vulnerability *

AIOS WordPress Plugin Found Storing User Passwords in Plaintext Format *

Hackers Use New Generative AI Cybercrime tool WormGPT to Launch Attacks *

Gamaredon Hacking Group Distribute Malware via Instant Messaging Apps *

Microsoft Security Flaw Enables Hackers to Breach 24+ Organizations Using Fake Azure AD Tokens *

Data Breach at Colorado State University Impacts Students and Staff Personal Data *

AVrecon Malware Exploits 70,000 Linux Routers to Establish Massive Botnet *

Ukraine and Poland's Military and Government Entities Targeted Using PicassoLoader Malware *

Zimbra Urges Administrators to Manually Fix Exploited Zero-Day Attacks *

CISA Warns About Rockwell Automation ControlLogix Vulnerabilities Used in Industrial Systems *

BlackLotus Windows UEFI Bootkit's Source Code Leaked on GitHub *

Researchers Found Fake POC on GitHub Distributing Data Stealing Malware *

Unauthenticated REST API Access Compromises Cisco SD-WAN vManage *

Fortinet Patches Critical Stack-based Overflow Flaw in FortiOS and FortiProxy Devices *

Researchers Publish Proof of Concept for Ghostscript's Critical RCE Vulnerability *

Russian State Hackers Use BMW Car Ads to Lure Western Diplomats *

New PyLoose Malware Hijacks Computational Power For Cryptocurrency Mining *

Microsoft Discloses a Breach of US Government Exchange Email Accounts by Chinese Hackers *

SonicWall Alerts Customers to Critical Flaws in its GMS and Analytics Suites *

Hackers Abuse Loophole in Windows Policy to Load Malicious Kernel Drivers *

Microsoft Office Zero-Day Vulnerability Exploited in Attack Against NATO Summit *

Apple Releases Critical iOS Update to Fix Zero-Day Vulnerability in WebKit *

Deutsche Bank Confirms Data Breach: Customer Data Exposed through Provider Breach *

HCA Healthcare Acknowledges Data Breach as Hacker Steals Data of 11 Million Patients *

Microsoft Patch Tuesday Security Advisory - July 2023 *

Hackers Actively Targeting Latin American Businesses Using TOITOIN Banking Trojan *

RomCom Threat Actors Target NATO Summit Attendees in Phishing Campaign *

VMware Issues a Warning Regarding the Availability of Critical vRealize RCE Flaw Exploit Code *

Apple Issues an Emergency Update Regarding Recent Attacks Using Zero-Day Exploitation *

Hackers Exploit Revolut's Payment Systems, Stealing $20 Million *

BlackByte 2.0 Ransomware Executes Infiltration, Encryption, and Extortion Within 5 Days *

Nickelodeon Launches Investigation Following Leak of "Decades Old" Data *

Charming Kitten APT Group Enhances Targeting of macOS Systems with 'NokNok' Malware *

Hackers Targets the Cloud-Native Environments of JupyterLab and Docker APIs in Silentbob Campaign *

The Latest Version of the 'Big Head' Ransomware Unveils a Bogus Windows Update Alert *

A Critical Unauthenticated SQLi Flaw Patched in MOVEit Transfer Software *

Mastodon Social Network Fixes Critical Flaws that Allow Server Takeover *

Barracuda Addresses Ongoing Email Gateway Login Challenges *

CISA Urges Govt Agencies to Patch Actively Exploited Android Driver *

Threat Actors Employ Vishing Technique to Deploy New 'Letscall' Malware *

CISA Raises Concerns of Netwrix Auditor RCE Bug Exploitation in Truebot Malware Attacks *

Two Malicious File Management Apps on Google Play Steals User Data *

Cisco Issues a Warning About a Flaw That Enables Attackers to Crack Traffic Encryption *

New Linux Kernel Vulnerability 'StackRot' Exploit Enables Privilege Escalation *

Microsoft Resolves Windows LSA Protection Warnings Bug *

Android Security Patch For July Resolves Three Actively Exploited Vulnerabilities *

New Stealer-as-a-Ransomware 'RedEnergy' Targets Energy and Telecom Sectors *

TeamsPhisher Tool Exploits Microsoft Teams Bug, Enabling Malware Delivery to Users *

Actively Exploited Flaw in SolarView Series Exposes Energy Organizations to Attacks *

Japan’s Largest Port 'Port of Nagoya' Operations Disrupted *

Mozilla Addresses 13 Vulnerabilities in the Firefox 115 Release *

Ransomware Encryption Impacts Over Two-thirds of Manufacturing Companies *

DDoSia Attack Tool Upgrades and Expands Targeting Across Multiple Businesses *

New GuLoader Campaign Targets Law Firms in the United States *

Threat Actor 'Neo_Net' Employs Android Malware to Target Global Financial Institutions *

Microsoft Denies Anonymouns Sudan’s Data Breach Claim of 30 Million Customer Accounts *

Researchers Warn that 300,000 Fortinet Firewall Appliances are Vulnerable to Attacks. *

Sophisticated Threat Meduza Stealer Targeting 19 Password Managers and 76 Crypto Wallets *

Hackers Target European Government Entities in SmugX Campaign *

BianLian Ransomware Gang Targets Leading Global Business Conglomerate 'Piramal Group' *

Hackers Exploiting WordPress's Ultimate Member Plugin Flaw in the Wild *

Samsung Phone Vulnerabilities Listed in CISA's 'Must Patch' Catalog Likely Exploited by Spyware Vendor *

BlackCat Ransomware Group Exploits WinSCP Search Ads to Distribute Cobalt Strike *

Researchers Discovered an Upgraded Version of RustBucket Malware Targeting macOS Users *

Charming Kitten, An Iranian Hacking Group Uses Updated POWERSTAR Backdoor in Espionage Attacks *

TMSC's Hardware Supplier Kinmax Technology Suffers Ransomware Attack by LockBit Ransomware Gang *

Hackers Target Vulnerable SSH Servers To Perform Proxyjacking *

North Korean Hacker Group 'Andariel' Strikes with its New EarlyRat Malware *

MuddyWater Employs a New C2 Framework Called PhonyC2 *

The Android Spy App LetMeSpy Suffers a Major Data Breach *

New Windows-Based Info Stealer Malware 'ThirdEye' Steals Sensitive Information *

Flutter-Based Fluhorse Android Malware Employed to Steal Credit Cards Details and 2FA Codes *

Critical Flaws in Social Login Plugin and LearnDash LMS Plugin for WordPress Fixed by Vendors *

SQL Injection Vulnerabilities Found in Gentoo Soko Leading To Remote Code Execution *

ArcServe Patches a High-Severity Security Vulnerability In Its UDP Backup Software *

8Base Ransomware Gang Engages in Double Extortion Attacks *

Akira Ransomware's Linux Version Encryptor Targets VMware ESXi Servers *

Google Chrome Releases New Update to Patch High-Severity Vulnerabilities *

Siemens Energy and Schneider Electric Confirms Data Breach in MOVEit Data-theft Attack *

Threat Actors Using New Unique Execution Chain to Target NPM Repository *

Outlook Web Suffers Outage Impacting Users Across America *

Mockingjay Process Injection Method Allows Malware To Evade Detection *

Suncor Energy Suffers Cyber Attack Impacting Petro-Canada Gas Station Customers *

Hackers Expose Data of 45,000 New York City Students in MOVEit Breach *

Researchers Uncover New Cybercrime Group 'Muddled Libra' Using Social Engineering to Target BPO Sector *

Japanese Cryptocurrency Exchange Hit by macOS Backdoor 'JokerSpy *

New Malware Campaign Uses Android Banking Trojan 'Anatsa' to Target Banking Customers *

Angry LastPass Users Locked Out as MFA Resets Cause Frustration *

Super Mario Game Compromised to Distribute Windows Malware *

American And Southwest Airlines Suffered a Data Breach Exposing Pilot's Credentials *

Grafana Released Patches For Critical Auth Bypass Due to Azure AD Integration *

New Strain of JavaScript PindOS Delivers Bumblebee and IcedID Malwares *

Data Breach in MOVEit Transfer Impacts Genworth Financial and CalPERS, Exposing Data of 3.2 Million Individuals *

Fortinet Resolves Critical Remote Command Execution Flaw in FortiNAC Devices *

Newly Discovered Bug in Microsoft Teams Allows Malware Distribution by External Accounts *

Phishing Campaign MULTISTORM Exploits India and U.S. with Remote Access Trojans *

CISA Updates Known Exploited Vulnerabilities Catalog with Six Additional Security Flaws *

New Cryptojacking Campaign Targets IOT and Linux Device using Trojanized OpenSSH Version *

Mirai Botnet Exploiting Multiple Vulnerabilities in D-Link, Zyxel, and Netgear Devices *

VMware Addresses Critical Vulnerabilities in vCenter Server Allowing Code Execution and Authentication Bypass *

Zyxel Fixes a Critical Command Injection Vulnerability in its Network Attached Storage(NAS) Devices *

Apple Fixes Three Zero-Day Exploits Used in Triangulation Spyware Attack *

North Korean Hacking Group 'APT37' Employing FadeStealer Malware to Conduct Cyber Espionage *

Microsoft Releases Workaround for Outlook Freezes and Slow Starts *

iOttie Discloses Data Breach Post its Official Site Hack *

Condi Malware Targets TP-Link Archer AX21 Wi-Fi Router with DDoS-as-a-Service Exploit *

Tsunami Botnet Malware Infects Linux SSH Servers *

Microsoft Resolves Critical Azure AD Authentication Flaw Allowing Complete Application Takeover *

Info-Stealing Malware Compromises Over 100,000 ChatGPT Accounts *

RDStealer Malware: Uncovering a Remote Desktop Exploitation for Data Theft from Shared Drives *

Hackers Using Fake OnlyFans Content to Distribute 'DcRAT' Malware *

ASUS Patches Critical Vulnerabilities in its Multiple Routers Models *

Iowa's Des Moines Public Schools Confirms a Ransomware Attack *

Malwarebytes Issued a Fix for the Chrome Display Issue Caused by the Windows 11 KB5027231 Update *

Researchers Uncover Advanced Toolkit Specifically Targeting Apple macOS Systems *

Massive Data Breach at India's Largest Tech Retailer Exposes Sensitive Employee and Customer Data *

BlackCat Ransomware Gang Threatens to Leak Data Stolen During Reddit's System Hack *

Microsoft States DDoS Attacks as the Root Cause of the Recent Azure and Outlook Outages *

Russian Hackers Employ USB-Spreading Malware to Target Ukrainian Government and Military Officials *

Hackers Promote New Mystic Stealer Via Malware as a Service *

Researchers Uncover Location Tracking Attack Exploiting SMS Delivery Reports *

Emerging Threat Actor Diicot Exploits Diicot Brute, a Go-based SSH Brute-Forcer, to Compromise Linux Systems *

Chinese Cyberespionage Group 'UNC4841' Behind Barracuda Zero-day Attacks *

Rhysida Ransomware Group Leaks Stolen Documents from Chilean Army *

Clop Ransomware Group Initiates Extortion of MOVEit Data-Theft Victims *

Abuse of Cloud Mining: Hackers and Threat Actors Exploit Services to Launder Cryptocurrency *

GravityRAT Malware Targets WhatsApp Backups on Android Devices *

Google Chrome's 114 Update Includes Patch for Critical Vulnerability *

Chinese Hackers Exploit DNS-over-HTTPS Protocol for Distribution of Linux Malware *

Ofcom, UK Media and Telecoms Regulator, Falls Victim to MOVEit Hack *

Critical Security Flaws Uncovered in Microsoft Azure Bastion and Azure Container Registry *

Malicious GitHub Repositories Disguised as Fake Security Researchers Distribute Zero-Day Malware *

New ChromeLoader Campaign Detected Spreading 'Shampoo' Malware through Counterfeit Warez Websites *

Microsoft Addresses Windows Kernel Vulnerability with Default Disabled Fix *

Widespread Brand Impersonation Campaign Utilizes 6,000 Websites to Fake 100 Brands *

Critical Vulnerability in WordPress Stripe Payment Plugin Exposes Customer Order Details *

New DoubleFinger Loader Targets Cryptocurrency Wallets in Cyber Attacks *

VMware Releases Patch for Zero-Day Vulnerability Exploited to Install Backdoors in Virtual Machines *

Microsoft Patch Tuesday Security Advisory - June 2023 *

Pirated Windows 10 ISOs Utilize EFI Partitions to Install Clipper Malware *

Swiss Government Suffers DDoS Attacks Post Data Leak *

'Have I Been Pwned' Discloses Zacks Investment Research's Data Breach *

Threat Actors Harness Powerful BatCloak Engine for Fully Undetectable Malware *

Researchers Uncover Security Flaws in Honda's 'PETE' e-Commerce Platform *

A Major Data Breach Exposed Personal Information of Users Via Govt’s CoWIN Portal *

Researchers Uncover a Flaw in Popular Strava App's Heatmap Feature Exposing Home Address *

University of Manchester Suffers a Cyberattack, Resulting in a Likely Data Theft *

Russian Telecom Company 'Infotel' JSC Suffers an Outage *

Critical Vulnerability in Microsoft Visual Studio Exploited to Distribute Malicious Extensions *

Fortinet Patches Critical RCE Flaw in Fortigate SSL-VPN Devices *

Hackers Impersonate Crypto News Journalists, Steal $3 Million in Digital Assets *

New SPECTRALVIPER Backdoor Targets Vietnamese Public Companies with Advanced Tactics *

New Stealth Soldier Backdoor Malware Targets North Africa in Espionage Attacks *

New Critical SQL Injection Flaws Discovered in MOVEit Transfer *

Microsoft Discovers AitM Phishing and BEC Attacks Targeting Major Financial Institutions *

Microsoft Azure Portal Suffers an Outage Claimed to be the Result of DDoS Attacks *

Asylum Ambuscade Group Combines Cybercrime with Espionage to Target Small and Medium Businesses *

Security Researchers Publish PoC for Actively Exploited Windows Win32k Flaw *

CLOP Ransomware Gang Actively Exploiting MOVEit Zero-day Flaw *

Japanese Pharmaceutical Company 'Eisai' Suffers Ransomware Attack *

AIIMS Suffers Another Cyberattack, Following November 2022 Cyberattack *

Cisco Patches Critical-Severity Flaws in Expressway Series and TelePresence Video Communication Server (VCS) *

Malicious Campaign Deploys Satacom Downloader for Spreading Crypto-Stealing Addons *

Cisco Resolves AnyConnect Bug Allowing Windows SYSTEM Privileges *

VMware Addresses Critical Vulnerabilities in Aria Operations for Networks *

Hackers Exploit Minecraft Mods to Distribute Fractureiser Malware on Windows and Linux *

Cyclops Threat Group Facilitates Distribution of Information Stealing Malware to Cybercriminals *

Researchers Discovered Over 60,000 Android Apps Installing Adware on Mobile Devices *

PowerDrop: New PowerShell Malware Targets the U.S. Aerospace Industry *

Outlook Faces Multiple Outages Allegedly Caused by Hacktivist Group Anonymous Sudan *

Google Releases Patch for Zero-Day Chrome Vulnerability Exploited in the Wild *

Android Security Patch Resolves Critical Vulnerabilities, Including Mali GPU Flaw *

Brazilian Cybercriminals Exploit LOLBaS and CMD Scripts to Target Online Bank Accounts *

Magecart-Style Campaign Exploits Legitimate Websites to Steal Credit Card Information *

Threat Actors Exploit Barracuda ESG Zero-Day Flaw to Distribute Backdoor *

$35 Million Worth of Cryptocurrency Stolen in Atomic Wallet Breach *

New Malware Campaign Targeting Online Sellers with Info-Stealer *

Splunk Addressed High-Severity Vulnerabilities in its Enterprise Products *

Chinese Hackers Camaro Dragon Employs New 'TinyNote' Backdoor for Intelligence Gathering *

US and South Korea Warn Kimsuky Hackers Impersonating Journalists to Gather Intelligence *

Google removed 32 Malicious Extensions from Chrome Web Store Downloaded by 75 Million Times *

North Korean Hackers, ScarCruft Uses LNK Files to Launch RokRAT Malware *

New MOVEit Transfer Zero-Day Vulnerability is Mass-Exploited in Data Theft Attacks *

New Horabot Campaign Targets Latin Americans' Gmail and Outlook Accounts *

Researchers warn Organisations about Saleforce 'Ghost Sites' Exposing Sensitive Information *

iPhones on Kaspersky Networks are Being Targeted with Unknown Malware *

Dark Pink APT Group Continues to Target Asia-Pacific Entities *

Hackers Pushing SeroXen RAT To Target Gaming Community *

Threat Actor 'Spyboy' Promotes Terminator Tool Capable of Bypassing AV, XDR, and EDR Solutions *

Researchers Uncover Proof-of-Concept for RCE Flaw Affecting Popular Python Library ReportLab Toolkit *

Researchers Warn About a Backdoor Functionality in Gigabyte Motherboards *

Google Releases Chrome 114; Addressing 18 Security Vulnerabilities *

Researchers Found DogeRAT Malware Targeting Indian Android Users *

RomCom Malware Impersonating ChatGPT, GIMP Spreaded via Google Ads *

Researchers Spotted 'SpinOk' Spyware Trojanized in 101 Android Applications *

Researchers Found Vulnerability in WordPress's 'Gravity Forms' Plugin Used in 930,000 Websites *

'Automattic' Rolls Security Patch to Address Critical Flaw in the Jetpack Plugin *

Apple Critical 'Migraine' Flaw Enables Attackers to Bypass System Integrity Protection *

MCNA Dental Suffers Ransomware Attack; Impacting 8.9 Million Patients *

Hacking Forum Exposed the Data of 478,000 RaidForums Members *

New GobRAT Malware Targeting Linux Routers in Japan *

Jimbos Protocol Suffered Flash Loan Attack Resulting in Theft of Over $7.5 Million *

BlackByte Ransomware Group Claims Responsibility for City of Augusta's Cyberattack *

Researcher Uncovers 'File Archiver in the Browser' Phishing Toolkit to Exploit ZIP Domains *

Emby Forced to Shutdown Hacked User-hosted Media Servers *

Unpatched Zyxel Firewalls Exploited by New Variant of Mirai Botnet *

New Bandit Stealer Malware Found Targeting Web Browsers and Cryptocurrency Wallets *

Researchers Discovered a Critical OAuth Vulnerability in Expo Framework *

QBot Malware Exploits DLL Hijacking Flaw in Windows WordPad EXE to Infect Devices *

Buhti Ransomware Gang Exploits Leaked Encryptors to Target Windows and Linux Systems *

Researchers Uncover Predator Android Spyware’s New Data Theft Capabilities *

Critical Vulnerability in Google Cloud's Cloud SQL Service Exposes Confidential Data *

D-Link Fixes Critical Vulnerabilities in its D-View 8.0 Network Device Management Platform *

New Russian-linked Malware 'COSMICENERGY' Targets Industrial Systems *

Threat Actors Found Using Encrypted RPMSG Messages in Microsoft 365 Phishing Attacks *

Barracuda Networks Patches Zero-Day Vulnerability in its Email Security Gateway Appliance *

Zyxel Patches Critical Flaws in its Firewall and VPN Products *

Researchers Uncover New Version of Legion Malware Targeting SSH Servers and AWS Credentials *

Lazarus Group Targets Microsoft IIS Servers to Deploy Malware *

Microsoft Exchange Servers Infected with the New PowerExchange Malware *

GitLab Issues an Emergency Update to Address a Critical Path Traversal Vulnerability *

Hackers Attack 1.5 million WordPress Sites by Leveraging a Cookie Consent Plugin Vulnerability *

Researchers Discover North Korean Kimsuky Group Leveraging Sophisticated Reconnaissance Toolkit *

Asian Government Entities Targeted by Newly Discovered APT Group, GoldenJackal *

Rheinmetall, German Arm Manufacturer, Falls Victim to BlackBasta Ransomware Attack *

Newly Discovered AhRat Malware Disguised in Screen Recording App on Google Play Store *

Newly Discovered Windows Kernel Driver Used by Iranian Hackers to Target Middle East Entities *

'Crypto Phishing Service 'Inferno Drainer' Steals $5.9 Million from Victims *

Microsoft 365 Suffers New Outage Causing Connectivity Issues *

Threat Actor 'GUI-vil' Exploiting AWS EC2 Instance for Crypto-mining Operations *

BlackCat Ransomware Group Employing Malicious Windows Kernel Drivers to Evade Detection *

Hackers Could Chain Two Flaws to Achieve Code Execution in Pimcore *

New Attack Method 'BrutePrint' Found Brute-Forcing Fingerprints on Android Devices *

Threat Actors Use Fake CapCut Websites to Distribute Malware *

Threat Actors Hide TurkoRAT Malware in npm Packages *

Infamous Cyber Group FIN7 is Back With Cl0p Ransomware *

Hackers Employ SIM Swapping to Target Microsoft Azure Machines *

Dish Network Likely Paid Ransom Following the Recent Ransomware Attack *

Luxottica Discloses a Data Breach; 70M Users Info Leaked *

A Faulty Security Update Taken Down ASUS Routers Globally *

CISA Issues a Warning on a Samsung ASLR Bypass Flaw *

Cryptojacking Group Exploits Oracle WebLogic Server for Cryptocurrency Mining *

'Lemon Group' Hacks Millions of Android Devices, Installing Guerilla *

New Vulnerability Discovered in KeePass Exposing Cleartext Master Password *

Retaliatory Cyberattack: Indian Hackers Target Pakistani Embassy Websites Following DDoS Attack on Indian State Police *

Apple Addresses Three New Zero-day Vulnerabilities with Patch Releases *

MalasLocker Ransomware Targets Zimbra Servers, Demands Charitable Donations *

Houthi-Linked Cyber Threat Group OilAlpha Targets Android Users in the Arabian Peninsula *

Unpatched Vulnerability Found in Belkin Wemo Smart Plugs by Researchers *

Malicious Visual Studio Extensions Discovered on Microsoft's VSCode Marketplace by Researchers *

Cisco Addresses Four Critical RCE Flaws in It's Smart Switches *

Chinese Hacking Group "Camaro Dragon" Exploits TP-Link Routers to Target European Organizations *

Hackers Exploit Geacon, a Cobalt Strike Port, to Target macOS Users *

Multiple Flaws Discovered in Kiddoware's Android Application 'Parental Control - Kids Place' *

Hackers Targeting Microsoft Azure Admin Account for Stealthy Access to VMs *

K D Hospital, a Multi-Specialty Healthcare Facility, Falls Victim to Ransomware Attack *

Researchers Found Vulnerabilities in Sierra Wireless, Teltonika Networks, and InHand Networks' Routers *

New APT Group, Lancefly Employs 'Merdoor' Backdoor *

PharMerica Suffers a Data Breach; Over 5.8 Million Patients Impacted *

New Ransomware-as-a-Service Operation, MichaelKors Targets Linux and VMware ESXi Systems *

Threat Actors Target Poorly Managed Microsoft SQL Servers Using CLR SqlShell Malware *

New Ransomware Operation, RA Group Targets US and South Korean Companies *

Rockwell Automation Fixed Multiple Vulnerabilities Present in its Products *

Threat Actors Found Exploiting Recently Fixed WordPress Plugin Vulnerability *

U.S. Transportation Department Suffers Data Breach; 237,000 Employees Impacted *

Greatness, New Phishing-as-a-Service Platform helps Cybercriminals to Generate Convincing Phishing Pages *

Researchers Uncovered a Vulnerability in Ferrari Website, Exposing Sensitive Information *

Researchers Found Multiple Vulnerabilities in Netgear's NightHawk Routers *

Toyota Disclosed Data Breach Exposing Car Location Data of 2 Million Customers for a Decade *

Attackers Exploiting Follina Vulnerability to Distribute XWorm Malware *

Discord Disclosed Data Breach After its Support Agent's Account got Compromised *

FBI and CISA Warns Bl00dy Ransomware Targets Education Sector via PaperCut RCE Flaw *

New APT Group Red Stinger Targeting East Europe's Critical Infrastructures *

Researchers Uncover Stealthier Version of Linux BPFDoor Malware *

ABB, a Swiss Automation Company Struck by the Black Basta Ransomware *

Ransomware Gangs Targeting VMWare ESXi Servers with Leaked Babuk Ransomware Source Code *

Researchers Found Critical Privilege Escalation Vulnerability in Elementor Plugins *

North Korean Hackers Breach South Korea's Seoul National University; KNPA Issues Warning *

Researcher Found New Variant of RapperBot Malware with Cryptojacking Capabilities *

Threat Actors Employ DownEx Malware to Target Government Organizations in Central Asia *

Threat Actors Deploying Aurora Stealer Via Popunder Ads *

Researchers Disclose Info on Zero-Click Windows Vulnerability Enabling NTLM Credential Theft *

New DDoS Botnet Malware AndoryuBot Exploits Critical Ruckus RCE Vulnerability *

SideWinder APT Group Deploys Server-Based Polymorphism Technique in Attacks on Pakistani Government Organizations *

Sysco, a Global Food Chain, Faces Data Breach Impacting Customer and Employee Information *

Critical Linux Kernel Netfilter Vulnerability Enables Root Privilege Escalation *

Microsoft Releases Optional Fix Guidelines for Secure Boot Zero-Day Vulnerability *

Adobe Releases Patch for 14 Vulnerabilities in Substance 3D Painter Software *

Microsoft Patch Tuesday Security Advisory - May 2023 *

Healthcare Solution Provider 'NextGen' Suffers Data Breach Impacting 1 Million Customers *

After MSI Breach, Intel Investigates Intel Boot Guard Private Keys Leak *

FBI Seizes 13 Domains Linked to DDoS-For-Hire Services *

Critical Vulnerability in Siemens Industrial Control Systems Could Disrupt Power Grid *

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine *

Researchers Found SideCopy Group's Phishing Campaign with Indian Military Themed Lures *

Researchers Uncover New Ransomware Operation Dubbed 'Cactus' *

New Ransomware 'Akira' Targets Enterprise Networks *

Vulnerability in OpenAI's Account Validation Process Allows Unlimited Credits *

A Security Incident Exposed Private Tweets of Twitter Circle *

Fortinet Releases Patches for High-Severity Vulnerabilities in FortiADC and FortiOS *

New PaperCut RCE Exploit Bypasses Existing Detections *

Dragon Breath APT Group Targets Gambling Industry Using Double-Clean-App Technique *

Hackers Employ New Web-Inject Toolkit DrIBAN to Target Italian Banking Clients *

Threat Actors Hack Packagist Repository; Dozen PHP Packages Compromised *

New Android FluHorse Malware Targets Users with Malicious Apps *

Updates for Android Fixes a Kernel Flaw used in Spyware Attacks *

ALPHV Gang Breaches Constellation Software in a Ransomware Attack *

Two WordPress Custom Field Plugins Exposes Over 1M Sites to XSS Attacks *

Cisco Disclosed New RCE Vulnerability in Cisco SPA112-Port Phone Adapters *

Meta Thwarts a Malware Campaign that Used ChatGPT to Steal Accounts *

ALPHV Ransomware Added McDermott International to its Victim List *

Researchers Found New Android Subscription Malware 'Fleckpe' on Google Play *

Three New Vulnerabilities Found in Microsoft Azure API Management Service *

City of Dallas Suffers Royal Ransomware Attack Resulting in Shutdown of its IT Systems *

Russian Hacking Group 'Sandworm' Utilizes WInRAR to Erase Ukrainian Government's Data *

New Info-stealing Malware 'NodeStealer' Steal Cookies to Hijack Facebook Accounts *

Dragon Breath Group Employs New Double DLL Sideloading Technique to Evade Detection *

A Data Breach at Brightline Affects 783,000 Pediatric Mental Health Patients *

Hackers Exploit Authentication Bypass Vulnerability and RCE Vulnerability in DVR Devices *

Iranian Government's BouldSpy Android Spyware Found Targeting Minority Groups *

Researchers Uncover Three New Flaws in FRRouting Software *

Cryptocurrency Exchange Platform Level Finance Hacked, Resulting in Loss of 214k LVL Tokens *

CISA Added TP-Link, Apache, and Oracle Vulnerabilities to its Known Exploited Vulnerabilities Catalog *

Servers Running Salesforce Software Are Leaking Sensitive Data *

Researchers Found Threat Actors Distributing New LOBSHOT Malware via Google Ads *

Vietnamese Threat Actor Employs Malverposting Tactics to Infect 500,000 Devices *

Hackers Target AT&T Email Accounts to Steal Cryptocurrency *

Russian Hackers Target Ukrainian Government with Phishing Emails *

Sharpboys Breach Israeli Prime Minister Benjamin Netanyahu's Facebook Account *

Americold, A Leading Cold Storage Company Suffered Outage Followed by Network Breach *

Hackers Found Targeting Vulnerable Veeam Backup Servers Exposed on the Internet *

Zyxel Addresses Critical Vulnerabilities in its Firewall Devices *

Hackers Use Realistic Checkout Forms to Steal Credit Cards *

CISA Issued a Warning about Critical Vulnerabilities in Illumina's DNA Sequencing Systems *

Researchers Found New Variant of ViperSoftX Info-Stealing Malware with Broader Range of Targets *

New macOS Info-stealing Malware 'Atomic' is being Sold Via Private Telegram Channel *

Multiple Malicious Gaming Apps Found Distributing Adware on Google Play *

Russian Hacking Group Found Operating New Politically Motivated Surveillance Campaign Paperbug in Tajikistan *

Researchers Found RTM Ransomware Group Using New Linux Encryptor to Target VMware ESXi Servers *

Researchers Found Chinese Hacking Group Gallium Using New Linux Malware Strains in Cyberespionage *

PrestaShop Releases New Version to Fix a Critical SQL Filtering Vulnerability *

Apache Superset Servers are Vulnerable to Authentication Bypass and RCE Attacks *

Cisco Discloses New Zero-Day Vulnerability in its Prime Collaboration Deployment (PCD) Software *

Evasive Panda Hacking Group Targets Tencent QQ Messaging App with MgBot Malware *

Researchers Found New Version of Mirai Botnet Malware Exploiting a Vulnerability in TP-Link WiFi Routers *

VMware Released Patches for Critical Vulnerabilities Discovered in its Workstation and Fusion Software Hypervisors *

New Critical SLP Vulnerability Allows Massive 2200X DDoS Amplification Attack *

Iranian Hackers Targeting Israel with a PowerLess Backdoor Via Phishing Attacks *

APC Addresses Critical Vulnerabilities in its Easy UPS Online Monitoring Software *

Canadian Directory Publisher Yellow Pages Suffers a Cyberattack Resulting in Data Leak *

Researchers Found New Side Channel Attack Affecting Multiple Generations of Intel CPUs *

Attackers Hacked KuCoin’s Twitter Account to Promote Crypto Scam *

Microsoft 365 Search Outage Impacts Outlook, Teams, and Exchange Online *

Hackers can Abuse Improperly Wiped Corporate-grade Routers to Gain Sensitive Data *

CISA Adds Three More Security Flaws to its Known Exploited Vulnerabilities Catalog *

Researchers Found a New Malware Toolkit Dubbed Decoy Dog via Anomalous DNS Traffic *

In Both Europe and the US, EvilExtractor Seen an Uptick in Malware Activity *

Alongside 3CX Breach, Lazarus X_TRADER Hack Affects Critical Infrastructure *

Google Ads Support Ransomware Gangs to Employ the BumbleBee Malware *

MediaWiki and TWiki-based University Websites Compromised to Spread Fortnite Spam *

GhostToken Flaw Enable Attackers to Hide Malicious Apps in Google Cloud Platform *

American Bar Association Suffers Data Breach, Affecting 1.4 Million Members *

Kubernetes RBAC Exploited in a Large-scale Cryptocurrency Mining Campaign *

African Telecommunication Service Providers are Targeted by Daggerfly Threat Group *

Attackers Abuses Abandoned 'Eval PHP' WordPress Plugin to Compromise Websites *

Lazarus Threat Group Found Using Linux Malware in Fake Job Campaigns *

Two Critical Vulnerabilities Found In Alibaba Cloud's ApsaraDB RDS and AnlayticDB for PostgreSQL *

VMware Addresses Critical Arbitrary Code Vulnerability in its Aria Operations for Logs *

Threat Actors Using AuKill Hacking Tool to Disable EDR Software on Targeted Systems *

PaperCut Warns of Critical Vulnerabilities that are Actively Exploited in the Wild *

Blind Eagle Threat Group's New Multi-Stage Attack Pushes NjRAT Trojan on Compromised Systems *

Researchers Found Attackers Deploying Trigona Ransomware on Unsecured Microsoft SQL Servers *

Pakistani Hackers Transparent Tribe Target Indian Government Agencies Using Linux Malware Poseidon *

Google Addressed Another Zero-Day Vulnerability in Chrome Browser *

Vice Society Ransomware Gang Leaks Data Stolen from US Network Infrastructure Giant CommScope *

Iranian Hackers Leveraging Legitimate Simplehelp Remote Support Software to Carry Out Persistent Attacks *

CISA, FBI Alerts on Russian State-Sponsored APT28 Threat Group Targeting Cisco Routers *

Iranian Hacking Group 'Mint Sandstorm' Targets US Critical Infrastructure in Retaliation to Iranian Attacks *

CISA Adds macOS and Chrome Bugs to its Known Exploited Vulnerabilities Catalog *

A Security Researcher Published New Sandbox Escape PoC Exploit for VM2 Library *

Ex-Conti Members Collaborate with FIN7 Hacking Group to Push New Domino Malware *

QBot Malware is Now Distributed Using Malicious PDFs and Windows Script Files *

New Credential-Stealer Zaraza Bot Targets 38 Different Web Browsers, Including Google Chrome *

Hackers Abused Google Command and Control Red Team Tool in Data Theft Attacks *

New Android Malware Chameleon Targets Users in Australia and Poland *

Researchers Found New LockBit Encryptors Targeting macOS Devices *

The Indian Cybercrime Coordination Center Issued an Alert on 'Hacktivist Indonesia' Group Targeting Govt Websites *

Researchers Found Hackers Using Action1 RMM in Ransomware Attacks *

NCR’s Aloha POS Platform Suffers an Outage as a Result of BlackCat Ransomware *

Attackers are Spreading Android Goldoson Malware Via 60 Google Play Apps *

Kodi Suffered a Data Breach Exposing 400K User Records *

Researchers Found Vice Society Ransomware Using New PowerShell-Based Data Theft Tool in Attacks *

CISA Adds Two Actively Exploited Vulnerabilities in Android and Novi Survey to its KEV Catalog *

Google Chrome Releases Emergency Update to Fix a Zero-Day Vulnerability *

Russian State Sponsored APT29 Group Targeting NATO and European Union Countries *

Researchers Uncover 'Read The Manual' Locker Cyber-criminals *

Researchers Found New Legion Tool with Credential Harvester and SMTP Hijacking Capabilities *

Microsoft Warns of a Phishing Campaign Targeting Tax Preparers and Accounting Firms *

Pakistani Hackers 'Transparent Tribe' Targeting Educational Institutions of India *

Security Researchers Warn to Patch Critical MSMQ Vulnerability in Windows *

Hyundai Suffers Data Breach Exposing Customers’ Personal Data *

Kyocera Addressed a Vulnerability in its Android Printing App that can be Abused to Install Malware *

Fortinet Patches Critical Vulnerability in its FortiPresence *

Microsoft Patch Tuesday Security Advisory - April 2023 *

A New 'By-Design' Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers *

Infected Websites Distributing Monero Malware via Fake Google Chrome Update Errors *

Attackers Hacked iPhones via Invisible Calendar Invites to Drop Spyware *

Microsoft Patched Actively Exploiting Zero-day Vulnerability in Windows CLFS *

SAP Addresses Two Critical-Severity Vulnerabilities in its April 2023 Security Updates *

European HR and Payroll Management Company SD Worx Suffers a Cyberattack *

NPM Repository Flooded with Malicious Packages Causing DoS Attack and Service Unavailability *

Apple Patches Two Zero-day Vulnerabilities on Older iPhones and iPads *

Researchers Found New Cryptojacking Campaign Targeting Linux Machines *

Scammers Using Authentic YouTube Email Address to Lure Users into Providing Credentials *

Iran-based Hackers Carrying Out Destructive Attacks in Disguise as of Ransomware *

Researchers Disclose Critical RCE Flaw in vm2 Sandbox Library *

CISA Urges Agencies to Address Backup Exec Issues Exploited by a Ransomware Gang *

Massive Balada Injector Campaign Targeting WordPress Sites Since 2017 *

MSI Affirms Security Breach Accusations Post Ransomware Attack *

Apple Patches 2-Zero days Exploited to Hack iPhones and Macs *

Cisco Released Patches for Multiple Vulnerabilities in its Various Products *

Medusa Ransomware Acknowledges Cyberattack on the Open University of Cyprus *

Money Message Ransomware Claims MSI Breach; Demands 4 Million USD *

Google Patches Several Security Vulnerabilities with Chrome 112 *

Researchers Found Four Vulnerabilities in the Popular Japanese Word Processor 'Ichitaro' *

CISA Warns on Vulnerabilities Discovered in Nexx Smart Devices *

New Clipper Malware 'CryptoClippy' Targeting Portuguese Cryptocurrency Users *

Researchers Found Threat Group Mantis Using Upgraded Malware to Target Palestinian Entities *

Researchers Found New Version of Typhon Information-Stealer with Enhanced Anti-Analysis and Evasion Capabilities *

Google Announced Android's April 2023 Security Update Addressing Over 65 Vulnerabilities *

Researchers Found New Rilide Malware Targeting Chrome-Based Browsers to Steal Cryptocurrency *

ALPHV Ransomware Exploits Three High-Severity Vulnerabilities in Veritas Backup Software *

Check Point Researchers Spotted New Rorschach Ransomware Deployed Against a US-Based Company *

IRS-Authorized 'eFile.com' Website was Found Serving JavaScript Malware *

HP Announces Critical Information Disclosure Flaw in its LaserJet Printers to be Patched within 90 Days *

Researchers Found New Information-Stealing Malware 'OpcJacker' Used in Malvertising Campaigns *

Hackers Using Malicious WinRAR Self-Extracting Archives to Plant Backdoors on Devices *

Hackers Target Victims of 3CX Supply Chain Attack with Gopuram Malware *

Researcher Found Multiple Vulnerabilities in Osprey Pump Controller *

American Telecommunication Company Lumen Technologies Suffered Two Cyberattacks *

Researchers Discovered a New 'Money Message' Ransomware Extorting $1 Million *

Fake Threat Group Midnight Extorting Previously Breached U.S. Companies *

Researchers Found Cylance Ransomware Targeting Linux and Windows Systems *

TMX Finance and its Subsidiaries Suffers Data Breach Affecting 4.8 Million Customers *

Hackers Exploited a High Severity Flaw in the Elementor Pro WordPress Plugin to Upload Backdoors *

Researchers Found Threat Actors Exploiting 10 Year Old Windows Vulnerability with 'opt-in' Fix in Recent Attacks *

A Severe Super FabriXss Vulnerability has been Discovered in Azure Service Fabric Explorer *

Researchers Found Malware Botnets Exploiting Realtek and Cacti Vulnerabilities *

New AlienFox Toolkit Targets Popular Cloud Services for Credential Harvesting *

Chinese Threat Group RedGolf Uses a Custom Backdoor KEYPLUG to Target Windows and Linux Systems *

Threat Group Winter Vivern Exploiting a Zimbra Vulnerability to Steal NATO Emails *

CISA Added Five Vulnerabilities Exploited to Drop Spyware to its Known Exploited Vulnerabilities Catalog *

A Misconfigured Microsoft Bing Application Allows to Breach the Office 365 Users *

Hackers Compromised 3CX Desktop App Using Digitally Signed and Trojanized Version of 3CX (VOIP) *

Researchers Discovered a New Malware ‘Melofée’ Targeting Linux Server *

QNAP Addresses High Severity Linux Sudo Vulnerability in NAS Devices *

Hackers Exploited 'burn' Smart Contract Function in SafeMoon's Liquidty Pool to Drain $8.9 Million *

Clop Ransomware Breached Crown Resorts' Network by Exploiting GoAnywhere Zero-day Vulnerability *

Security Researchers Disclosed WiFi Protocol Vulnerability Allowing Attackers to Hijack Network Traffic *

Researchers Found Trojanized Tor Browsers Targeting Russians with Crypto-Stealing Malware *

Attackers Targeted European Entities to Distribute Remcos RAT and Formbook Malware *

Pakistan-Based SideCopy APT Group Targeting India's DRDO with Action RAT *

Researchers Found New Variants of IcedID Loader Delivering Other Malware *

A New MacStealer Malware Targeted Mac Users and Stealing iCloud Keychain Credentials *

Apple Fixes WebKit Zero-Day Bug on Older iPhones *

Twitter Removes Source Code that Leaked on GitHub and Searching for Downloaders *

Attackers Targeting U.S. Taxpayers in New Emotet Phishing Campaign *

Critical Flaw in AI Testing Framework MLflow May Expose AI and Machine-Learning Models *

OpenAI Reveals About ChatGPT User Data Exposure Incident *

Microsoft Warn of Outlook Vulnerability Exploited by Russian Attackers *

Procter & Gamble Discloses Data Breach via GoAnywhere Zero-day *

Chinese Nuclear Energy Institutions Targeted by 'Bitter' Espionage Hackers *

Lionsgate's Streaming Network Reveals Over 37 Million Subscribers' Data *

Malicious Python Package Employ Unicode Technique to Evade Detection *

Researchers Disclose Chinese Nation State Hackers' New Attack Strategies *

Threat Actors Targeting 450 Financial Apps Using Android Banking Trojan *

Code Hosting Platform 'GitHub' Swiftly Replaces Exposed RSA SSH Key *

Play Ransomware Gang Publishes Data Stolen From Maritime Firm Royal Dirkzwager *

WordPress Fixed a Critical Vulnerability in WooCommerce Payments Plugin *

BlackGuard Stealer Targeting 57 Cryptocurrency Browser Extensions and Wallets *

Cisco Addressed High Severity Vulnerabilities in its IOS and IOS XE Software *

Microsoft Fixes Windows 11 Snipping Tool's Acropalypse Privacy Flaw *

Researchers Warn About Kimsuky Threat Group Stealing Gmail Content *

Researchers Published Proof-of-Concept (PoC) for Netgear Orbi Mesh Wireless System Vulnerabilities *

A Trojanized ChatGPT Chrome Extension Found Stealing Facebook Accounts *

CISA Warned on Critical Vulnerabilities in Industrial Control Systems Products *

Play Ransomware Gang Released Data Allegedly Stolen From Logistics Services Company Royal Dirkzwager *

Mozilla Fixes Firefox Crash Issue in Windows 11 and macOS Systems *

Hackers Employing New CommonMagic and PowerMagic Malware To Steal Victims' Information *

Threat Actors Targeting Linux Servers with Different Variants of ShellBot Malware *

Fraudsters Extort 1 Crore INR from 81 Users Via a Mobile Payment App *

Threat Actors Exploited a Zero-day Vulnerability in General Byte Bitcoin ATMs *

Ferrari, Italian Luxury Sports Car Manufacturer Discloses a Data Breach *

Realtek SDK, Huawei Routers, and Hadoop YARN Servers are Targeted by New HinataBot Botnet *

FBI, CISA and MS-ISAC Releases Advisory to Warns About LockBit 3.0 Ransomware Attacks *

New Trigona Ransomware Targets Australia, United States and European Countries *

Threat Actors Now Distributing Emotet Malware via Malicious Microsoft OneNote Files *

NBA Suffers Data Breach that Exposes its Fans' Personal Information *

Scammers Abuse Twitter’s 'Quote Tweet' Feature to Target Bank Customers *

Attackers Distributing Android Malware 'FakeCalls' in South Korea *

A Cyberattack at Latitude Financial Services Leads to Data Theft at Two Service Providers *

Google Warned About 18 Zero-Day Flaws in Samsung's Exynos Chipsets *

Attackers Abuse Adobe Acrobat Sign to Deliver Redline Info-Stealing Malware *

Mozilla Announced the Release of Firefox 111 with Dozen of Vulnerability Patches *

Attackers Hacked U.S Federal Agencies Using Old Telerik UI Vulnerability *

Researchers Discovered First Dero Cryptojacking Campaign Targeting Kubernetes *

Healthcare Provider ILS Suffered a Data Breach Exposing 4.2 Million Patient Data *

Researchers Disclosed the Technical Details of Critical Microsoft Outlook Vulnerability *

Tick APT Group Compromised a Data-Loss Prevention Company in East Asia *

CISA Added a Critical Adobe ColdFusion Vulnerability to its Known Exploited Vulnerability Catalog *

New Threat Group YoroTrooper Running Cyber-Espionage Campaign Against CIS Government Organizations *

Rubrik Suffers Data Breach in GoAnywhere Zero-Day Attack *

SAP Addressed Five Critical Vulnerabilities in its Security Updates *

Microsoft Patch Tuesday Security Advisory - March 2023 *

Euler Finance Lost $197 Million in Crypto in Flash Loan Attack *

Dark Pink APT Group Using KamiKakaBot Malware Against Southeast Asian Government and Military Entities *

A Massive Cyberattack Hijacks East Asian Websites to Redirect Victims to Adult Content *

Threat Actors Using AI-generated YouTube Videos to Spread Info-stealer Malware *

Researchers Discovered Critical Security Vulnerabilities in Akuvox E11 Video Doorphone *

Unidentified Attackers Target Government Networks by Abusing New FortiOS Bug in Zero-Day Attacks *

Researchers Disclosed a Cross-Site Search Vulnerability in OpenSea NFT Marketplace *

Researchers Found a New CASPER Attack that Leaks Data from Air-gapped Computers *

German Vehicle Manufacturer BMW Exposes Clients Data and Business Secrets *

U.S. Office Supply Distributor Essendant Suffers Multi-Day Outage *

Updated Version of Prometei Malware Found Infecting 10000 Systems Worldwide *

Clop Ransomware Gang Starts Extorting GoAnywhere Zero-Day Exploit Victims *

Researchers Found BATLOADER Malware Abusing Google Ads to Deliver Secondary Payload *

New Threat Actor UNC2970 Targeting Security Researchers Using New Custom Malwares Families *

Researcher Found New GoBruteforcer Malware Targeting Servers with phpMyAdmin, MySQL, FTP, Postgres Services *

CISA Adds Two Vulnerabilities to its Known Exploited Vulnerabilities Catalog *

Cerebral Healthcare Platform Suffered a Data Breach Affecting 3.18 Million Patients *

Researchers Found the New Variant of Xenomorph Android Malware Targeting Over 500 Banks *

Threat Actors Exploiting Remote Desktop Software Vulnerabilities to Spread PlugX Malware *

New Variant of IceFire Ransomware is Now Actively Targets Linux Systems *

Attackers Targeted Oracle WebLogic Servers with New ScrubCrypt Crypter *

A Chinese Hacking Campaign Targets Unpatched SonicWall SMA Appliances to Install Custom Malware *

AT&T Vendor Hack Results in the Disclosure of 9 Million Customer Records *

Researchers Reported About Bitwarden's Autofill Feature Flaw that can be Abused to Steal Credentials *

New Sharp Panda Campaign Targets Southeast Asian Government Entities with Soul Malware *

Veeam Addressed a High Severity Backup Services Vulnerability Affecting its Backup Infrastructure *

Fortinet Fixed a Critical RCE Vulnerability Affecting FortiOS and FortiProxy *

SYS01stealer: A New Attack Targeting Critical Infrastructure Enterprises Using Facebook Ads *

Transparent Tribe Hackers Employ Trojanized Messaging Apps to Distribute CapraRAT *

Microsoft Releases a Fix for Outlook Login Issues in Exchange Environments *

Acer Discloses Breach Following the Sale of 160GB of Data on a Hacking Site *

The March 2023 Android Update Addresses Two Critical Code Execution Flaws *

New HiatusRAT Malware Found Targeting DrayTek Vigor Routers for Data Theft *

Researcher Found Blackfly APT Group Targeting Asian Entities *

Experts Revealed About a Blind Spot in Google Cloud Platform that Leads to Data Exfiltration Attacks *

Researcher Published Proof-of-Concept for Microsoft Word's Critical RCE Vulnerability *

The Sandbox Blockchain Games’ Employee Account Hacked to Send Malware-Linked Emails *

Threat Actors Using Malicious Microsoft OneNote Attachments to Infect Windows Systems *

Researchers Found New FiXS ATM Malware Targeting Banks of Mexico *

Tennessee State University and Southeastern Louisiana Universities Suffers Cyberattack *

CISA and FBI Warn of Increased Royal Ransomware Attacks *

Researchers Found Thousands of Websites Compromised Using Stolen FTP Credentials *

Threat Actors Launch New Cryptojacking Campaign, Targeting Misconfigured Redis Database Servers *

Microsoft Fixed MMIO Information Disclosure Vulnerabilities in Intel CPUs *

Experts Uncover a Full-Featured Information Stealer and Trojan in a Python Package on PyPI *

Scammers Target Trezor Customers with Fake Data Breach Notifications *

Aruba Networks Patched Six Critical-Severity Vulnerabilities Impacting ArubaOS Versions *

Iron Tiger Attackers Create New Linux Version of their Custom SysUpdate Malware *

Cisco Addresses Critical RCE Vulnerability in Web UI of Multiple IP Phones *

BlackLotus is the First UEFI Bootkit Malware to Bypass Secure Boot Defenses on Windows 11 *

Microsoft Addressed a Global Outage Impacting its Exchange Online Mailboxes *

Blind Eagle Hackers Targeting Colombian Entities via Spear-Phishing *

Attackers Using Advanced Hacking Operation SCARLETEEL to Infiltrate Cloud Services *

Researchers Identified Pair of Security Defects in Trusted Platform Module (TPM) 2.0 *

American TV Giant Dish Network Confirms Ransomware Attack Behind Multi-Day Network Outage *

CISA Alerts on Active Exploitation of ZK Java Framework RCE Flaw *

Attackers Promoting New Exfiltrator-22 Post-Exploitation Framework to Spread Ransomware *

LastPass Releases Additional Information on December 2022 Password Vault Data Breach *

Researchers Found Mysterious Nevada Group Targeting Thousands of Cloud Servers *

Attackers Use LinkedIn URL Shortener to Send Amazon Prime Phishing Emails *

Two Critical Flaws in WordPress Houzez Theme and Plugin are Being Actively Exploited in the Wild *

U.S. Marshal Service Suffered a Data Breach Followed by Ransomware Attack *

Ohio’s Largest Oil Producer Encino Energy Targeted by Cyberattack *

ChromeLoader Campaign Now Distributing Malicious VHD Files Disguised as Game Programs *

Cyberattacks Target Data Center Organizations to Steal Information *

News Corp's Data Breach Statement Reveals Hackers were on it's Network for 2 Years *

Attackers Flood NPM Repository with 15000 Malicious Packages Containing Phishing Links *

American TV Giant Dish Network Suffers an Outage *

Stanford University Suffers Data Breach Affecting 897 PhD Applicants *

Researchers found Unknown Threat Actors Targeting Government Entities with PureCrypter Malware *

Pirated Final Cut Pro Software Targets macOS for Cryptocurrency Mining *

Researchers Discover a Cyber Group Employing Lilith RAT and Atharvan Malware to Target the Material Research Industry *

Dole, a Fruit and Vegetable Company, Hit by a Ransomware Attack *

Analysts Warn of Increasing Attacks Leveraging Zoho ManageEngine Products *

Canada’s Second Largest Telecom TELUS Investigating a Possible Data Breach *

Cisco Addresses High-Severity Vulnerabilities in its Application Centric Infrastructure Components *

Attackers Exploited R1Soft Server Backup Manager Vulnerability to Deploy Backdoor *

New S1deload Info-Stealer Malware Targets YouTube and Facebook Accounts *

Shipping and Medical Laboratories are Targeted by New Threat Actor Hydrochasma *

Hackers Using Fake ChatGPT Apps to Distribute Windows and Android Malware *

VMware Fixed a Critical Injection Flaw in Carbon Black App Control *

CISA Adds Three New Security Flaws to its Known Exploited Vulnerabilities Catalog *

Security Researchers Release the Proof-of-Concept Exploit for Critical Fortinet's FortiNAC RCE Flaw *

Researchers Found MyloBot Botnet Infecting Thousands of Systems Everyday *

Video Game Publisher Activision Suffered a Data Breach *

Pakistani Threat Actor SideCopy Targeting Indian Government Agencies Using ReverseRAT Backdoor *

Apple Updated its Security Advisories to Add New Class of Vulnerabilities *

Researchers Found a New Stealc Malware with Wide Range of Capabilities *

HardBit 2.0 Ransomware Operators Use Victim’s Insurance Details to Set Up Ransom Payment *

Samsung Adds New Security Feature to Protect Against Zero-Click Attack *

Indian Ticketing Platform RailYatri Suffered a Data Breach Affecting 31 Million Customers *

Attacker Targeted Coinbase Employees in Smishing Attack *

Attackers Using New Version of OxtaRAT Backdoor to Target Armenian Entities *

Researchers Found a New WhiskerSpy Backdoor Delivered via Trojanized codec Installer *

Threat Actors Exploiting Microsoft Exchange ProxyShell Vulnerabilities to Deploy Cryptocurrency Miners *

Experts Found Attackers Targeting South Korean Journalists with RambleOn Malware *

Researchers Found New Mirai Botnet Variant Targeting Linux and IoT Devices *

GoDaddy Reports a Multi-Year Security Breach it Suffered *

Threat Actors Targeted Microsoft IIS Servers with New Frebniis Malware *

Fortinet Patches Two Critical Security Flaws in FortiNAC and FortiWeb Product *

CISA Alerts on Windows and iOS Vulnerabilities Exploited as Zero-Days *

Louisiana HBCU's Xavier University Reported a Data Breach that Occurred in November 2022 *

Researchers Found an Authenticated RCE Vulnerability in Arris Router *

Scandinavian Airlines Suffered Cyberattack Exposing Customer Data *

Burton Snowboards Cancelled Online Orders Following Cyber Attack *

RedEyes APT Group Using New Malware 'M2RAT' to Steal Victims' Data *

Splunk Patches High Severity Vulnerabilities in its Enterprise Solution Update *

New Stealthy Malware 'Beep' is Very Focused in Avoiding Detection *

Tonga Communications Corporation Suffers Ransomware Attack *

Hyundai and Kia Car Thefts Rise due to TikTok Challenge *

Hackers Using New MortalKombat Ransomware and Laplas Crypto-Hijacker Targeting U.S Victims *

Community Health Systems Suffers Data Breach Affecting One Million Patients *

Microsoft Exchange Server 2013 Reaches End of Support Lifecycle in April 2023 *

Al-Toufan Hacking Group Targets Websites of Bahrain Airport and News Sites *

Microsoft Patch Tuesday Security Advisory - February 2023 *

United States’ Largest Bottler Pepsi Bottling Ventures Suffers Data Breach *

Garrison Women's Health Suffered Data Breach Affecting 4,000 Patients *

Apple Addressed New Actively Exploited WebKit Zero-Day Vulnerability *

Cloudflare Detects and Mitigates Largest Recorded DDoS Attack *

Modified Version of ESXiArgs Ransomware Blocks VMware Host Recovery *

New Ransomware Group DarkBit Targets Israel's Top Research University Technion *

Threat Actors Hacked Namecheap’s Email Account to Send Phishing Emails *

CISA Warns About North Korean Hackers Targeting Healthcare Organizations in Ransomware Attacks *

CISA Adds Three More Security Flaws to its Known Exploited Vulnerabilities Catalog *

Multiple Medical Groups in California Suffered a Ransomware Attack *

Researchers Found Malicious Packages on PyPI and NPM Repositories *

Play Ransomware Claims Attack on A10 Networks *

Clop Ransomware Gang Claims Exploiting GoAnywhere Zero-Day Flaw *

Microsoft Announces Retirement of Microsoft Support Diagnostic Tool (MSDT) and Troubleshooters *

Researchers Found Multiple Vulnerabilities in Wireless Industrial Internet of Things (IIoT) Devices *

NewsPenguin Threat Actor Targets Pakistani Entities in Phishing Campaign *

Russian Hackers Use Fake Crypto Job Offers to Push Enigma Malware *

Reddit Hit by Cyberattack that Allowed Hackers to Steal Source Code *

The Largest Canadian Bookstore Indigo Suffered a Cyberattack *

Researchers Found Russian Hackers Using New Graphiron Malware to Target Ukraine *

Ross Memorial Hospital in Lindsay Hit by a Cyberattack *

Munster Technological University (MTU) in Ireland Suffers a Major IT Breach *

Multiple Document Management Systems Found with Unpatched Security Vulnerabilities *

Google Released Chrome 110 that Addresses 15 Vulnerabilities *

Pharmaceutical Distributor AmerisourceBergen Hit by a Cyberattack *

Researchers Found New Medusa Botnet Targeting Linux Users *

GuLoader Malware Targets E-commerce Industry Using Malicious NSIS Executables *

Developers Release an Emergency Patch for GoAnywhere MFTaaS's Actively Exploited Zero-Day Flaw *

Researcher Disclosed a Flaw Detected in Toyota's Global Supplier Management System (GSPIMS) *

Google Chrome to End Support for Windows 7,8,8.1, Windows Server 2012, and 2012 R2 Starting February 2023 *

OpenSSL Releases a Patch to Fix High-Severity Vulnerabilities *

U.S. Cellular's Third-Party Vendor Suffers Data Breach Affecting its 52000 Customers *

Researchers Disclosed About High-Severity Format String Vulnerability Present in F5 BIG-IP *

India’s Largest Truck Brokerage Company FR8 Exposes 140GB of Information in a Data Leak *

TgToxic Malware is Targeting Android Users from Southeast Asia *

Hackers Mimicking Ukrainian Ministry Officials to Deploy Malware *

TruthFinder and Instant Checkmate Discloses a Data Breach Affecting 20 Million Consumers *

A New Wave of Ransomware Attacks Targeting ESXi Systems Using a VMware Flaw *

Major Internet and Power Outages Struck Bermuda *

A New Android Banking Trojan is Aimed at Brazilian Financial Institutions *

A GoAnywhere MFT Zero-day Flaw Enables Server Intrusion *

Florida Hospital Shuts Down its IT Systems Post a Cyberattack *

Threat Actors Targeting Vulnerabilities in SugarCRM and Oracle E-Business Suite *

Jira Software from Atlassian has a Critical Authentication Vulnerability *

Hackers from Iran's Oil Rig Using a New Backdoor to Steal Data from Government Agencies *

Hackers Use KoiVM Virtualization Technology to Evade Detection when Installing the Formbook Data Stealer *

North Korean Lazarus Hacking Group Stole 100GB of Data Via Campaign Named "No Pineapple!" *

Financial Software Provider, ION Group, has been Hit by a Ransomware Attack Affected Global Markets *

Cisco Addressed High-Severity Vulnerability in its IOx Application *

Car Retailer Arnold Clark Suffers a Data Breach Claimed by Play Ransomware *

Hackers Stolen the Details of 240,000 Skating Customers from Planet Ice *

Fraudulent Crypto Apps Infiltrate Apple App Store and Google Play Store *

BlackCat Ransomware Gang Claims an Attack on Solar Industries, an Industrial Explosives Manufacturer *

Hackers Used Google Fi Data Breach to Carry Out SIM Swap Attacks *

A Phishing Attack Against Latvia’s Ministry of Defense Linked to Russian Hacking Group *

Guildford County School Suffers a Cyberattack Resulting in Outage *

US Telecommunications Company Charter Communication Impacted by Third-Party Data Breach *

Indianapolis Housing Agency Suffers Ransomware Attack Affecting 212,910 Peoples *

Hackers Advertising New Golang-Based Malware via Telegram Channel *

Attackers Stole Encrypted Code-Signing Certificates of GitHub Desktop for Mac and Atom Apps *

Developers Disagree with a New Vulnerability Reported in KeePass Software *

QNAP Fixes a Critical Vulnerability in its NAS Devices *

UK Retail Company JD Sports Suffered a Data Breach Affecting 10 Million Customers *

A Critical Vulnerability in Lexmark Printers Affects Over 120 Models *

Researchers Found Gootkit Malware with New Components and Obfuscation Techniques *

ISC Patched Multiple High-Severity DoS Vulnerabilities in DNS Software Suite BIND *

Researchers Warn About Multiple Vulnerabilities in Healthcare Software OpenEMR *

Researchers Found Attackers Using Portable USB Storage Devices to Spread New Variant of PlugX Malware *

Several Malicious Apps have been Found on Google Play Store with Over 5 Million Downloads *

Hackers Using New SwiftSlicer Data Wiper to Infect Windows OS *

A Major Microsoft 365 Outage was Caused by a Change in WAN Router IP Address *

A Hacker Group Called Sandworm Attacked a Ukrainian News Agency with Five Data Wipers *

Researcher Found 75,000 WordPress Sites Still Using Vulnerable LearnPress Plugin Version *

Data Breach Against Two Health Service Organizations Affected 400,000 Individuals *

BayCare Clinic Suffers Data Breach Due to Tracking Pixel Used by Third Party Vendor *

German Airport's Websites, Administration Bodies, and Financial Sector Organizations Suffers DDoS Attack *

New Mimic Ransomware Uses 'Everything' Windows Search Tool to Encrypt Files *

The CISA of Federal Organizations Breached Using Legit Remote Desktop Software *

Phishing Campaigns Employ New Python RAT Malware to Target Windows *

Threat Actors Leveraging Critical Realtek SDK Flaw in Millions of Attacks *

North Korean Hackers Actively Harvesting Credentials in the Latest Cyberattacks *

Zacks Investment Research Security Breach Affects 820,000 Customers *

Researchers Found Threat Actors Abusing Google Ads to Spread Malware *

DragonSpark Attackers Group Use Golang Malware to Evade Detection *

Several Microsoft Services Including Teams, Outlook, Store Stop Responding: Microsoft Probes Outage *

Arm Mali GPU Vulnerability Leads to Arbitrary Kernel Code Execution and Root on Pixel 6 Phones *

A Vulnerability in Diksha App Exposed Personal Information of Millions of Indian Teachers and Students *

Zendesk Suffered Data Breach After its Employee Fell into Phishing Attack *

Security Researchers Disclosed Two Security Flaws in Samsung's Galaxy Store App for Android *

Apple Backported Security Patches for Zero-Day Vulnerability in Older iPhone and iPad Models *

Nunavut Energy Supplier Qulliq Energy Corporation Suffered a Cyberattack *

Roaming Mantis Adds New DNS Changer to its Android Malware to Hack WiFi Routers *

Costa Rica's Ministry of Public Works and Transport (MOPT) Hit by Ransomware Attack *

Riot Games’ Development Environment Compromised Via Social Engineering Attacks *

Drupal Patches Vulnerabilities that Lead to Information Disclosure *

Chinese Hackers Leverages a Fortinet Flaw as a Zero-day Exploit to Drop Malware *

Hackers Actively Using OneNote Attachments to Spread Malware *

Researchers Dismantle Massive Ad-fraud Operation Dubbed 'Vastflux' *

Over 19,000 End-of-life Cisco Routers Vulnerable to RCE Attacks *

The Windows 10 KB5019275 Preview Update Comprises 14 Fixes *

Vulnerabilities of Critical Significance OpenText Enterprise Content Management System Patched *

Gamaredon Company Utilizes Telegram to Launch Cyberattacks Against Ukraine *

Hackers May Abuse GitHub Codespaces Functionality to Host and Disseminate Malware *

Researchers Discovered a New Banking Trojan Hook with RAT Capabilities *

Researchers Discovered a Critical RCE Flaw Dubbed EmojiDeploy in Microsoft Azure Services *

T-Mobile Disclosed Data Breach Affecting 37 Million Customers' Personal Information *

Attackers Hacked 34,942 PayPal Users Accounts in Credential Stuffing Attack *

Cisco Announced Patches for a High-Severity SQL Injection Vulnerability in Unified CM and CM SME *

Oracle Addresses 327 Security Vulnerabilities in its January 2023 Critical Patch Update *

HR Management Platform Myrocket.co Exposed Personal Information of Millions of Job Candidates *

CERT Coordination Center Disclosed Critical Security Flaws in Netcomm and TP-Link Routers *

Researcher Found NjRAT Trojan Being Distributed Via New Earth Bogle Campaign *

MailChimp Suffers a Breach After Attackers Gained Employee Credentials *

CISA Alerts on Vulnerabilities in Siemens, GE Digital, and Contec ICS Products *

Researchers Warn of Critical RCE Vulnerability in Zoho ManageEngine Products *

Nissan North America Suffers Data Breach Due to Poorly Configured Third-Party Vendor Database *

Microsoft Azure Services were Vulnerable to Unauthorized Access to Cloud Resources *

Git Patched Two Critical Severity Security Flaws that Allow Hackers to Execute Arbitrary Code *

Threat Actor ‘Lolip0p’ Uploaded Three Malicious Packages on PyPi Platform *

ODIN Intelligence's Website Defaced and Breached *

DNV's ShipManager Software Suffers a Ransomware Attack Affecting Thousands of Shipping *

Vice Society Ransomware Gang Leaked Sensitive Data from University of Duisburg-Essen *

Hackers Leaked Sensitive Files From San Francisco Transit Police Online *

Researcher Found Android TV Box with Pre-installed Malware *

Cryptocurrency Wallet Provider MetaMask Warns Users of a New Address Poisoning Scam *

Majority of Cacti Servers Found Unpatched against Critical Vulnerability Resulting in Attacks *

The Website of Canada's Largest Alcohol Retailer Hacked to Steal Credit Card Information *

Researchers Found CircleCI Security Incident was Caused by Info-Stealing Malware *

Hackers Breached NortonLifeLocks's Password Manager Accounts *

Polyglot Files are Used by Cybercriminals to Distribute Malware Undetected *

WordPress Plugins Found Vulnerable to Critical SQL Injection Flaws along with PoCs *

Researchers Found EyeSpy Malware Being Spread Via Trojanized VPN Installers *

Attackers Exploiting a Patched FortiOS SSL-VPN Zero-day Vulnerability Against Government Networks *

IcedID Malware Attack Compromised Active Directory Domain *

Researchers Found Hackers Actively Exploiting a Critical Flaw in Control Web Panel *

Cisco Discovers Three Vulnerabilities in Asus Router Software *

Researchers Disclosed SymStealer Security Vulnerability in Google Chrome and Chromium-Based Browser *

Australia's Fire Rescue Victoria Suffers Data Breach Claimed by Vice Society Ransomware Gang *

Gootkit Loader Abuses VLC Media Player to Infect Australian Healthcare Organizations *

Google Released Chrome 109 to Fix 17 Vulnerabilities *

New Advanced Threat Actor Dark Pink Using Custom Malware Against Government and Military Entities *

Cisco Warns About Critical Auth Bypass Vulnerability Found in End-of-Life Routers *

Scattered Spider Threat Actors Employing Vulnerable Intel Drivers to Evade Detection *

UK's Leading Mail Delivery Service Royal Mail Suffers Severe Service Disruption Following Cyberattack *

CISA Adds Two More Security Flaws to its Known Exploited Vulnerabilities Catalog *

Security Researchers Found Cryptographic Weaknesses in Threema Messaging App *

Zoom Fixes Multiple Flaws Exposing Windows and macOS Users *

Iowa's Largest School District Des Moines Public School Hit by Cyberattack *

StrongPity Hackers Targeted Android Users with a Trojanized Version of Telegram App *

Over 1,300 Fake AnyDesk Sites Found Delivering Info-Stealing Vidar Malware *

Auth0 Project Releases a Patch for RCE Flaw in the JsonWebToken Library *

Scammers Abusing Open Redirect on the UK DEFRA Website to Redirect Visitors to Fake Dating Sites *

Hackers Breached Kubernetes Clusters as Part of a Malware Campaign Via PostgreSQL Database *

CISA Alerts on High-Severity Vulnerabilities Affecting Hitachi Energy Products *

Russian Threat Group Cold River Targets Three US Nuclear Research Laboratories *

Attackers Spreading NetSupport Malware Masquerading as Pokemon Card Game to Infect Users *

MedStar Mobile Healthcare Suffers Ransomware Attack Affecting 612,000 Customers *

Threat Actors Using CAPTCHA Bypass Tactics on GitHub in Freejacking Campaign *

Hackers Bypass Firewalls Restrictions Using CloudFlare Tunnels *

Air France and KLM Suffers Data Breach; Several Customers Accounts Hacked *

Fast Food Restaurant Chain 'Chick-fil-A' Suffers Data Breach *

Rackspace's Customer Data Accessed in Ransomware Attack *

Microsoft Releases Temporary Patch for ODBC Database Connection Issues *

A New Variant of Dridex Malware Actively Attacking Windows OS and macOS Systems *

CircleCI Releases a Security Alert to Warn Users about Cyber Attack *

Bluebottle Hackers Attacked Banks Using Signed Windows Drivers *

Database of Cricketsocial.com Exposed Private Customer Data and Administrator Credentials *

Five Guys Burger Chain Suffers Data Breach Impacting Job Applicants *

Researchers Found Sudden Increase in SpyNote Android Malware Infection Rates *

New SHC-Compiled Linux Malware Found Installing Cryptominers and DDoS Bots *

Multi-Flaw Updates are Released for Qualcomm Chipsets and Lenovo ThinkPad *

Zoho Patches a Critical SQL Injection Vulnerability in its ManageEngine Products *

Multiple Car Brand's API Flaws Exposed Owner's Personal Data *

Fortinet Released Patches for High-Severity Vulnerabilities Found in FortiADC and FortiTester *

LockBit Ransomware Group Claims Ransomware Attack on Los Angeles Housing Authority *

Royal Ransomware Group Claims Data Breach Attack on Queensland University of Technology *

Threat Actors Using Stolen Information of Colombian Bank Customers as Lures in Phishing Emails *

Synology Fixed Critical Vulnerability in VPN Plus Server Software *

PyTorch Admins Reveals About Malicious PyTorch-nightly Dependency *

Bristol Community College Hit by Ransomware Attack *

A Telekom Malaysia Company Suffers a Data Breach Affecting Over 250,000 Customer Accounts *

Scripps Health Agrees to Pay $3.5 million to the Victims Affected in the 2021 Data Breach *

Jakks Pacific Toy Production’s Servers Suffers Ransomware Attack, Hive and BackCat Group Leak Data *

Royal Ransomware Group Claims Cyber attack on Iowa’s Public Broadcasting Network *

The LockBit Ransomware Gang Claims Cyberattack on Port of Lisbon in Portugal *

CISA Warns of Vulnerabilities Impacting TIBCO Software's JasperReports Product *

A Canadian Mining Firm Shuts Down a Mill After it was Attacked by Ransomware *

WordPress Sites are Being Backdoored by New Linux Malware Using 30 Plugin Exploits *

Cert-In Warns Indian Users on LastPass Data Breach and NetApp OnCommandInsight Vulnerability *

Anonymous Twitter User Published 10,000 API Keys of Crypto Trading Platform 3Commas *

CISA Warns of Several Vulnerabilities in Rockwell Automation Controllers *

Royal Ransomware Gang Claims Responsibility for Cyberattack on Telecom Company Intrado *

NETGEAR Fixes a High Severity Vulnerability Affecting Multiple Models of its Wi-Fi Routers *

Hackers Moved their Initial Infection Vector Towards Malicious Excel Add-in Files *

Attackers Abusing Google Ads to Spread Trojanized Software Products *

Hive Ransomware Claims Attack on Louisiana Hospital Impacting 270,000 Patients *

Citrix Patches Critical Severity Vulnerabilities in its ADC and Gateway Servers *

Sargent and Lundy Energy Firm Suffered a Data Breach that Impacted Personal Information of 6,900 Individuals *

A Hacker Claims to have Stolen Data of 30 Million Indian Railways Users *

New YouTube Bot Malware Found Stealing Sensitive Data *

North Korean Lazarus APT Group Targeting NFT Investors in Phishing Campaign *

BlueNoroff Threat Actors Adopted New Techniques to Bypass Windows MotW Protection *

Researchers Found a Password Vulnerability in ZyXEL Indoor Routers *

BTC.com Suffers a Cyberattack Losing Cryptocurrency Worth $3 Million *

New GuLoader Malware Found Adopting New Anti Analysis Techniques to Evade Detection *

Hackers Targeted Bitkeep Wallet Users in Cryptojacking and Drained $8M in Assets *

Researchers Warn of Critical Linux Kernel Vulnerability Affecting SMB Servers Enabled with ksmbd *

Cincinnati State Technical Community College Suffers a Cybersecurity Breach *

Researchers Disclosed a High-Severity Flaw in Kyverno’s Container Image Signature Verification Mechanism *

Researchers Discovered Critical Authentication Bypass Vulnerability in Ghost CMS *

Microsoft Silently Fixed Cross Tenant Network Bypass Flaw in its Azure Container Service *

Researchers Uncover W4SP Stealer in Multiple PyPI Packages Under Various Names *

Threat Actors Deploy New Info-stealer Malware to Infect Software Pirates *

Hackers Actively Exploit WordPress Gift Card Plugin with 50K Installations *

Researchers Warn Indian Officials About Kavach 2FA Phishing Attacks *

Widespread 2FA Bypass Attacks Hit Comcast Xfinity Accounts *

LastPass Suffers a Data Breach Exposing Customer Vault Data *

FIN7 Hackers Use an Auto-Attack Platform to Breach Vulnerable Exchange Servers *

A Hacker Leaked Customer Data of Betting Firm BetMGM on Hacking Forum *

Researchers Disclosed Multiple High-Severity Flaws in Password Management Solution Passwordstate *

The Zerobot Botnet is added with New Capabilities and Exploits New Vulnerabilities *

Researchers Discovered Banking Trojan 'GodFather' Targeting 400 Banks and Crypto Exchanges Applications *

Hackers Gained Profit from Hacking JFK Airport's Taxi Dispatch System *

Hackers Targeted Telecom and Government Systems with Raspberry Robin Worm *

Attackers Hacked Private GitHub Repositories of Okta Company *

Researchers Found Malicious Packages with 'W4SP' Info-Stealer Malware on PyPi Platform *

Hackers Targeting Brazilian Banking Users with New Android Trojan BrasDex *

Security Researchers Suspect KMSdBot Botnet Offering DDoS-for-Hire Services for Attackers *

Researchers Found New Microsoft Exchange Exploit Used by Play Ransomware to Breach Servers *

Phishing Sites Distributing DarkTortilla Malware *

Researchers Found Fake Malicious ‘SentinelOne’ Package on PyPi Repository *

Meta Platforms Took Down Fake Accounts Operated by Nearly 200 Spyware Vendors Across the Globe *

Play Ransomware Gang Claims Cyberattack on Hotel Chain 'H-Hotels' *

Microsoft Reclassified a Windows Vulnerability as Critical Severity *

Department of Healthcare and Human Services Reports Data of 254K Patients Being Compromised *

Colombian Energy Company EPM Hit by BlackCat Ransomware Attack *

CRM Platform SevenRooms Suffers Data Breach Exposing Customers’ Information *

Samba Releases Security Updates to Address Multiple High Severity Vulnerabilities *

After Being Disrupted by Google, Glupteba Malware is Back *

FBI Warns About BEC Attacks Targeting Food Shipments *

CISA Adds Critical Veeam Backup and Replication Vulnerabilities to its Known Exploited Vulnerabilities Catalog *

Microsoft Warns New Minecraft DDoS Malware Infecting Windows, Linux and IoT Devices *

Researchers found a New MirrorStealer Malware Targeting Japanese Politicians *

Ukrainian Government Networks Breached Using Trojanized Windows 10 Installers *

New Phishing Campaign Uses Facebook Posts to Evade Email Security *

Hacker Posted Social Blade's User Data on Hacking Forum Stolen in Data Breach *

5.7M Gemini Users’ Personal Information Leaked in Third-Party Vendors’ Data Breach Incident *

FuboTV Suffers Streaming Outage Due to Cyberattack *

Australia's TPG Telecom Suffers a Data Breach Affecting 15,000 Customers *

Ransomware Hackers Using Microsoft-Signed Drivers to Access Systems *

FBI Seizes 48 Booter or Stresser Online Platforms that Used for DDoS Attacks *

Unknown Threat Actors Uploaded 144,000 Phishing Packages on NuGet, NPM, and PyPi Open-Source Package Repositories *

Microsoft Fixes the LSASS Memory Leak Flaw Affecting Windows Servers *

VMware Releases Patches for Critical Security Vulnerabilities in ESXi and vRealize *

Microsoft Patch Tuesday Security Advisory - December 2022 *

Stalkware Application Xnspy Found Stealing Data from Thousands of iPhone and Android Devices *

A New Python Backdoor Allows Hackers to Access Compromised VMware ESXi Servers Remotely *

The Global Pravasi Rishta Portal of the Indian Foreign Ministry Leaks Passport Information *

Apple Addressed New Actively Exploited Zero-Day Vulnerability in its Security Updates *

LockBit Ransomware Gang Claims Ransomware Attack on Finance Department of California *

Hive Ransomware Group Claims Attack on Knox College *

Fortinet Released Emergency Patch for Already Exploited FortiOS SSL-VPN Vulnerability *

Nearly 360,000 Individuals' Information was Affected in Ontario COVID-19 Vaccine Data Breach *

A Cryptocurrency Mining Campaign Infects Linux Users with Go-Based Malware Called CHAOS *

Uber Suffers a Data Breach After an Attack on its Third-Party Vendor *

An Iran-Backed MuddyWater Campaign Abuses the Syncro Remote Administration Tool *

Australian Telecom Firm Telstra Apologizes for Data Leak that Exposed 130,000 Customer's Data *

Air Gapped PCs Highly Vulnerable to Data Theft via Power Supply Radiation *

Rackspace Issues a Phishing Warning Following a Ransomware Incident *

Cisco Warns Companies of High Severity Unpatched Flaw Affecting IP Phones Firmware Globally *

Researchers Disclose a Novel Attack Method to Bypass Popular Web Application Firewalls *

An Updated TrueBot Variant Exploiting the Netwrix Auditor Bug and the Raspberry Robin Worm *

Researchers Discover Drokbk a New Malware that Leverages GitHub as a Dead Drop Resolver *

Iranian Hackers Target the Diamond Industry with Fantasy Data-Wiping Malware *

Formbook Malware is Distributed via Trojanized OneNote Document *

Hive Ransomware Group Targeted French Sports Brand Intersport *

CommonSpirit Health Suffered Ransomware Attack that Exposed Data of 623,000 Patients *

Cisco Discloses a High Severity Vulnerability Affecting its IP Phones 7800 and 8800 Series *

New Zerobot Malware Leveraging more than 21 Flaws in Zyxel Firewalls, F5 BIG-IP, D-Link Routers *

Compromised WordPress Plugins Redirect Website Visitors to Push Notification Scam *

Attacker Tried Over 6,000 Attempts to Hack ICMR Server *

The Vice Society Ransomware Gang Targeted more than 30 Schools in 2022 *

Hackers Breached CloudSEK's Confluence Server Using Stolen Employee Credentials *

Attackers found Vulnerability in SiriusXM Platform to Unlock and Start Cars Remotely *

Amnesty International Canada was Allegedly Targeted in Cyberattack by Beijing *

Researchers Discovered Largest Dark Web "In The Box" *

Antwerp's Digital Partner Suffered a Cyberattack Disrupting the City's Digital Services *

VTB Bank, Russia's Second Largest Financial Institution, Suffers Massive DDoS Attack *

Hackers Selling Personal Data Of 150,000 Patients of Tamil Nadu's Sree Saran Medical Centre *

The André-Mignot Teaching Hospital in France Suffers a Ransomware Attack *

A Chain of Three Harmless Linux Vulnerabilities could Allow Hackers to Gain Full Root Privileges *

A Vulnerability in IBM Cloud Databases for PostgreSQL Allows Unauthorized Access *

Researchers Found Malicious Android Apps with More than Two Million Downloads on Google Play Store *

New Zealand Health Insurer Accuro Suffered a Cyberattack Affecting 34,000 Customers’ Data *

North Korean Hacking Group Using New and Fake Crypto Apps to Breach Networks and Steal Cryptocurrency *

Google Fixes a Ninth Zero Day Vulnerability in its Chrome Browser Update *

The Previously Undocumented Data Wiper CryWiper Masquerades as a Ransomware *

Attackers Targeting Unpatched Redis Servers to Drop New Redigo Backdoor *

Multiple Platform Certificates Used by Android OEM Device Vendors used to Digitally Sign the Malware *

Colombian Healthcare Provider Keralty Suffers Ransomware Attack that Disrupts its Operations *

The Schoolyard Bully Malware Infected more than 300,000 Devices to Harvest Facebook Account Credentials *

New DuckLogs Malware-as-a-Service Found to Be Used By Thousands of Cybercriminals *

Researchers Found Some NPM Tools Fail to Display Security Flaws *

NVIDIA Patches Critical GPU Display Driver Vulnerabilities in Windows and Linux *

North Korean Attackers Using New Dolphin Backdoor to Spy on South Korean Targets *

Google Released Chrome 108 to Fix High-Severity Memory Safety Vulnerabilities *

Hackers Breached GoTo's Dev Environment and Cloud Storage; Impacting its Affiliate 'LastPass' *

Researcher found Outdated OpenSSL used in Dell, HP, and Lenovo Devices *

Hive Ransomware Claims Responsibility for Attack on Guilford College in North Carolina *

Attackers using Trigona Ransomware in Increasing Worldwide Attacks *

Malicious Android App 'Symoo' Detected with 100,000 Installs on Google Play Store *

Lanner Patched Over a Dozen BMC Firmware Vulnerabilities *

Southampton County in Virginia Disclosed Theft of Individuals' Personal Information Following Ransomware Attack *

Acer Releases Patches for High Severity Vulnerability Allowing to Disable Secure Boot *

Scammers Used FC Barcelona's Website Domain for Third-Party Fraud Campaign *

Over 5.4 Million Twitter Users' Records are Freely Available on a Hacking Forum *

Researchers Discovered A Critical Remote Code Execution Vulnerability in Windows Internet Key Exchange *

A Ransomware Group Aimed at Belgian Municipality But Hits the Police Instead *

New Ransomware Attacks Targeting Ukraine Organizations Linked to Russian Sandworm Group *

Google Patches a Zero-Day Vulnerability in its Chrome Browser Update *

The Vice Society Ransomware Group Claims Responsibility of Attack on Cincinnati State College *

Hackers Target Windows Gamers with Miners and Info-Stealers via Fake MSI Afterburner *

Researchers Detected New Stealthy Variant of RansomExx Ransomware Developed Using Rust Programming Language *

Hackers Included Spyware in New Variants of SoftVPN and OpenVPN Trojan Software *

Millions of Android Devices Require Patches for ARM Mali GPU Vulnerabilities *

Ducktail Threat Actors Targeting Facebook Business Accounts via WhatsApp *

Security Researchers Disclosed a Cross-Tenant Vulnerability in AWS AppSync Service *

Pro-Russian Hackers Claim Responsibility for DDoS Attack on European Parliament Website *

Delhi's AIIMS Server Suffers a Cyberattack Disrupting Patient Care Services *

Issue in Sophos and McAfee Scanning Engines results in Bypass of Cisco Secure Email Gateway Filter *

Researchers found Sudden Spike in World Cup-Themed Phishing Emails *

The Sharkbot Banking Trojan Distributed via Fake Android File Managers *

Threat Actors Targeted Discontinued Boa Web Servers to Infiltrate Energy Organizations *

More than 1500 Mobile Applications Leaking Algolia API Keys *

An Info-Stealing Google Chrome Extension 'VenomSoftX' is Used to Steal Cryptocurrency and Passwords *

Researchers Found Cybercriminals Increasingly Adopted Aurora Infostealer Malware in their Operations *

Attackers Trying to Bypass 2FA of Crypto Exchange Platforms Via Team Viewer and Fake Support Chat *

Hacking Group Daixin Team Claims to have Stolen 5 Million AirAsia Passengers' and Employees' Data *

DraftKings’ Customers Suffer Credential Stuffing Attack Resulting in Loss of $300,000 *

New AXLocker Ransomware Group Stealing Discord Accounts of Infected Users *

Attackers Using Google Ads to Spread Royal Ransomware *

New Variants of LodaRAT Malware are Being Deployed in Conjunction with Other Sophisticated Malwares *

Hackers Employing a Windows Zero-day Vulnerability to Deploy QBot Malware *

Indian Central Depository Services Limited Reveals About its Network Being Compromised by Malware *

Over 22000 Students Targeted in Credential Phishing Attack Impersonating Instagram *

Critical Omron PLC Vulnerability Exploited by Sophisticated Malware Targeting Industrial Control Systems *

Atlassian Fixes Critical Vulnerabilities in Crowd Server and Bitbucket Server *

Samba Addresses Vulnerability Resulting in DoS Attacks and Remote Code Execution *

Chinese Hackers Deliver Custom Malware to Government Organizations via Google Drive *

Previously Unknown ARCrypter Ransomware Expanding its Attacks Worldwide *

Researchers Discovered a New Version of RapperBot Malware Targeting Gaming Servers *

Researchers Discovered a Phishing Kit Impersonating Well-Known Brands to Target US Consumers *

Attackers Abusing a DLL Hijacking Flaw in the Windows 10 Control Panel to Infect Systems *

Disneyland Cybercrime Group Uses Punycode to Spoof Popular Bank Brands` *

F5 Addresses Several Security Flaws and Issues in its Products *

CISA Revealed About Federal Agency Being Hacked by Iranian Hackers Using Log4Shell Exploit *

Pro-Russian Hackers Claim Responsibility for DDoS Attack on FBI Websites *

Mozilla Announced the Release of Firefox 107 with Patches of High Impact Vulnerabilities *

Hundreds of Amazon RDS Instances Leak Users’ Personal Information *

PCspooF Vulnerability in TTE Affecting Network Technology used in Aircraft and Spacecraft *

State-Sponsored Chinese Hacking Group Targeting Government and Defense Organizations in Asian Countries *

Security Researchers Disclosed Details of Security Flaws in Zendesk Analytics Service *

Spotify's Backstage Developer Platform is Vulnerable to Critical RCE Flaw *

Researchers Discovered New Version of DTrack Backdoor Targeting European Organizations *

Researchers Discovered New KmsdBot Malware Mining Cryptocurrency and Launching DDoS Attacks *

'Fangxiao' A Malicious For-Profit Group Uses 42,000 Sites for Brand Impersonation Scheme *

Researchers Identified an Information Disclosure Vulnerability in Aiphone Intercom Products *

Russian Hackers Infected Ukrainian Organizations with New Somnia Ransomware *

New Phishing Campaign Targeting Spain Taxpayers to Steal Bank Details *

Cisco Addresses 33 Vulnerabilities in its Enterprise Firewall Products *

Foxit Patches Four Code Execution Vulnerabilities in its PDF Reader *

A New Extortion Scam Threatens to Leak Websites Sensitive Information Globally *

A 24 Hour Outage has Rendered Royal Mail Tracking Unavailable *

Sobeys a Canadian Food Retail Giant Hit by Black Basta Ransomware *

New Android Spyware BadBazaar Linked to Chinese Cyberspies *

Two Malicious Android Apps Spotted Distributing Xenomorph Banking Trojan *

US Confiscates 18 Domains Used for Recruiting Money Mules *

New Version of IceXLoader Malware is Dropped Via Phishing Emails *

Threat Group ‘Worok’ Concealing New Information-Stealing Malware in PNGs *

Android Spymax RAT Malware Targets the Indian Defense Forces *

Lenovo Fixes High Severity Vulnerabilities Allowing Attackers to Deactivate UEFI Secure Boot *

New Information-Stealing Malware StrelaStealer Targeted Outlook and Thunderbird Accounts *

Intel and AMD Addresses Multiple Vulnerabilities in its Patch Tuesday Updates *

SAP Released Patches for Critical BusinessObjects and SAPUI5 Vulnerabilities *

Massive Google SEO Poisoning Campaign Hacks 15,000 Sites *

LockBit 3.0 Ransomware Distributing Amadey Bot Malware Via Phishing Emails *

Cloud9 Chrome Botnet Using Malicious Extensions to Remotely Control Victim's Browsers *

Citrix Patches a Critical Authentication Bypass Vulnerability in its ADC and Gateway Product *

VMware Patches Three Critical Vulnerabilities in Workspace ONE Assist *

Siemens and Schneider Electric Addresses Several Security Vulnerabilities in its Products *

SocGholish Operators Expands its Malware Staging Infrastructure to Counter Defenders *

Cyberattack on PNORS Technology Leads to the Breach of Victorian School Students' Health Records *

The Largest Canadian Food Company Maple Leaf Foods Encountered Cyberattack *

The Robin Banks Phishing-as-a-Service (PhaaS) Platform Back to Steal Bank Accounts *

Hackers Abusing Microsoft Dynamic 365 Customer Voice in Phishing Attack *

CISA Warns About Critical Vulnerabilities in Three ICS Software *

Apple Releases Xcode Update to Patch Git Vulnerabilities *

Verified Twitter Users are Targeted by New Phishing Attack *

New Crimson Kingsnake Group Impersonating Law Firms in Business Email Compromise BEC Attacks *

Indian Government Employees are Being Targeted by a New Malware Campaign *

Users Across the Globe are Facing Issues in Accessing Twitter *

RomCom RAT Malware Distributed via Websites Impersonates SolarWinds NPM, KeePass, Veeam Software *

LockBit Ransomware Gang Claims Cyberattack Against German Manufacturing Company Continental *

Cisco Fixed High-Severity Vulnerabilities in Email, Identity, and Web Security Products *

ALMA Radio Telescope Suffers Cyberattack Forcing it to Suspend All Operations *

Splunk Addresses 9 High-Severity Vulnerabilities in its Enterprise Product *

Fortinet Fixed 6 High-Severity Vulnerabilities in its Multiple Products *

Researchers Disclosed Multiple Vulnerabilities in Checkmk's IT Infrastructure Monitoring Software *

Threat Actor Distributing Malware Via Hundreds of U.S. News Sites *

Malicious PyPI Packages Found Dropping 'W4SP' Info-Stealing Malware *

Infamous Emotet Malware Resumed its Operation After Five-Month Break *

Vodafone Italy Disclosed Data Breach After their Reseller FourB Hit by Cyberattack *

Hacker Steals 130 GitHub Repositories from Dropbox in Data Breach *

Malicious VPN Application Infects Android Users with SandStrike Spyware *

Malicious Android Apps Downloaded Over One Million Times Spotted on Google Play Store *

OpenSSL Releases Patches to Fix Two High Severity Vulnerabilities in Open-Source Library *

Microsoft Fixed a Critical RCE Vulnerability Detected in Azure Cosmos DB Jupyter Notebooks *

Cyberattack on Air New Zealand Compromises Multiple User Accounts *

Threat Actors Abusing Antivirus Software to Drop LODEINFO Malware Targeting Japanese Organizations *

Australian Defense Contractor Suffers Ransomware Attack *

Researchers Discovered a Security Vulnerability in Galaxy Store App for Samsung *

Label Printing Giant Multi-Color Corporation Confirmed Data Breach *

Bed Bath & Beyond Inc Suffers a Data Breach *

U.S. Bank Reveals Data Leak Affecting 11,000 Customers *

See Tickets Suffers a Major Card Data Breach Lasting for 2.5 Years *

Michigan Medicine Suffered Data Breach Impacting 33K Patients *

ConnectWise Fixes the RCE Flaw that Left Thousands of Servers Vulnerable to Attacks *

Twilio, A Cloud Communications Company Discloses Another Data Breach *

Google Patches the Seventh Zero-Day Vulnerability in its Chrome Browser *

Cyberattack on Aurubis Forces IT Systems to Shut Down *

Researchers Discover Android Malware Droppers on Google Play with 130K Installations *

Threat Actors using Clop Ransomware to Encrypt Devices Previously Infected with Raspberry Robin Worm *

The Latest Fodcha Botnet Featuring Ransom Demands has Emerged *

Drinik Android Malware Impersonating Official Tax Management Tool Targeting Users of 18 Indian Banks *

Australian Clinical Labs Disclosed Data Breach After Months of Data Leak Post *

Microsoft Fixed Sync Issue in the Vulnerable Driver Blocklist *

Medibank Confirms Hackers had Accessed the Customer's Personal Information During Ransomware Attack *

New Version of FurBall Android Malware Used for Spying Iranian Citizens *

Advocate Aurora Health (AAH) Suffers Data Breach that Exposing Data of 3 Million Patients *

Ursnif Malware Switches from Stealing Bank Accounts to Gaining Access to Computers *

Hackers Exploit Microsoft Azure SFX Vulnerability to Hijack Service Fabric Clusters *

Apache Patched RCE Vulnerability in its Open-Source Commons Text Library *

WordPress Fixed 16 Vulnerabilities with Security Update 6.0.3 *

Researchers Uncovered a Previously Undetected PowerShell Backdoor Infected Over 60 Users *

Microsoft Suffers Data Breach Due to Misconfigured Server that Exposes Customers’ Information Online *

Cobalt Strike Releases Out-of-Band Security Update for Critical RCE Vulnerability *

DiceyF Attackers Deploying GamePlayerFramework in Attacks Against Asian Casinos *

Hackers Targeted Hong Kong Government Agency's Network in a Year-Long Campaign *

Ransom Cartel Ransomware Shares Similar Traits with the Notorious REvil Ransomware *

Black Basta Ransomware Gang Employing Qakbot to Drop Brute Ratel C4 Framework *

MyDeal Suffers Data Breach where 2.2 Million Customers' Personal Information was Stolen *

Australia's Largest Health Insurance Company Medibank Suffers Ransomware Attack *

A Zero-Day Vulnerability in Windows Mark of the Web Receives Free Unofficial Patch *

End of Life for Over 45,000 VMware ESXi Servers *

Venus Ransomware Encrypting Windows Devices via Publicly Exposed Remote Desktop Services *

New PHP Version of Ducktail Malware Targeting Facebook Business Accounts *

Zimbra Zero-Day Vulnerability Leveraged to Compromise Over 900 Servers *

Microsoft Researchers Discovered A New Prestige Ransomware Targeting Organizations in Ukraine and Poland *

Colombian Govt Suffers Data Leak Exposing Secret Australian Police Agents *

India's Largest Electric Utility Company Tata Power Hit by Cyberattack *

Microsoft Office 365 Could Expose the Content of Messages due to Vulnerable Email Encryption Mode *

Hackers Distributing Android Banking Malware Copybara Via TOAD Tactics *

Magniber Ransomware Target Windows Users Via Fake Antivirus and Security Updates *

A Critical Flaw in Siemens SIMATIC PLCs Allows Hackers to Steal Cryptographic Keys *

Cloudflare Mitigates Largest DDoS Attack Aimed at Gaming Platform Minecraft's Server *

Windows, MacOS, and Linux Systems Targeted by New Alchimist Attack Framework *

Scammers Abusing Google Forms in New Covid-19-Themed Phishing Campaign *

Unofficial WhatsApp Application 'YoWhatsApp' is Stealing User's Account *

Hackers Creating Typo-Squatted Clone Packages to Trick Developers for Supply Chain Attacks *

Aruba Addressed Critical RCE and Authentication Bypass Bugs in its EdgeConnect Enterprise Orchestrator *

POLONIUM Threat Group Uses Creepy Malware in Cyber Espionage Against Israeli Organizations *

Microsoft Exchange Servers Targeted to Drop Lockbit Ransomware *

Researchers Warn of a Critical RCE Vulnerability in VM2 Sandbox Library *

Adobe Fixes Critical Flaws in ColdFusion, Adobe Commerce and Other Products *

Microsoft Patch Tuesday Security Advisory - October 2022 *

Caffeine, a Phishing-as-a-Service Platform Makes it Easy to Launch Phishing Attacks *

Researchers Disclosed New Emotet's Delivery and Evasion Techniques *

Toyota's Access Key Mistakenly Exposed on GitHub Leaking Customer Data *

Pro-Russian Hackers Take Down US Airports' Websites with Large-scale DDoS Attacks *

Android Security Updates for October Patches Critical Vulnerabilities *

Hackers Targeting Solana Cryptocurrency Owners via Fake Phantom Security Update *

Dark Web Carding Market BidenCash Leaks Details of 1.2 Million Stolen Credit Cards *

Source Code of Intel Alder Lake's UEFI Firmware has been Leaked *

Callback Scammers Strengthen their Social Engineering Techniques *

Taiwanese Chipmaker 'ADATA' Denies RansomHouse's Recent Data Breach Claims *

Fortinet Patches Critical Auth Bypass Flaw in FortiGate Firewalls and FortiProxy Web Proxies *

Threat Actors Actively Exploiting a Zero-Day RCE Vulnerability in Zimbra Collaboration Suite *

Eternity Hackers Group Offering New LilithBot Malware-as-a-Service Via Telegram Channel *

Newly Patched macOS Archive Utility Vulnerability Details Released *

Telstra's Third-Party Platform Suffers a Breach Exposing its Employee Information *

A New Bug found in Linux Kernel 5.19.12, Which Damages Intel Laptop Displays *

Hackers Breach the Tucson City's Network and Stolen the Information of Over 125,000 People *

Researchers Discovered New 'Maggie' Backdoor Targeted Several Microsoft SQL Servers *

Consumer Banking Company Chase Bank Suffers Outage which Affects UK Customers *

Live Chat App Comm100 Trojanized to Spread Malware in Supply Chain Attack *

US Alert: Hackers Using New Custom Malware to Steal Data from US Defense Organization *

Hackers Injecting Malicious JavaScript on Scammer's Crypto Sites to Steal Crypto Funds *

A Popular Chinese-language YouTube Channel found Distributing Malicious Tor Browser Installer *

A High-severity Vulnerability in Packagist PHP Repository could Lead to Supply Chain Attack *

Cheerscrypt a Linux-Based Ransomware Linked to Chinese Hackers *

Researchers Warn Microsoft Exchange Zero-Day Mitigation can be Bypassed for On-premise Servers *

Hackers Selling Fake Microsoft Exchange ProxyNotShell Exploits on GitHub *

BlackCat Added NJVC to its Data Leak Site *

Threat Actors Abusing Web Browser App Mode to Create Desktop Phishing Pages *

After Data Leak, Retail Chain 'DNS' Confirmed Data Breach *

CISA Adds Critical Bitbucket Server and Microsoft Exchange Vulnerabilities to Known Exploited Vulnerabilities (KEV) Catalog *

Hackers Exploiting Vulnerable WordPress Websites to Inject SolarMarker Malware *

Unknown Attacker Hacked Shangri-La Hotel Group's Customer Database *

Researchers Discovered Several Fake LinkedIn Profiles for CISOs of Large Organizations *

Cisco Fixed Several High-Severity Vulnerabilities in its Networking Software *

Lazarus Attackers Using New BYOVD Technique in Cyberattacks *

Scammers Dropping Cobalt Strike Beacons via Fake US Govt Job Offers *

Microsoft Confirms New Exchange Zero-Day Flaws are Being Exploited in Wild *

Microsoft Discovered Lazarus Hackers Weaponizing Open-Source Software *

Indian Government Swachh City Platform Suffers Data Breach *

Researchers Discovered New Zero-Day Vulnerabilities in Microsoft Exchange Being Actively Exploited in Attacks *

Hackers Using New Malware to Backdoor VMware ESXi Servers *

Hackers are Exploiting Ethernet VLAN Stacking Flaws to Launch DoS, MiTM attacks *

Researchers Uncovered New Secret Attack Campaign Targeting Military Contractor Companies *

World's Leading Business Media Brand Fast Company Hacked by Attackers *

New Chaos Malware Launches DDoS Attacks on Windows and Linux Devices *

The Internal Revenue Service Warned American about Huge Rise in Smishing Attacks *

Cybercriminals Distributing macOS Malware via Lucrative Job Offers Impersonating Crypto.com *

Optus Suffers a Breach Leading to Release of 10,200 Customer Records *

NullMixer Malware Distributed via Malicious Websites Mimicking Cracked Software *

Hackers Distributing Graphite Malware Using New Code Execution Technique *

New Info-stealing Malware Erbium Target Popular Video Games Via Fake Cracks and Cheats *

Tibetan Entities Targeted by Chinese Hacker using New LOWZERO Backdoor *

WhatsApp Patched 2 Major Zero-Day Bugs that Affect Both iOS and Android Versions *

Researchers Found 'Scylla' Ad-fraud Campaign on Google Play Store and Apple Store *

An Attack Targeting Universities, Telcos, and ISPs is Discovered by Researchers *

Android Users Targeted with Info-stealing Malware Via Fake Indian Banking Rewards Apps *

Several npm Packages Published by Crypto Exchanges have been Compromised *

Microsoft Patched Spoofing Vulnerability in Microsoft Endpoint Configuration Manager *

Microsoft SQL Servers Targeted in New TargetCompany Ransomware Attacks *

A New RCE Firewall Bug Exploited by Attackers in Sophos Firewall; Hotfix Available *

A Worldwide Outage Affects YouTube Live Streams *

GitHub Users Targeted with New Phishing Campaign *

Threat Actors Actively Exploiting Critical Magento Vulnerability *

Threat Actor Hacked Microsoft Exchange Servers to Spread Phishing Campaign *

CISA adds Critical ManageEngine RCE Bug to its Known Exploited Vulnerabilities Catalog *

Threat Actors Using LinkedIn Smart Links to Evade Detection in Phishing Campaign *

Over 39,000 Unauthenticated Redis Servers are Exposed to the Internet *

CISA Warns of Multiple Vulnerabilities Detected in the Dataprobe's Power Distribution Units *

15-year Old Python Vulnerability Affects more than 350,000 Open-source Repositories *

Oracle Addressed a Critical Vulnerability in its Cloud Infrastructure *

Hackers Steal $162 Million Worth of Digital Assets from Crypto Trading Firm Wintermute *

Attackers Hacked 2K Game's Support Platform to Infect Players with Malware *

Security Company Imperva Stopped a Long-lasting 25.3 Billion Request DDoS Attack *

Hive Ransomware Claimed Responsibility for Cyberattack on New York Racing Association *

Attack on Financial Technology Company Revolut Exposes 50,000 Users' Data *

Microsoft and VMware Alert on Chromeloader Malware Campaign *

U.S. Government Agencies Targeted with Better-Crafted Lures in Phishing Attacks *

American Airlines Suffered a Data Breach Exposing Employee and Customer Data *

Uber Accuses Contractor for Breach, Claims Lapsus$ Threat Group Behind the Cyberattack *

LastPass's Development Systems were Accessed for Four Days in a Data Breach *

Hacker Claims to have Stolen GTA 5 and 6 Source Code and Assets *

Security Researchers Found New Attacks of Notorious Hacking Group TeamTNT *

North Korean Attackers Targeted Media Companies with Malicious PuTTY SSH Client *

BlackCat and Quantum Ransomware Groups Using Emotet Malware to Deploy Payloads *

A Ransomware Attack Results in a Data Breach at New York Ambulance Service *

A Hacker Sells the Personal Information of 219,000 Starbucks Customers in Singapore *

Organizations Must Patch Stuxnet Vulnerabilities, Says CISA *

Uber's Internal Systems Breached Exposing Vulnerabilities Reports *

Threat Actors Distributing New Malware Bundle via YouTube *

Akamai Mitigates Another Record-Breaking DDoS Attack in Europe *

Hive Ransomware Takes Responsibility for the Attack Against Bell Technical Solutions *

Phishing Campaign Targeting Greek Taxpayers to Steal Victims' Passwords *

Scammers Using Queen’s Death to Steal Users' Microsoft Credentials in Phishing Attacks *

Lenovo Addressed Several BIOS Vulnerabilities in September 2022 Security Updates *

FBI Warns on Hackers Targeting Healthcare Payment Processors *

Hackers Target Nuclear and Genome Researchers Via Multi-Persona Impersonation Phishing Technique *

Hackers Compromise Software Provider Magento's in a Supply Chain Attack *

Cyber Espionage Attacks Targeting Asian Governments and Organizations *

WPGateway Zero-Day Vulnerability Actively Exploited in the Wild *

Apex One RCE Vulnerability is Actively Exploited, Warns Trend Micro *

Microsoft Patch Tuesday Security Advisory - September 2022 *

Lorenz Ransomware Gang Exploiting Mitel MiVoice VOIP Appliance Vulnerability *

Hacktivist Gang GhostSec Claims Responsibility for Compromising 55 Berghof PLCs in Israel *

Researchers Discovered New Android Banking Trojan 'Zanubis' Targeting Peru Banks *

Steam Community User Accounts are being Stolen Via New Browser-in-the-Browser Attacks *

Apple Addressed Actively Exploited Zero-Day Vulnerability in its Security Updates *

American Rental Company U-Haul Confirms Data Breach, Exposed Customers' Driving License Information *

Ransomware Developers Adopting a New Encryption Technique to Evade Detection *

Six High-Severity HP Firmware Vulnerabilities Left Unpatched For Over a Year *

Admins are Urged to Patch a High-Severity Vulnerability in ConnectWise Automate Tool *

The Lampion Malware Abusing File Sharing Service WeTransfer in Phishing Attacks *

Albania Hit by Another Cyberattack, Blamed on Iran *

5 Million Attacks Blocked Targeting Zero-Day in BackupBuddy WordPress Plugin *

Bumblebee Malware Now Using New Stealthy Infection Technique *

New Attack Technique GIFShell Used to Create Reverse Shell Using Microsoft Teams GIFs *

North Korean APT Group Lazarus Targets U.S. Energy Sector *

Iranian Threat Group DEV-0270 Abusing BitLocker Feature to Encrypt Windows Systems *

The Armed Forces General Staff Agency of Portugal Suffers a Cyberattack *

Threat Actors Found Utilizing PowerShell Empire After Initial Compromise *

New Moisha Ransomware Actively Targeting Several Organizations *

Attackers Hacked 200,000 The North Face Accounts in Credential Stuffing Attack *

Threat Group APT42 Distributing a Custom Android Spyware via SMS Phishing Campaigns *

Cisco Refuses to Patch Zero-Day Vulnerability in EoL Routers *

HP Patches a High Severity Flaw in its Support Assistant Tool *

New Linux Malware Shikitega Evade Detection Via Multi-Stage Deployment *

Ransomware Attack Hits Second Largest U.S. School District Los Angeles Unified *

Mirai Variant Moobot Botnet Targeting Vulnerable D-Link Routers *

InterContinental Hotels Group Hit by Cyberattack Disrupts IT Systems *

Zyxel Addressed a New Critical RCE Vulnerability in NAS Firmware Security Updates *

Ransomware Attackers Abusing Genshin Impact Game's Anti-Cheat Driver to Kill Antivirus *

EvilProxy Phishing Toolkit Allows Hackers to Steal Authentication Tokens to Bypass MFA *

TikTok Denies Security Breach Claims, Stating the Leaked Data is Unrelated *

QNAP Fixes a Photo Station Zero-Day Vulnerability Leveraged in Deadbolt Ransomware Attacks *

Italy’s Energy Sector Hit by BlackCat Ransomware Group *

NFL's San Francisco 49ers Confirms Data Breach; Information of 20K People Stolen *

French Clothing Store, Damart Hit by Hive Ransomware; $2 Million Ransom Demanded *

The SharkBot Malware Strikes Back to Steal Login Credentials *

Threat Actors Stole Victim Data with Prynt Stealer's Backdoor *

Internal Revenue Service Accidentally Leaked Personal Information of 120,000 Taxpayers *

Google Chrome Emergency Update Patches New Zero-Day Vulnerability *

Chilean Government Agency Hit by a New Ransomware Attack *

New Instagram Phishing Campaign Targets Thousands of Accounts Via Blue-Badge Offer *

Over 1,000 iOS Applications Detected Exposing AWS Credentials *

Famous Social Media Platform Twitter Suffers Outage, Thousands of Users Reported Connection Problems *

Ragnar Locker Ransomware Gang Claims Cyberattack Against TAP Air Portugal Airline *

Malicious Google Chrome Web Browser Extensions were Downloaded by 1.4 Million Users *

A TikTok Android App Vulnerability Enable Hackers to Hijack Accounts *

New Bug in Google Chrome Lets Websites Write to Clipboard Without User Approval *

Apple Fixed an Actively Exploited iOS Zero-Day Vulnerability in Older iPhone Models *

Microsoft Azure Outage Knocks Ubuntu Virtual Machines Offline Globally *

Russian Streaming Platform START Discloses Data Breach *

Threat Actors Hide Malware in the Images of the James Webb Telescope *

Chinese Threat Actors Actively Targeting Australian Government Via ScanBox Malware *

New Golang-based 'Agenda' Ransomware Targeting Healthcare and Education Entities *

Vodafone Idea Denies Data Breach Exposing Call Data of 20 Million Customers *

Baker & Taylor the Largest Library Solution Distribution Firm Hit by Ransomware Attack *

2.5 Million U.S Students Loan Accounts Details Exposed in Nelnet Data Breach *

Akasa Air's Data Breach Exposes Passengers' Personal Information *

Russian Attackers Employing New Malware to Hijack ADFS *

Iranian Hackers Leveraging Log4j 2 Vulnerabilities in Attacks Against Israeli Entities *

CISA Added 10 New Actively Exploited Vulnerabilities to its Catalog *

Threat Actors Exfiltrated LastPass Source Code Using a Compromised Developer Account *

The DoorDash Service Reveals a New Data Breach Linked to Twilio Hack *

Threat Actors Using the Fake "Cthulhu World" P2E Project to Spread Malware that Steals Data *

A Critical RCE Vulnerability Discovered in Atlassian Bitbucket Server *

A Database Leak in India Exposed Federal Police and Banking Records *

Researchers Identified that Over 130 Entities Hit by Okta Phishing Attack *

Canadian Manufacturing Company Bombardier Recreational Products (BRP) Hit by Cyberattack *

Phishing Campaign Targets PyPI Maintainers Leading to Hijacking of PyPI Packages *

Cisco Fixes Two High Severity Vulnerabilities Affecting its Nexus-Series Business Switches *

Mozilla Fixes Several Vulnerabilities in Firefox and Thunderbird Products *

New Evil PLC Attack Weaponizes PLCs to Hack OT and Enterprise Networks *

Researchers Found New BEC Campaign Using MITM Attack to Monitor Microsoft 365 Accounts *

Plex Alerts Users to Reset Passwords After Detecting a Data Breach *

IBM Fixes High-Severity Vulnerabilities in its MQ Messaging Middleware *

Dominican Republic's Government Agency Suffers Quantum Ransomware Attack *

Researchers Reveal 8-Year-Old Vulnerability DirtyCred Found in Linux Kernel *

Google Researchers Identified Iranian Hackers Using a New Tool to Steal Victims’ Email Data *

France Hospital Hit by a Ransomware Attack Demanded $10 Million Dollar Ransom *

Attackers Targeted Hotel and Travel Firms Via Phishing Campaigns *

Greek Natural Gas Operator DESFA Hit by Cyberattack *

GitLab Patches a Critical RCE Vulnerability Impacting its Community and Enterprise Edition *

Researchers Find RTLS Systems Vulnerable to MiTM Attacks and Location Tampering *

Scammers used Compromised PayPal Account to send Phishing Invoice Mail to PayPal Users *

Novant Health Disclosed Data Breach; Impacts 1.3 Million Patient Records *

Researchers Discovered New 'Escanor' Malware Weaponized in Microsoft Office and Adobe PDF Documents *

Grandoreiro Banking Malware Spotted Targeting Spanish and Mexican Manufacturer Employees *

CISA Warned About a Critical SAP Vulnerability Exploited in the Wild *

Researchers Detected 241 NPM and Python Packages Drop Cryptominers on Linux Systems *

Attackers Infecting Vulnerable WordPress Websites to Deliver RAT and Trojan Malware *

FBI Alert: Attackers Using Proxy and Configurations in Credential Stuffing Attacks *

Attackers Compromised General Bytes Bitcoin ATM Servers Using a Zero-Day Flaw *

Chinese APT41 Group Targeted 13 Entities Worldwide in 2021 *

Amazon Fixes a High-Severity Flaw in its Ring Application *

Cozy Bear Attackers Actively Targeting Microsoft 365 Users *

Researchers Describe Evasive DarkTortilla Crypter Used to Deliver Malware *

Threat Actors Employing Bumblebee Malware Loader to Compromise Active Directory *

Cisco Fixes a High Severity Vulnerability in Secure Web Appliance *

Google Blocked the Largest HTTPS DDoS Attack of All Time *

A New MailChimp Data Breach Exposing DigitalOcean Customers' Email Addresses *

North Korean Attackers Infecting Job Seekers with macOS Malware *

Malicious Browser Extensions Downloaded by More than 7 Million People Since 2020 *

Google Released Security Update to Address a Zero-Day Flaw in Chrome Browser *

Apple Patches Two Actively Exploited Vulnerabilities in iPhone, iPad, and macOS Security Updates *

Clop Ransomware Gang Breaches UK Water Supply Company But Misattributes the Victim *

BharatPay Suffers Data Breach Exposing 37,000 Users’ Personal and Transaction Details Online *

Hacker Loots 20,000 Items Worth $6 Million from CS:GO Trading Site *

Researchers Detected AEPIC Leak and SQUIP Bugs in Intel and AMD Processors *

Twilio Data Breach Exposed Phone Numbers of 1,900 Signal Users *

Behavioral Health Group Notifies Customers of Data Breach Affecting 198K Patients *

Malicious PyPi Packages Targeting Counter-Strike Servers with DDOS Attacks *

Argentina's Judiciary of Cordoba Suffers Play Ransomware Attack *

Security Researchers Disclosed a Security Flaw in Microsoft Signed UEFI Boot Loaders *

A New SOVA Malware Variant Now Encrypts Android Files *

Realtek eCos SDK Vulnerability Expose Multiple Routers to Remote Attacks *

CISA and FBI Alerts on Zeppelin Ransomware Attacks *

VLC Media Player Banned in India, Website and Download Link Blocked *

A Malicious MiMi Chat App Drops New Backdoor rshell on Mac, Linux Systems *

Researchers Detected Security Flaws in Xiaomi Smartphones Powered by MediaTek Chips *

Scammers Abusing Google Sites and Microsoft Azure Web App to Steal Cryptocurrency Wallets *

Zimbra Authentication Bypass Vulnerability Actively Exploited to Breach Over 1000 Email Servers *

Security Researchers Identified Critical Bugs in Device42 IT Asset Management Platform *

A Threat Actor Employs a New RAT Malware in Cuba Ransomware Operation *

Cisco Confirms Yanluowang Ransomware Group Breached its Network in May,2022 *

Cybersecurity Firm Detects Vulnerabilities in Indian Insurance Company Policybazaar *

Cisco Patched a Vulnerability which Allowed to Steal RSA Private Keys on ASA, FTD Devices *

Microsoft Linked Service Outage to Cisco Meraki Firewall's IDR False Positive Alert *

Palo Alto Networks Fixed a Security Vulnerability Detected in PAN-OS Firewall Configuration *

IBM Fixes Several Vulnerabilities in Cloud, Voice, Other Security Products *

CheckPoint Researchers Discovered Ten Malicious Python Packages Steal Developer's Credentials *

CISA Alerts Administrators on Windows and UnRAR Vulnerabilities Exploited in the Wild *

Cloudflare Also Hit by Threat Actors Responsible for Twilio Data Breach *

New Android Spyware 'Dracarys' is Distributed via Fake Signal Messaging App *

Microsoft Patch Tuesday Security Advisory - August 2022 *

Chinese Attackers Employed a New Malware to Backdoor Government and Defense Organizations *

Cloud Communications Company Twilio Discloses a Data Breach *

New Orchard Botnet Utilized Bitcoin Founder’s Account Information to Create Malicious Domains *

Email Marketing Firm Klaviyo Suffers a Data Breach *

Multinational Retail Company 7-Eleven Suffers a Cyberattack Forced to Close All Stores in Denmark *

Threat Actors Abused Hostinger’s Preview Domain Feature in Phishing Attacks *

F5 Addressed 21 Vulnerabilities in its Quarterly Security Updates *

North Korean Attackers Impersonating World's Largest Cryptocurrency Firm Coinbase to Target Fintech Industry *

Hackers Abused Snapchat and American Express Websites in Phishing Attacks *

A New Ransomware 'GwisinLocker' Encrypts Vulnerable ESXi Servers *

Slack Resets Users Passwords After a Bug Exposed Hashed Passwords *

Akamai Reports Largest Ever DDoS Attack, with 659.6 Million Packets per Second *

Cyberattack on UK Managed Service Provider Causes NHS Outage *

A Zero-Day Bug Exposes 5.4 Million Twitter Accounts *

The Association of German Chambers of Industry and Commerce (DIHK) Hit by a Cyberattack *

Over 280 Million Indian Citizens' Sensitive Data Exposed Online *

CISA Urges Users to Patch Vulnerable Zimbra Email Suites *

Community Healthcare "First Choice" Impacted by a Data Breach *

New Phishing Campaign Targeting Microsoft Email Services to Launch BEC Attacks *

Researchers Detected a Critical Vulnerability Affects 29 Models of DrayTek Vigor Routers *

Vulnerability in WordPress's Download Manager Plugin Hosted on Over 100,000 Sites has been Fixed *

Researchers Detected a New 'ParseThru' Flaw Impacts Golang-Based Applications *

NVIDIA fixed several Security Flaws in GeForce Security Update *

Google Addressed Multiple Security Vulnerabilities in Chrome Browser Updates *

Cisco Patches Critical Security Vulnerabilities in its VPN Routers *

CERT-In Identifies High Severity Vulnerabilities in Mac, iPhone, iPad, ChromeOS and Firefox Browser *

Attackers Stolen Wiseasy’s Employee Passwords to Access Nearly 140,000 Wiseasy Payment Terminals *

VMware Fixed a Critical Authentication Bypass Vulnerability Affecting its Multiple Products *

Taiwanese Websites Suffers DDoS Attacks Ahead of House Speaker Nancy Pelosi's Visit *

Google Released its Android OS Security Bulletin August 2022 *

A Major German Semiconductor Manufacturer Semikron Suffers Ransomware Attack *

Vulnerable GitHub Actions Workflow Allows Command Execution *

Over 3,200 Apps Leak Twitter API Keys Allow Hackers to Hijack Users' Twitter Accounts *

Security Researchers Detected a Directory Traversal Arbitrary File Deletion Flaw in CompleteFTP Software *

Cybersecurity Firm Halborn Warns of New MetaMask Phishing Campaign *

Microsoft Notifies About Outlook Crashing When Reading Uber Receipt Mails *

European Natural Gas Pipeline Operator 'Creos Luxembourg' Hit by BlackCat Ransomware Attack *

Subzero Malware Exploiting Windows and Adobe Vulnerabilities *

North Korean Threat Actor Deploying Malicious Browser Extensions to Spy on Email Accounts *

A Security Researcher Detected XSS Bugs in Google Cloud, DevSite, and Google Play *

LockBit Ransomware Hackers Abusing Windows Defender to Side-Load Cobalt Strike *

Researchers Discovered Giant Network of 11,000 Fake Investment Sites Targeting Europe *

OneTouchPoint Suffers a Data Breach Affecting 30 Healthcare Entities *

Android Adware Apps are being promoted by Facebook Ads *

Federal Communications Commission warned Americans about increasing Smishing Attacks *

Malicious Android Apps are Dropping Banking Malware on User Devices via Google Play Store *

LibreOffice addresses Multiple Security Vulnerabilities *

Microsoft 365 Suffers an Outage Impacting North American Admin Center *

Threat Actors Using Hacked Microsoft SQL Servers as Proxies to Steal Bandwidth *

Hackers Stealing Discord Users’ Payment Card Info Using Malicious npm Packages *

Cloud Services Have Been Disabled by a Kansas MSP to Fend Off Cyberattack *

Hackers Exploiting Nuki Smart Lock Vulnerabilities to Open Doors *

New ‘Robin Banks’ Phishing Service Targeting Customers of Financial Organizations *

Threat Actors Hacking Microsoft Exchange Servers with IIS Backdoors *

New Phishing Campaign ‘Ducktail' Aimed at Professionals on LinkedIn *

Hackers Employ Malware and Adware to Infect 28 Google Play Store Apps *

Threat Actors Hack Blockchain Music Platform 'Audius'; $6 million Stolen *

Hackers Employing WebAssembly-Coded Cryptominers to Avoid Detection *

New Version of Amadey Malware Distributed in SmokeLoader Campaign Via Software Cracks *

Hackers Leveraging GoMet Backdoor to Target an Ukrainian Software Company *

FileWave MDM Vulnerabilities Expose 1,000 Organizations to Remote Attacks *

Researchers Found CosmicStrand UEFI Malware in Gigabyte and ASUS Motherboards *

A Zero-Day Vulnerability in PrestaShop is Being Actively Exploited to Steal Customer's Payment Information *

Policybazaar Confirms a Network Breach in its IT Systems *

Atlassian Fixed Critical Bug Enables Hackers to login Unpatched Confluence and Data Center Servers *

Attackers Using DLL Side-Loading Technique to Drop QBot Malware on User Systems *

Zyxel Releases Security Patches to Fix Vulnerabilities in its Firewall Products *

Fraudsters Targeting Punjab State Power Corporation Limited (PSPCL) Consumers in New Online Scam *

A Threat Actor 'Devil' claimed to have stolen Account Data of 5.4 million Twitter Users *

Russian Attackers Breach Ukrainian Media Company TAVR Media to Spread Fake News About President Volodymyr Zelenskiy *

Konni RAT Malware is Used by North Korean Hackers to Attack European Nations *

SonicWall Immediately Patches a Critical SQL Injection Vulnerability *

Hackers Employing New ‘Lightning Framework’ Linux Malware to Install Backdoors and Rootkits *

Hackers Leveraged High-Severity Google Chrome Bug to Infect Journalists *

Cryptomining Group '8220 Gang' targeting Linux and Cloud Application Vulnerabilities *

Rouge ‘YouTube’ Google Advertisement Redirect Users to Windows Support Scams *

Oracle Addresses 349 New Security Vulnerabilities in its July 2022 Critical Patch Update *

Apple Addressed Multiple Security Vulnerabilities in its All Devices *

A New CloudMensis Spyware Targeting Apple macOS Users *

A New Cryptocurrency Scam Swindle Users Via Fake Nvidia Giveaway *

Russian SVR Attackers Employing Google Drive Cloud Services to Evade Detection *

Belgium Claims Chinese Threat Groups Targeting its Ministry of Defense and Interior Ministries *

Attackers Steal 50,000 Payment Card Details from 300 U.S. Restaurants in Web-Skimming Campaigns *

German-Based Giant Building Materials Producer Knauf Hit by Black Basta Ransomware Attack *

FBI Alerts of Fraudulent Cryptocurrency Apps used to trick U.S. Investors *

Flipkart owned Cleartrip Suffers Data Breach *

Albania Government Hit by a Massive Cyberattack Forced to Shut Down Websites and Online Services *

Windows Network File System Vulnerability Leads to Arbitrary Code Execution *

The Infamous Pegasus Spyware Infected Thailand Pro-Democracy Activists' Smartphones *

Threat Actors Comproised Popular Premint NFT Website and Stolen Nearly $375k Worth of NFTs *

Israel's Health Ministry Website Hit by a Cyberattack Prevented Access to Users from Abroad *

Microsoft 365 Service Outage Impacts Outlook and Exchange Online *

The Qakbot Trojan Malware Increased its Infection Rate with New Techniques *

Juniper Fixes Critical Vulnerabilities in Junos OS and Contrail Networking Products *

Attackers Spoofing GitHub Commit Metadata to Mask Malicious GitHub Repositories *

Colorado Springs Utilities Issued Warning to Customers After Identifying a Data Breach *

Researchers Detected a New Netwrix Auditor Flaw which Enables Hackers to Compromise Active Directory Environment *

Researchers Disclose Use-after-free Condition in Google Chrome WebGPU *

Threat Actors Using Digium Phone Software To Actively Exploit VoIP Servers *

Threat Actors Actively Exploiting Modern WPBakery Page Builder Addons Vulnerability *

Threat Actors Targeting Industrial Operators Using Trojan Horse Malware and Password Cracking Ecosystem *

DDoS Attacks by the Mantis Botnet Hit Hundreds of Cloudflare Users *

Microsoft Attributed Holy Ghost Ransomware Operation to North Korean Attackers *

Pakistani Hackers Targeting Indian Students in a New Spear-Phishing Email Campaign *

Hackers Targeting PayPal Users Using Phishing Kit Installed on Hacked WordPress Sites *

Nation-State Hacking Groups Targeting Journalists in Espionage and Malware Campaign *

New Retbleed Speculative Execution Attacks Impacts Intel and AMD Processors *

Famous Social Media Site, Twitter Suffers Outage; Prevented Users from Posting Tweets *

SAP Fixed Multiple Security Vulnerabilities in its July 2022 Security Patch Day *

Lenovo Fixes Three UEFI Firmware Security Flaws Impacting more than 70 Product Models *

Bandai Namco Confirmed the Cyberattack and Investigating Data Leak *

Lithuanian Energy Company 'Ignitis Group' Hit by DDOS Attack *

Researcher Detected a New Android Malware 'Autolycos' on Google Play Store, Downloaded 3 Million Times *

Uniswap Lost $8 Million Worth of Ethereum Crypto in Large-Scale Phishing Attack *

Microsoft Uncovered the Exploit Code for macOS Sandbox Escape Vulnerability *

New Data Extortion Group 'Luna Moth' Breaching Organizations Via Fake Subscription Renewals *

Microsoft Detected AiTM Phishing Campaign Targeting Over 10,000 Entities Since 2021 *

Malaysia and Indonesia Hackers Launch Cyber War Against Indian Entities Due to Nupur Sharma's Controversial Comments *

The New York Department of Motor Vehicles (DMV) Warned of Smishing Attacks *

Siemens and Schneider Electric Addressed Several Flaws in its ICS Products *

VMware Fixes Eight-Month-Old High Severity Vulnerability in vCenter Server *

CISA Urges Federal Agencies to patch the new Windows High-Severity Vulnerability *

Adobe Fixes Critical Vulnerabilities in its Acrobat, Reader, Photoshop Products *

Microsoft Patch Tuesday Security Advisory - July 2022 *

North Korean Hackers Stole $620 Million from Axie Infinity in Spear-Phishing Attack *

India’s Central Public Works Department (CPWD) Experiencing Targeted Cyberattacks Across its Offices *

Scammers Started Phishing Campaign Targeting Amazon Prime Day-Shoppers *

Attackers Leveraging Azure VMs and GitHub Actions for Cloud-Based Cryptocurrency Mining *

A Rolling-PWN Vulnerability Enables Attackers to Start Honda Vehicle Remotely *

Hackers Disguise as Cybersecurity Companies to Trick Victims into Installing Malware *

Attackers Compromised Goa’s Water Resource Department (WRD) Server and Demanded Cryptocurrency as Ransom *

New 0mega Ransomware Gang Targeting Organizations in Double-Extortion Attacks *

A New Phishing Campaign Leveraging Follina Vulnerability to Deploy Rozena Backdoor *

Hackers Targeting Russian Users by Employing a Malicious Browser Extension *

Cisco Fixes a Critical Vulnerability in its Enterprise Communication Solutions *

Fortinet Addressed Several Security Vulnerabilities in its Multiple Products *

Mangatoon Data Breach Exposed 23 Million Accounts Information *

Microsoft Patched a Flaw Crashing Office Apps While Opening with Cloud Documents *

A Canadian Communications Firm Rogers Suffers Massive Outage Affecting Mobile Service *

New Stealthy OrBit Malware Harvesting Information from Linux Systems *

Hackers Sending Fake Copyright Complaint Emails to Deploy IcedID Banking Malware *

Hackers can Exploit Online Programming Learning Websites to Launch Remote Cyberattacks *

CuteBoi Threat Group Deploys Over 1,200 NPM Malicious Packages in Large-Scale Cryptomining Campaign *

Checkmate Ransomware Attacks Targeting QNAP NAS Devices Exposed to Internet *

Hacking and Ransomware Groups Switch from Cobalt Strike to Brute Ratel Post-Exploitation Toolkit *

Bitter APT Threat Group Still Targeting Bangladesh Military Entities *

Federal Agencies Alerted on Maui Ransomware Attacks Targeting Healthcare Entities *

OpenSSL Patches a High Severity Vulnerability in Cryptographic Library *

North American Giant IT Service Provider 'SHI' Hit by a Potential Malware Attack *

Marriott Hotels Suffers a Data Breach that Exposed 20 GB of Guests Information *

USA Professional Finance Company Suffers Data Breach Affecting Patients of 650 Healthcare Providers *

Microsoft Silently Patches the ShadowCoerce Windows NTLM Relay Vulnerability *

NPM Supply Chain Attack Employed Typosquatting Technique to Launch Supply Chain Attack *

New RedAlert Ransomware Gang Targeting Windows and Linux VMware ESXi Servers *

UK Army's YouTube and Twitter Account Hacked to Promote Crypto Scams *

Google Patches An Actively Exploited New Chrome Zero-Day Vulnerability *

Django Patches A High Severity SQL Injection Vulnerability in its New Release *

One Billion Chinese Citizens' Stolen Data is Being Sold by Hackers for Bitcoins *

Jenkins Revealed Several Zero-Day Vulnerabilities in its Multiple Plugins *

Several Flaws in Brocade SANnav Storage Area Network (SAN) Affects Multiple Major Entities *

Evilnum APT Group Makes Comeback with Updated TTPs, Targeting Fintech Entities *

Microsoft Warns of Raspberry Robin Worm Infecting Hundreds of Windows Networks Via Infected USB Drives *

A Cyberattack Over Geographical Solutions Inc. (GSI) Disrupted Unemployment Services Across the United States *

Hackers Sent Fake Suspension Notices to Verified Twitter Accounts *

Google Alerts Users about Slice Payments App which Steals Photos, Audio Records, and Call Histories *

RCE Exploit Discovered in Zoho Manage Engine AD Audit Plus Bug *

A XFiles Info-Stealing Malware Now Leveraging Follina Vulnerability in Cyberattacks *

Toll Fraud Malware Targets Android Devices by Automatically Subscribing to Premium Services *

NFT Giant OpenSea Reports Data Breach and Warned Users of Phishing Attacks *

Macmillan Publishers Suffers a Ransomware Attack; Forced to Shut Down Network *

Norway's Government Websites Suffers Multiple DDoS Attacks *

Attackers Employing New Stealthy Malware to Backdoor Microsoft Exchange Servers Worldwide *

A New Info-Stealer 'YTStealer' Targets YouTube Content Creators to Steal Authentication Tokens *

MITRE Published Top 25 Most Dangerous Software Bugs List of 2022 *

Walmart Denies Yanluowang Ransomware Attack *

CISA Urged Administrators to Patch High-Severity Linux PwnKit Vulnerability *

Microsoft Patches Azure FabricScape Vulnerability Enable Hackers to Hijack Vulnerable Linux Clusters *

Amazon Patches High Severity Security Flaw in its Android Photos Application *

A Famous Raccoon Stealer Malware Returned With New Malicious Capabilities *

Researchers Found Over 900,000 Internet-Exposed Kubernetes Instances Vulnerable to Data-Exposing Cyberattacks *

Hackers Reused Same Compromised Account Credentials of Zola Website to Gain Access to User Accounts *

Threat Actors Installing New 'ZuoRAT' Malware on Unpatched SOHO Routers *

Microsoft Released Windows 10 KB5014666 Cumulative Update Include Several Bugs Fixes and New Printing Features *

American Famous Semiconductor Company AMD Investigating RansomHouse Data Theft Claims *

Unknown Threat Actor Installed Credit Card Skimmers on Bank of the West's ATMs *

A New Android Banking Malware 'Revive' Masquerades BBVA Bank’s 2FA Application *

Chinese APT Group Compromising Building Automation Systems by Leveraging Microsoft ProxyLogon Vulnerability *

The National Institute of Standards and Technology (NIST) Issues New Guidance on Securing macOS Systems *

A Cyberattack Hit Iran’s Major Steel Companies and Forced to Stop Factory Production *

The Vice Society Ransomware Group Claims Responsibility of Attack on Medical University of Innsbruck *

A New Phishing Technique Uses Microsoft WebView2 Apps to Bypass Multi-Factor Authentication *

LockBit Ransomware Gang Infecting Users Via Fake Copyright Violation Emails *

U.S. Federal Trade Commission Warns on Extortionists Targeting LGBTQ+ Community *

Microsoft Downplays High Severity Vulnerabilities in Edge Web Browser, Affecting Over 150 Million Users *

Fast Shop, a Brazilian Retailer, Disclosed a Cyberattack Involving Extortion *

Cybercriminals leveraging Mitel Zero Day to Launch Suspected Ransomware Attack *

Malicious PyPi Python Packages Sending stolen AWS keys to Unsecured Websites *

A Japan Based Automotive Fabrics Distributor TB Kawashima Confirmed on a Cyberattack *

ISGEC Heavy Engineering Limited data is Encrypted by Hackers and They Demand Bitcoin to Decrypt It *

Automotive Hose Maker Nichirin's USA Based Subsidiary Suffers Ransomware Attack *

CISA Warns on Threat Actors Leveraging Log4Shell Vulnerability to Hack VMware Servers *

New Quantum Builder Enable Attackers to Easily Launch Malicious Windows 'LNK' Attacks *

A New Phishing Campaign Targeting Microsoft 365 Users to Steal MetaMask Recovery Phrases *

Vulnerable QNAP NAS Devices are Targeted by DeadBolt Ransomware Attacks *

Italian Spyware Vendor Infects Android and iOS Users with help of Internet Service Providers *

SMA Technologies’ Critical OpCon UNIX Agent Vulnerability Receives A Patch *

Chinese Hacking Group Disguising Cyber Espionage Operation as Ransomware Attacks *

Lithuanian NCSC Warned of an Increase in DDoS Attacks on Government Websites *

Google Fixed 14 Vulnerabilities with the release of Chrome 103 Version *

Chinese Hackers Distributing 'Nimbda' Loader Bundled in 'SMS Bomber' Tool to Install Info-Stealer Trojan Payload *

MEGA Patches Several Critical Vulnerabilities in Encryption Algorithm *

Cloudflare Suffers Massive Outage Caused by Network Configuration Error *

Icefall 56 Vulnerabilities are affecting Operational Technology Devices used in Various Industries *

New APT Group ToddyCat Targets Microsoft Exchange Servers *

Yodel Parcel Company Suffers Cyberattack Disrupting Delivery Services *

Microsoft 365 Service Outage Impacts Microsoft Exchange Online and Teams *

A New Phishing Campaign Steals Microsoft 365 Credentials Via Fake Voicemails *

New DFSCoerce NTLM Relay Attack Enables Attackers to Take Control Over Windows Domain *

RobertHalf, Global HR Firm Warns Users About Credential Stuffing Attack *

Android Banking Trojan BRATA Now Evolving Into Advance Persistence Threat *

A New Surge in ECh0raix Ransomware Attacks Detected Targeting QNAP NAS Devices *

Hackers Dropping Malicious Cobalt Strike Beacons in a New Phishing Campaign *

Cisco Confirmed on not Patching RCE Flaw in Obsolete VPN Routers *

A New 'MaliBot' Android Banking Malware Distributing as Crypto-Mining or Chrome Browser Application *

Researchers Identified Dozen of Flaws in Industrial Network Management System of Siemens *

The United States Department of Justice Dismantled Russian RSocks Botnet Infrastructure *

A Vulnerability in Cisco Appliances Allows Hackers to Bypass Authentication *

WordPress Force-Updated Ninja Forms Plugin Patch on Millions of Websites *

Chinese Hackers Exploited Sophos Firewall Zero-day Bug Weeks Before Official Patch Release *

Africa's Largest Supermarket 'Shoprite Holdings' Hit by Ransomware Attack *

Citrix Fixed Critical ADM Vulnerability in its Security Updates *

New Peer-to-Peer Panchan Botnet Compromised Several Linux Servers in Education Sector *

Public Travis CI API Logs Exposed Thousands of GitHub, AWS, Docker Tokens *

A New Side-Channel Attack 'Hertzbleed' Affects Intel and AMD Processors *

Cloudflare Detects and Mitigates Largest HTTPS DDoS Attack *

Microsoft Fixed Actively Exploited Windows MSDT Zero-Day Vulnerability in its June 2022 Security Updates *

ALPHV Ransomware Group Created a New Technique for Extortion *

Unknown Threat Group Hacked Over 500 Indian Websites, Demanding an Apology to Muslims All Over the World *

Android Adware and Info-stealing Malware Downloaded Over Two Million Times on Google Play Store *

Nonprofit Health Care Company Kaiser Permanente Confirms on Data Breach, Affected Over 69,000 Individuals *

Microsoft Patch Tuesday Security Advisory - June 2022 *

Gallium Hackers Targeting Financial and Government Organizations Using New 'PingPull' Malware *

Attackers Deploying BlackCat Ransomware on Compromised Microsoft Exchange Servers *

Threat Actors Employing a New Linux Rootkit Malware ‘Syslogk’ in Cyberattacks *

A Stealthy Linux Malware 'Symbiote' Targeting Latin American Financial Entities *

Malicious PyPI Package ‘keep’ Contains Password Stealer Due to Typographical Error *

Hello XD Ransomware Group Now Dropping a Backdoor While Encrypting Systems *

New PACMAN Hardware Attack can Bypass Pointer Authentication (PAC) in Mac Systems *

AvosLocker and Cerber2021 Ransomware Gang Actively Targeting Unpatched Atlassian Confluence Servers *

Google Fixed Several Security Vulnerabilities in Chrome Browser Updates *

Iranian Hackers Use DNS Backdoor to Attack Energy Sector *

Hackers Distributing New Info-Stealer Malware Via Pirated CCleaner Pro Software *

Several Botnets Now Exploiting Critical Atlassian Confluence RCE Vulnerability to Deploy Cryptominers *

Researchers Identified a New Chinese-Linked APT Group Spying on Organizations for 10 Years *

The New Advanced Malware 'Symbiote' Infects All Linux Processes and Steal Account Credentials *

Threat Actors Compromised US Online Gun Shops to Steal Customers' Credit Card Details *

Emotet Malware is Now Harvesting Credit Card Information from Google Chrome Browser *

Medical Service Provider 'Shields Health Care Group' Suffers a Data Breach, Exposed Over 2,000,000 People Data *

Google Fixed Several Critical Android Flaws in June 2022 Security Updates *

Hackers Abused Facebook Messenger in Large-Scale Phishing Campaign to Steal Victims' Credentials *

Two Critical U-Boot Vulnerabilities Disclosed in Linux-Based Embedded Systems *

Black Basta Ransomware Strikes Vulnerable VMware ESXi Servers *

Threat Actors Deploying New Malware 'SVCReady' Via Phishing Campaigns *

Chinese Govt Hackers Compromise US Telecommunication Companies to Snoop on Network Traffic *

Black Basta Ransomware Group Employing QBot Malware in their Operations *

Italian City of Palermo Hit by Cyberattack, Impacting Wide Range of Operations and Services *

The LockBit Ransomware Group Claims to Infiltrate Mandiant Company's Network *

Hackers Actively Exploiting Critical Windows Zero-day Vulnerability in a Phishing Campaign *

Sensitive Data of Pharmaceutical Giant 'Novartis' Exposed in a Recent Cyberattack *

WatchDog Hacker Group Mining Crytpocurency in a Newly Launched Cryptojacking Campaign *

The Android Malware 'SMSFactory' Discreetly Subscribes Users to Premium Services *

Hackers Stolen NFTs From the Bored Ape Yacht Club Via Yuga Lab's Discord Server Hack *

GitLab Patches a Critical Account Takeover Vulnerability in its Enterprise Edition *

Malware Controlling Thousands of Sites in the Parrot TDS Network Identified by Researchers *

Chinese Threat Group LuoYu Using WinDealer Malware in Man on the Side Attacks *

Foxconn's Mexico-Based Manufacturing Unit Hit by Ransomware Attack *

Microsoft Suspended Malicious OneDrive Applications Used in Polonium's Attacks *

A New Clipminer Malware Brought its Operators $1.7 Million Via Transaction Hijacking *

Hackers Actively Exploiting New Atlassian Confluence Zero-Day Vulnerability in the Wild *

Attackers Targeted Hundreds of Unsecured Elasticsearch Databases in Ransom Attack *

SideWinder APT Group Creates Fake Android VPN App on Official Google Play Store *

RuneScape-Themed Phishing Campaign Steals Users' Account Details and In-Game Item Bank PIN *

A Zero-Day Vulnerability in Windows Microsoft Office Receives Free Unofficial Patch *

Researchers Found Over 3.6 Million MySQL Servers are Exposed to Public *

Costa Rica’s Public Health Service Network Hit by Hive Ransomware Attack *

Attackers can Hijack WhatsApp Accounts Using Call Forwarding Method *

Chinese APT Hackers Actively Exploiting New Microsoft Office RCE Vulnerability in the Wild *

A New XLoader Botnet Variant Hides its C2 Servers Using Probability Method *

Zoom Released Security Patches to Fix Four Critical Vulnerabilities in its Video Conferencing App *

Cisco Researchers Discovered Several Flaws in Open Automation Software Platform *

Hackers Leveraging a New Microsoft Office Zero-Day Flaw to Run PowerShell Commands *

Austrian Federal State Carinthia Hit by BlackCat Ransomware Gang *

Attackers Employing a New WSL-Based Malware to Steal Web Browser Cookies *

EnemyBot Malware Includes New Exploits for Critical Web Servers, Content Management Systems Vulnerabilities *

FBI: Attackers Marketing Network Access Credentials for U.S. Education Institutions in Hacking Forums *

Security Researchers Released Proof-of-Concept (PoC) Exploit for Critical VMware Flaw *

Microsoft Detected Multiple Security Vulnerabilities in Android Applications *

Threat Actors Stole Around 100,000 NPM User Account Credentials in GitHub OAuth Breach *

Zyxel Fixed Multiple Security Vulnerabilities in its Products *

Windows 11 KB5014019 Patch Affects Trend Micro UMH Driver, Breaking Ransomware Protection *

Scammers Impersonating QuickBooks Support Team in Phishing Attack *

Threat Actor Leveraging Stealthy BPFDoor Malware to Infect Linux and Solaris Systems *

Microsoft Shared Guidelines to Mitigate KrbRelayUp LPE Attacks on Windows Systems *

New Linux-Based Ransomware 'Cheers' Targeting Vulnerable VMware ESXi Servers *

Researchers Detected a Rise in ChromeLoader Malware Infection Rate, Targeting Windows and Mac Systems *

Developers Warned Users to Stop Using Tails 5.0 Linux Distributions Until Next Release *

Popular Python and PHP libraries Compromised to Steal Users' Amazon AWS Keys and Credentials *

Russian Government Agencies Targeted by Fake Windows Updates Campaign *

Researchers Discovered a New Chaos Ransomware Variant *

Trend Micro Fixed a DLL Hijacking Vulnerability in its Security Solution *

Mozilla Fixed Zero-Day Vulnerabilities in its Multiple Products *

Indian Airline SpiceJet Suffers Ransomware Attack, Impacted Flight Departures *

Hackers Targeted Security Researchers with Fake Windows PoC Exploits *

US Car Manufacturer General Motors (GM) Suffers Credential Stuffing Attack, Exposed its Customers Information *

Chinese Twisted Panda APT Group Targets Russian’s Defense Institutes in Espionage Attacks *

A New Unpatched Vulnerability in PayPal Allows Hackers to Steal Money From PayPal Users *

Microsoft Store App Issues are Fixed with Emergency Updates for Windows 10 *

Russian IoT Botnet Fronton Used to Launch Social Media Disinformation Campaigns *

Chicago Public Schools Suffers Massive Data Breach After Ransomware Attack *

Predator Spyware Actively Infecting Android Users in Zero-day Attacks *

Hackers Employing PDF Documents to Drop Snake Keylogger Malware *

Threat Actors Promoting New Cryptocurrency Scam Using Fake Elon Musk YouTube Videos *

Cisco Addressed a Zero-Day Vulnerability in IOS XR Router Software *

Vidar Malware is Distributed via Fake Windows 11 Downloads *

Malicious PyPI Package Drops Backdoors Targets Windows, Linux, and Mac OS *

North Korean Lazarus Hacking Group Leveraging Log4J Vulnerability to Infect VMware Servers *

QNAP Warned Customers on New DeadBolt Ransomware Attack *

Media Giant Nikkei’s Singapore Unit Suffers Ransomware Attack *

Microsoft Detects a Massive Rise in XorDDoS Malware Activity Targeting Linux Devices *

Most Sophisticated BlackCat Ransomware (ALPHV) Gang Targeting Various Organizations *

NVIDIA Addressed Ten Flaws in the Windows GPU Display Drivers *

Microsoft Warns About Brute-Force Attacks Targeting MSSQL Database Servers *

VMware Fixed Critical Vulnerabilities in its Multiple Products *

WordPress Fixed Critical Vulnerabilities in Jupiter Theme and JupiterX Core Plugins *

Over 200 Apps Found Distributing Facestealer Spyware Via Google Play Store *

Millions of Attacks Exploiting Vulnerable WordPress Tatsu Builder Plugin *

Multiple Third-Party Web Trackers Steal User's Entered Data Before Submitting *

CISA Alerts on Actively Exploited Spring And Zyxel Vulnerabilities *

A Custom PowerShell RAT Targeting German Users Looking for Ukraine Crisis Information *

Apple Patches a Zero-Day Vulnerability in its MacOS and Watch Devices *

Manufacturing Firm Parker-Hannifin Discloses Data Breach Post Ransomware Attack *

HTML Attachments Still Used in Phishing Emails as it Avoids Detection *

Sophos Fixes BSODs Flaw in Antivirus Driver Triggered After Windows KB5013943 Update *

CISA Warns May Windows Updates on Domain Controllers *

Fake Pixelmon NFT Site Infect Users with Password-Stealing Malware *

Attackers Promoted Fake Binance NFT Mystery Box Bots on YouTube to Install RedLine Malware *

SonicWall Patches New Vulnerabilities in its SSLVPN SMA1000 Devices *

Pro-Russian Hackers DDoS Italian Govt Sites Via “Slow HTTP” Technique *

Sysrv Botnet Variant is Now Exploiting New Vulnerabilities to Deploy Cryptomining Malware *

Massive WordPress JavaScript Injection Campaign Redirecting Visitors to Malicious Sites *

Zyxel Pacthes Critical Vulnerability in its Firewall Products *

Cobalt Mirage Attackers Using BitLocker and DiskCryptor in Ransomware Attacks *

A Stealthy BPFdoor Backdoor Targeting Linux and Solaris Systems *

FBI and CISA Warns on Supply Chain Attacks Targeting MSPs *

Bitter Hacking Group Targeting Bangladesh Government Entities via Spear-Phishing Campaigns *

HP Patches High-Severity BIOS Vulnerabilities Enabling Kernel Privileges *

Hackers Deploy a New Post-Exploitation Framework IceApple on Microsoft Exchange Servers *

Attackers Spreading Another Set of Malicious Apps Through Google Play Store *

Researchers Alerts on DCRat Backdoor Being Sold on Russian Hacking Forums *

Costa Rica Declares National Emergency Following Cyberattacks from Conti Ransomware Group *

Scammers Distributing Jester Stealer Malware in Phishing Attacks *

Microsoft Patches an Actively Exploited Windows LSA Spoofing Zero-Day Flaw *

Hackers Employing Critical F5 BIG-IP Vulnerability in Destructive Attacks *

FluBot Android Malware Aims at Finland in a New SMS Phishing Campaign *

German Automotive Industry Targeted by a Month-Long Malware Campaign *

Microsoft Patch Tuesday Security Advisory - May 2022 *

Microsoft Patches a Flaw in Azure Synapse and Azure Data Factory Pipelines *

QNAP has Fixed a Critical Vulnerability Affecting Remote Command Execution in QVR *

New Windows Worm Spreading Through Infected USB Drives *

US Agricultural Machinery Company 'AGCO' Suffers Ransomware Attack *

Google Docs Crashes at the Sight “And. And. And. And. And.” *

Attackers Hijacked Ferrari's Subdomain to Host Fake NFT Scam *

New NetDooka Malware Framework Distributed via PrivateLoader Malware Distribution Service *

Unsecured ElasticSearch Server Instance Exposed Thousands of Borrower's Data *

New Chinese Threat Group Moshen Dragon Targeting Asian Telecommunication Entities *

Security Researchers Disclose Years-Old Bugs in Avast and AVG Antivirus Solution *

Google Patches an Actively Exploited Linux Kernel Flaw in its Android Security Updates *

North Korean Hacker Group 'APT38' Linked to New Ransomware Strains *

Threat Actors Targeting Microsoft Logins from Compromised UK NHS Email Accounts *

Cisco Patches NFVIS Vulnerabilities Enabling Access to Root Privileges *

F5 Alerts Users on Critical BIG-IP RCE Vulnerability Allowing Device Takeover *

Hackers Targeting Pixiv, DeviantArt Artists to Push an Info-stealer Malware *

Pro-Ukraine Hackers Actively Exploiting Docker Images to DDoS Russian Sites *

Threat Actors Distributing Magniber Ransomware in a Fake Windows 10 Upgrade Campaign *

Over Millions of Routers and IoT Devices are Vulnerable to Unpatched DNS Vulnerability *

Aruba and Avaya Network Switches Highly Vulnerable to "TLStorm 2.0" Vulnerabilities *

Threat Actors Abusing Google’s SMTP Relay Service to Distribute Phishing Emails *

Car Rental Giant Sixt Hit by Cyberattack, Disrupting its Operations *

Threat Actors Employing Bumblebee Malware Instead of BazarLoader Malware in Cyberattacks *

Attackers Targeting Ukraine Websites from Compromised WordPress Sites in DDoS Attacks *

Synology Alerts Customers on Critical Netatalk Bugs, Affecting its Several Products *

Russian Threat Group Targeted Romanian Government Sites with DDoS Attack *

Austin Peay State University Suffers Ransomware Attack *

A YouTuber Encouraging Followers to Perform DDoS Attacks Against Russia *

Popular Social Media App Whatsapp Suffers Outage, Users Reported Connection Issues *

A NPM Flaw Enable Attackers to Add Other Developers to their Malicious Packages *

Microsoft Fixed Critical Vulnerabilities in Azure Database for PostgreSQL Flexible Server *

The RIG Exploit Kit Leverages an Internet Explorer Flaw to Spread RedLine Malware *

Chinese-Linked Threat Group 'Mustang Panda' Now Targeting Russian State Officers *

Threat Group Hive0117 Targeting Eastern European Organizations in Phishing Campaign *

QNAP Warned Customers to Disable AFP Until Critical Bugs Fixed *

Microsoft Disclosed a New 'Nimbuspwn' Vulnerability in Linux Operating System *

Threat Actors Actively Exploiting Critical VMware RCE Vulnerability to Deploy Backdoors *

Threat Actors Actively Spreading Emotet Malware Via Windows Shortcut Files *

Multinational Beverage Corporation Coca-Cola Suffers a Network Breach *

American Dental Associations Sensitive Data Stolen by Black Basta Ransomware *

North Korean APT Group Targeting Journalists with Malware 'Goldbackdoor' *

French Hospital Group Suffers Cyberattack; Administrative and Patient Data Exposed *

A Critical Flaw in Ever Surf Wallet Enable Attackers to Steal Victim's Cryptocurrencies *

Atlassian Patched Critical Authentication Bypass Flaw in Jira Seraph *

Hackers Slipping 'More Eggs' Malware Into Resumes Sent to Corporate Hiring Managers *

A Critical Flaw in Cisco Umbrella’s Default SSH Key Enabled Credential Theft *

UPI Suffers Outage, Social Media Flooded with Payment Failure Complaints *

T-Mobile Confirms Lapsus$ Threat Group Breached its Internal Network *

Several Critical Flaws Disclosed in SmartPTT and SmartICS Industrial Products *

QNAP Urges Users To Mitigate Critical Apache HTTP Server Flaws *

LemonDuck and TeamTNT Hacking Docker Servers in Cryptomining Malware Campaigns *

A Critical Android Chipset Vulnerability Enables Attackers to Access User's Media Files *

New BotenaGo Botnet Variant Targeting Lilin Security Camera DVR Devices *

Amazon Web Services Patches Container Escape in Log4Shell Hotfix *

Russian Threat Group Employing New Pteredo Variants to Infect Targeted Ukrainian Entities *

Hive Ransomware Group Targeting Vulnerable Microsoft Exchange Servers *

Emotet Botnet Increased its Infection Rate in March 2022 *

CISA Warns About an Actively Exploited Windows Print Spooler Vulnerability *

QNAP Warned Customers to Secure NAS Devices from Cyberattacks *

Lenovo Disclosed UEFI Firmware Driver Vulnerabilities, Affecting Over 100 Laptop Models *

Israelian NSO Group Leveraging New iOS Flaw to Drop Spyware on iPhone Devices *

CISA Issues a Warning Regarding a North Korean Hacking Group Targeting Cryptocurrency Industries *

A Threat Actor Stole $655,388 in Cryptocurrency from Apple's iCloud *

Hackers Using Fake Windows 11 Upgrade Campaign to Infect Users *

Decentralized Finance Project Beanstalk Lost $182 Million in Flash-loan Attack *

Cisco Patches a Critical Authentication Bypass Vulnerability in its WLC Software *

'JekyllBot:5' Bugs Enable Hackers to Compromise Aethon TUG Hospital Robots *

Hackers Accessed Several GitHub's Private Repositories Using Stolen OAuth Tokens *

Scammers Targeting T-Mobile Customers in SMS Phishing Attacks *

A Vulnerability in Rarible NFT Marketplace Let Attackers Steal Users' Crypto Assets *

Wind Turbine Manufacturer 'Nordex' Suffers Conti Ransomware Attack *

Oil India Limited (OIL) Suffers Ransomware Attack *

Threat Actors Targeting Ukrainian Government Entities with IcedID Malware and Zimbra Exploits *

'OldGremlin' Ransomware Group Returns with New Malware Targeting Russian Entities *

CISA Warns About an Actively Exploited Windows Local Privilege Escalation Vulnerability *

Google Fixes An Actively Exploited Vulnerability in its Chrome Browser *

Malware Campaigns Targeting African Bank Employees with RemcosRAT Malware *

Russian Hackers Employ the Industroyer2 Malware to Attack Ukraine Power Grid *

Federal Agencies Issues a Joint Advisory on APT Groups Targeting ICS/SCADA Devices *

Hackers Actively Exploiting An Already Patched Critical VMware Vulnerability *

WordPress Developers Patches a Critical Flaw in Elementor Plugin *

A New Malware Tarrask Hides Scheduled Tasks Using Windows Vulnerability *

HP Patches Critical Bugs Impacting 15 Million Endpoints in Teradici PCoIP Software *

Hashnode Blogging Platform Reported to Have Critical LFI Vulnerability *

Microsoft Patch Tuesday Security Advisory - April 2022 *

Italian Luxury Fashion House 'Ermenegildo Zegna' Confirms Ransomware Attack *

Threat Actors Leveraging Spring4Shell Exploits to Install Mirai Malware *

American Manufacturing Company 'Snap-on' Suffers a Data Breach *

Researchers Issue Alert About Information-Stealing Malwares FFDroider & Lightning *

Qbot Operators Now Distributing Malware via MSI Windows Installer Packages *

The Android Banking Trojan Mimics Bank Customer Service Calls *

Atlassian's Ongoing Outage Might Extend Another Two Weeks *

Threat Actors Distributing a New META Malware in Spam Campaigns *

Chinese Threat Actors Actively Targeting Indian Power Grid Organizations *

New Octo Malware Let Attackers Take Control of Android Devices Remotely *

A New Traffic Direction System 'Parrot' Infects 16,500 Sites to Deploy Malware *

New Malware 'Denonia' Targets Serverless AWS Lambda with Cryptominers *

Hackers Harvesting Data Via Malicious Android Apps with Million of Downloads *

Threat Actors Using New 'FFDroider' Malware to Steal Social Media Accounts *

An Ongoing Atlassian Outage Affects Jira and Confluence Customers *

OpenSSL Infinite Loop Vulnerability Affects Palo Alto Networks Firewalls and VPNs *

Scammers Using Malicious Shopping Apps to Steal Bank Credentials of Malaysian Customers *

UK Retail Chain The Works Hit by Cyberattack *

VMware Patches Critical Vulnerabilities in its Multiple Products *

CISA Issues an Alert Relating the Active Exploitation of a Critical Spring4Shell Vulnerability *

Researchers Link Chinese Threat Group 'Cicada' to Widespread Espionage Attacks *

Hackers Breach Email Marketing Company 'Mailchimp' to Conduct Phishing Attacks *

FIN7 Hacking Group Employing Stolen Credentials and Software Supply Chain Attacks *

Several Hacking Groups Capitalizing on Russia-Ukraine War To Distribute Malware *

Threat Actors Marketing New Sophisticated Malware on Russian Hacking Forums *

Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave Routers *

New RAT Malware 'Borat' Appears on Hacking Forums, Offering Several Features *

Brokenwire Hack Could Let Attackers Disrupt Charging for Electric Vehicles Remotely *

VMware Fixes Critical Spring4Shell RCE Vulnerability in its Multiple Products *

A 15 Year Old Bug in Pear PHP Repository could Lead to Supply Chain Attack *

Trend Micro Patches Actively Exploited Vulnerability in its Apex Central Product *

Threat Actors Employ New Android Spyware to Harvest Sensitive User Data *

American Express Suffers Massive Outage, Affects Payment Services *

Threat Actors Abusing Microsoft Azure Static Web Pages in Phishing Attacks *

Hackers Using Fake Trezor Data Breach Emails to Harvest Users Cryptocurrency Assets *

CISA Warns Federal Civilian Agencies to Patch Critical Sophos Firewall Vulnerability *

Critical GitLab Vulnerability Enables Hackers to Take Over User Accounts *

Palo Alto Networks Error Leaks Customer Support Cases, Attachments *

Apple Patches Two Zero-Days in its iPhones, iPads, and Macs Devices *

Zyxel Patches Critical Authentication Bypass Vulnerability in its Firewall and VPN Products *

Vulnerable Wyze Cam Devices Allow Hackers to View Video Feeds *

Chinese Hackers Installing New 'Fire Chili' Rootkit on Vulnerable VMware Horizon Servers *

Viasat Confirmed Satellite Modems were Compromised with AcidRain Malware *

Developers Release a Fix for a Zero-Day Vulnerability in Spring Java Framework *

A New Zero-Day Vulnerability in Spring Java Framework Allows Remote Code Execution *

A Severe OpenSSL Bug Affects the Majority of QNAP NAS Devices *

Globant, an IT and software Firm, Suffers a Data Breach; 70GB of Data is Stolen *

Viasat's KA-SAT Satellite Service Suffers From Cyberattack *

A New Spear-phishing Campaign Targets Russian Govt Dissidents with Cobalt Strike *

Russian Phishing Attacks Target NATO, and European Military Forces *

FBI Warns Election Officials of Credential Phishing Campaigns *

Transparent Tribe Hackers Targeting Indian Government Officials Via Modified MFA Tool *

Mars Stealer Malware Spreads Through OpenOffice Ads on Google *

New Malware 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners *

CISA Wans of Attacks on Internet-connected UPS Devices *

Shutterfly Discloses Data Breach Post Suffering Conti Ransomware Attack *

Threat Actors Using Infected WordPress Sites to Launch DDoS Attacks *

Remote Keyless System of Honda Vehicles Vulnerable to Replay Attacks *

Threat Actors Targeting Vulnerable Microsoft Exchange Servers Via Reply Chain Hijacking Attacks *

'Purple Fox' Hackers Actively Using New Variant of FatalRAT in Recent Malware Attacks *

Muhstik Botnet Targeting Redis Servers Recently Disclosed Vulnerability Via Recently Disclosed Vulnerability *

An Emergency Google Chrome Update Fixes Zero-Day Flaw Used In Attacks *

A Critical Vulnerability in Sophos Firewall Enables Remote Code Execution *

Chinese Hacking Group 'Scarab' Spotted Targeting Ukraine Amid Russia Invasion *

Threat Actors Distributing a Vidar Infostealer Via Malicious Email Attachments *

Hackers Targeting Azure Developers Via Over 200 Malicious NPM Packages *

Social Engineering Attacks Compromise Morgan Stanley Client Accounts *

Western Digital Updates My Cloud OS To Patch Critical Vulnerability *

Threat Actors Distribute a New Version of JSS Loader RAT Via Malicious Microsoft Excel Add-ins *

North Korean Hackers Actively Exploiting Recently Patched Chrome Zero-day Flaw *

VMware Releases Patches For Carbon Black App Control Flaws *

New WPS Office Flaws Give Hackers Access To Betting Firms *

China-Linked Threat Actor 'Mustang Panda' Targets European Diplomats and ISPs *

Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns *

Microsoft Confirms the Hack by LAPSUS$ Extortion Group, 37GB of Source Code Leaked *

New Dell BIOS Flaws Affect Millions of Inspiron, Vostro, XPS, Alienware Systems *

Several HP Printer Models Vulnerable to Remote Code Execution Attacks *

Greece's Public Postal Service ' ELTA' Suffers Ransomware Attack *

Researchers Expose Custom macOS Malware of Chinese Hackers *

A New Crypto Scam Dubbed 'CryptoRom' Abusing iPhone Features to Target Mobile Users *

New Backdoor 'Serpent' Targets French Entities via Open-Source Package Installer *

Hackers Targeting Bank Networks with New Rootkit to Compromise ATM Machines *

Threat Actors Spreading BitRAT Malware as Windows 10 License Activator *

Hackers Impersonating Legit Domains by Using New Browser-in-the Browser (BITB) Attack *

Opatch Releases an Unofficial Patch For Windows Zero-Day Flaw Giving Admin Rights *

Hackers Infecting Android Users Via Password Stealing Malware 'FaceStealer' *

Internet Systems Consortium (ISC) Patches High-severity Bugs in BIND Server *

A New Variant of Cyclops Blink Botnet Actively Targeting ASUS Routers *

Europe Warns of Aircraft GPS Outages Linked To Russian Invasion *

Unsecured Microsoft SQL and MySQL Servers are Targeted by Gh0stCringe Malware *

SolarWinds Warns Against Attacks Aimed at Web Help Desk Instances *

Over Hundreds of GoDaddy-Hosted Sites Were Backdoored In One Single Day *

CISA Added 15 Known Vulnerabilities Exploited in Attacks *

OpenSSL Patches a High-Severity DoS Vulnerability *

Hackers Employing Log4j Exploits to Infect Linux Machines *

A Massive Phishing Campaign Employs 500+ Domains to Steal Credentials *

Giant Automotive Manufacturer DENSO Suffers Data Breach *

QNAP Alerted on Linux 'Dirty Pipe' Vulnerability, Affecting its NAS Devices *

Threat Actors Employed CaddyWiper Data Wiping Malware in Ukraine Attacks *

New Linux Vulnerability Allows Hackers to Elevate Privileges *

Researchers found New Evidence linking Kwampirs Operators to Shamoon Malware *

Bridgstone Americas Suffers Data Breach Post Ransomware Attack *

Vulnerable Package Managers let Attackers to Infect Developers' Systems *

Giant Video Game Developer Ubisoft Disclosed a Cyberattack, Services Disrupted *

New Variant of Aberebot Trojan Harvest Users' Google Authenticator MFA Codes *

Attackers Using YouTube Platform to Infect Video Games Players with Malware *

Threat Actors Using Custom-made Hacking Tools in Cyberattacks *

Emotet Botnet Employing Over 100,000 Bots to Carryout Cyberattacks *

Iranian Threat Group Targeting Turkey and Arabian Peninsula in Malware Attack *

Threat Actors Employing Mitel Devices to Launch DDoS Reflection Attacks *

Russian Federal Agencies' Websites Compromised in a Supply Chain Attack *

CISA Updated Conti Ransomware Alert with 100 Domains used in Cyberattacks *

Chinese Threat Actors Targeting European Diplomatic Entities in Phishing Attacks *

Scammers Impersonating Government Officials and Law Enforcement in Fraud Scams *

Coinbase Blocks Over 25,000 Blockchain Addresses Linked to Russian Individuals *

A New Linux Vulnerability Enable Hackers to Gain Root Access on Vulnerable Systems *

Microsoft Fixes a Critical Azure Bug Exposing Other Customers Data *

Romania's Rompetrol Gas Station Network Suffers Hive Ransomware Attack *

Ukraine's Computer Emergency Response Team Warns of New Phishing Attacks *

TerraMaster Patches Critical Vulnerabilities in its Network-attached Storage (NAS) Devices *

Researchers Identify SharkBot Malware Disguised as an Android Antivirus on Google Play Store *

Threat Actors Using Stolen NVIDIA's Code-signing Certificates in Cyberattacks *

Russian Government Shares a List of IP Addresses DDoSing Russian Organizations *

Vulnerable Linux Kernel Versions Enable Hackers to Execute Arbitrary Commands *

New Security Bug Affects Thousands of Self-Managed GitLab Instances *

Mozilla's Security Updates address two critical zero-day vulnerabilities in Firefox *

'Lapsus$' Hacking Group Allegedly Leaks Samsung Electronics Confidential Data *

Cisco Issue Patches for Expressway Series, TelePresence VCS Products *

Researchers Propose New Side-Channel Attack on Homomorphic Encryption *

New York State Office of the Attorney General Warns Users Impacted by T-Mobile Data Breach *

Over 71,000 NVIDIA Employees Credentials Compromised as a Result Of a Data Breach *

Researchers Disclose a Malware Campaign Impersonating VC Firm Using Phishing Emails *

Developers Address Critical Security Flaws in Famous Multimedia Library PJSIP *

Researchers Disclose Critical Security Vulnerabilities in VoIPmonitor Monitoring Software *

Threat Actors Leveraging Log4Shell Vulnerabilities to Launch DDoS and Cryptomining Attacks *

Belarusian Nation-state Threat Group Actively Targeting European Government Entities *

TrickBot Operators Updates its AnchorDNS Backdoor to AnchorMail *

Threat Actors Abusing Google Ads to Push Hundreds of eBike Phishing Sites *

China-linked Daxin Malware Actively Targeting Several Governments Infra in Espionage Attacks *

TeaBot Malware Resurfaces on Google Play as a QR Code Scanner App *

Insurance Giant 'AON' Suffered Cyberattack Over the Weekend *

Second New Malware 'IsaacWiper' Targets Ukraine Amid Russian Invasion *

Automobile Giant 'Toyota' Halts Production Amid Cyberattack on Supplier *

Video Surveillance Giant 'Axis Communications' Suffers Massive Network Breach *

Threat Actors Abusing Content Filtering Devices in DDoS Amplification Attacks *

An Infostealer Malware 'Jester Stealer' Updated with New Malicious Capabilities *

Threat Actors Using Ransomware as Decoy in Ukraine Cyberattacks *

Android Visual Voice Mail App Vulnerability Let Attackers to Steal User Passwords *

NHS Urges Users to Patch Okta Advanced Server Client RCE Vulnerability *

American Multinational Technology Corporation 'Nvidia' Hit by Cyberattack *

Targeted Citibank Customers Suffer Phishing Attack with Fake Suspension Alerts *

Threat Group 'UNC2596' Exploiting Microsoft Exchange Vulnerabilities to Install Ransomware Payload *

Hackers Using Microsoft Official Store to Deploy Malware on Victims' Systems *

Threat Actor Group 'APT27' Hit US Defense Contractors Using Stealthy SockDetour Backdoor *

Deadbolt Ransomware Operators Actively Targeting ASUSTOR NAS Devices *

Researchers Identify a New Destructive Wiper Malware Leveraged in Ukraine Attacks *

CISA Warns About an Actively Exploited Flaws in Zabbix Network Monitoring Platform *

Researchers Unveil New Malware 'Small Sieve' Used by MuddyWater Hackers *

Researchers Warn of New Russian Botnet Built from Hacked Firewall Devices *

25 Malicious JavaScript Libraries Enable Hackers to Steal Users' Discord Tokens and Environment Variables *

Threat Actors Employing Dridex Bots to Deploy Ransomware Payload on Infected Networks *

Chinese Researchers Uncover Details About Equation Group's Bvp47 Backdoor *

Researchers Disclose a 9-Year-Old Bug in Horde Webmail Software *

Massive DDoS Attacks Hit Ukrainian Government Agencies and Banks Once Again *

Researchers Disclose a New Phishing Technique Bypassing Multi-factor Authentication *

Chinese Threat Group 'APT10' Targeting Taiwan Entities in a Supply Chain Attack *

Hancom Office Software Vulnerable to Code Execution and Memory Corruption Attacks *

Fraudsters Stolen $1.7 Million Worth NFTs from OpenSea Users' in a Phishing Attack *

Threat Actors Actively Scanning Vulnerable MS SQL Servers to Deploy Cobalt Strike Beacons *

A New Android Banking Trojan Spotted on Google Play Store, Targeting Europeans *

American Logistics Company 'Expeditors International' Hit by Massive Cyberattack *

Giant Cookware Distributor 'Meyer Corporation' Suffers Data Breach Following Ransomware Attack *

Islamic Republic of Iran Broadcasting (IRIB) Hit by Cyberattack *

WordPress Force-Updating UpdraftPlus Plugin Patch on Million of Sites *

Iranian Threat Group Leveraging Log4j Vulnerabilities to Affect VMware Horizon Servers *

PseudoManuscrypt Botnet Followed CryptBot Techniques Since May 2021 *

Monzo Online Banking Users Targeted by New phishing Attack *

Popular E-cigarette Online Store was Compromised to load Credit Card Skimmer *

Adobe Updated its Security Advisory for Critical Vulnerability *

Cisco Patched high severity vulnerability Impacts Cisco Email Security Appliance *

Hackers Use Microsoft Teams Chats to Spread Malware *

Researchers Alerts on Golang-based Kraken Botnet Targeting Windows Systems *

Cyber Threat Group 'Moses Staff' Targeted Israeli Organizations *

Red Cross Claimed State-Sponsored Hacking Group Responsible for the Attack *

BEC Scammers Impersonating CEOs in Virtual Meetings *

Trickbot Malware Targeting Well-known Companies to Steal Users Credentials *

Researchers Disclosed a High-Severity Vulnerability in Apache Cassandra *

VMware Patched High Severity Vulnerabilities Affecting Several Products *

BlackCat Ransomware Group Claims Swissport Ransomware Attack *

Ukrainian Defense and Two Bank Sectors Hit By Massive DDOS Attack *

Threat Actors Employing Mylobot Malware to Send Cyberbulling Emails *

Researchers Attribute ShadowPad Malware Attacks to Chinese Threat Groups *

Japanese Sportswear Company Mizuno Hit by Ransomware Attack *

Moxa Patches 5 Critical Security Vulnerabilities in its MXview Software *

Ukraine Suffers from Ongoing Massive Hybrid Warfare *

NFL’s San Francisco 49ers Team Hit by Blackbyte Ransomware Attack *

Google Pushes a Chrome Update to Fix Zero-day in its Chrome Browser *

Adobe Fixed Critical Zero-day Vulnerability, Affects Adobe Commerce and Magento Users *

Croatian Mobile Network Operator 'A1 Hrvatska' Suffers Data Breach *

Researchers Identified New Sophisticated Rust-based Ransomware Attack *

CISA Added 16 New Flaws to its Known Exploited Vulnerabilities Catalog *

Threat Group ModifiedElephant Installed Fake Digital Evidence on Indian Activists *

Apple Patches an Actively Exploited Zero-Day Flaw in its Security Updates *

Threat Actor Group 'APT29' Targeted European Diplomats Via COVID-19-Themed Phishing Emails *

FritzFrog Botnet Infects 1500 Hosts Within a Span of One Month *

Researches Disclose Advanced Threat Group 'ModifiedElephant' Stealth Mode Operation Strategies *

Vulnerable 'PHP Everywhere' Plugin Pose High Risk for Thousands of WordPress Sites *

Iranian Threat Group Deploying Backdoor Dubbed Marlin in a New Espionage Campaign *

Hackers Infected Hundreds of Magento Sites in MageCart Attacks *

FBI Alerts Users of Increased SIM Swap Fraud Hijacking Victims Numbers *

Advance Threat Group Employing New Implant to Infect Middle East Entities *

Threat Actors Targeting European Android Users in Smishing Attacks *

Kimsuki Hacker Group Using Commodity RATs with Custom Gold Dragon Malware *

Google Patches Two Critical Bugs Via Android Security Updates for Feb 2022 *

Vulnerable Mimosa Wireless Broadband Products are Exposed to Remote Attacks *

SAP Patches Multiple Security Vulnerabilities in its February 2022 Security Patch Day *

Vodafone Portugal Hit by Massive Cyberattack *

Microsoft Patch Tuesday Security Advisory - February 2022 *

Politically Motivated Threat Group Targeting Indian Military and Diplomatic Resources *

Medusa Malware Targeting Android Users in Smishing Campaigns *

Leading Sportswear Manufacturer Puma Suffers Data Breach Following Ransomware Attack *

DPD Group's Parcel Tracking Flaw May Expose Customers' Personal Information *

Vulnerable Argo CD Exposes Sensitive Information from Kubernetes Apps *

American Media Giant News Corp Hit by Persistent Cyberattack *

Researchers Identified a New Ransomware-as-a-Service (RaaS) Operation in Cyberattacks *

Israeli Company QuaDream Abusing iPhone Security Vulnerability to Deploy Spyware *

Switzerland's Aviation Firm Swissport Hit by Ransomware Attack *

Chinese Threat Actors Actively Exploiting a Zimbra Zero-day Vulnerability to Steal Emails *

Cisco Patches Several Flaws Discovered in Small Business RV Series Routers *

Intuit Warns of Phishing Campaign Sending Fake Account Suspended Mails *

Antlion Hackers Targeting Financial and Manufacturing Institutes Using Custom Backdoor *

Threat Actor Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks *

UEFI Firmware Vulnerabilities Impact at least 25 Computer Vendors *

Threat Actors Using SEO Poisoning Technique to Install Malware Package *

New Malware Used by SolarWinds Hackers Went Undiscovered for Many Years *

Kenyon Produce (KP) Snacks Company Suffers Ransomware Attack *

Morley Companies Inc. Discloses a Data Breach Post Ransomware Attack *

ESET Patches High Severity Vulnerability Affecting its Multiple Products *

Threat Actor Group 'Charming Kitten' Using New PowerShell Backdoor in Cyber Espionage Attacks *

SolarMarker Malware Employing Novel Techniques to Persist on Hacked Systems *

Researchers Disclose New Iranian Hacking Campaign Targeting Turkish Users *

Researchers Found a New Oski Malware Variant Dubbed ' Mars Stealer' in Cyberattacks *

Phishing Scammers Employing Malicious CSV Files to Drop Malware *

German Petrol Supply Firm Oiltanking Severely Impacted by Cyber-attack *

British Council Suffers Data Leak, 144000 Records Exposed *

Gamaredon Threat Group Using New Malicious Files in Phishing Attack *

Samba Patched a Critical Vulnerability that Let Hackers Gain Root Access *

Hackers Abusing UPnP Routers to Perform Malicious Activities *

WordPress Addresses a Critical Vulnerability in a Plugin with Over a Million Downloads *

Russian Threat actors Employ Stealthy Malwares in Cyber Espionage Campaign Dubbed 'StellarParticle' *

Taiwanese Electronics Manufacturer, Delta Hit by Conti Ransomware *

Hackers Taking Over CEO accounts Using Rogue OAuth Apps *

Phishing Operators Using a Windows Update to Install Malware *

Researchers Discover Over 20,000 Vulnerable DCIM Systems Prone to Attacks *

Finnish Diplomats’ Mobiles Infected with Pegasus Spyware *

Patched Windows Vulnerability with New Public Exploits Lets Hackers Become Admin *

Linux Version of LockBit Ransomware Targeting VMware ESXi Servers *

Discord Suffers Major Outage Caused by API and Database Issues *

Chaes Banking Trojan Hijacking Chrome with Malicious Extensions *

New FluBot and TeaBot Campaigns Abusing Android Devices Worldwide *

Phishing Attack Impersonate Shipping Giant 'Maersk' to Deploy Malware *

A Video Game Company BANDAI NAMCO Shutdown Servers to Prevent Cyberattacks *

Apple Patches New Zero-day Exploited to Hack macOS, iOS Devices *

German Government Warns of APT27 Group Backdooring Business Networks *

Linux System Service Flaw Enables Root on all Major Distros *

DazzleSpy Malware Targets macOS Users in Watering Hole Attack *

Threat Actors Employing Compromised Accounts to Deliver Large-scale Phishing Emails *

Premium Subscription-Based Scam Targeting Android Users *

TrickBot Malware Operators Added New Techniques to Elude Detections *

Russian Threat Group Targeting Government and Defense Industries *

New DeadBolt Ransomware Targets QNAP Devices, Demands 50 BTC for Master Key *

Initial Access Broker Attack VMware Horizon Servers in Log4Shell Attacks *

Canadian Government Hit by Cyberattack, Few Services Disrupted *

Threat Actors Hacked Segway Store to Steal Customers' Credit Card Data *

Emotet Spam Campaign Using Unconventional IP Address to Evade Security Detections *

Phishing Campaign Employing Malicious PowerPoint Files to Push Malware *

Threat Actors Now Actively Targeting a Patched Critical SonicWall RCE Bug *

Two CWP Bugs Allow Code Execution as Root on Linux Servers *

Android Malware BRATA Strikes Back with Enhanced Features, Wipes Device After Stealing Data *

Hackers Encrypted Belarusian Railway's Internal Servers in Protest *

Researchers Identified a New UEFI Firmware Implant in Cyberattacks *

Hackers Backdoored Over 90 WordPress Themes, Plugins in Supply Chain Attack *

Researchers Uncover 2 Flaws in Zoom Software, Resulting in Zero-click Attack *

SonicWall Provides Temp Fix For Firewalls Stuck in Reboot Loop *

CISA Discloses New 17 Vulnerabilities Exploited in Attacks *

Threat Group Molerats Targeting Middle East in Cyberespionage Campaign *

McAfee Agent Update Fixes Two High-Severity Vulnerabilities *

F5 Patches 24 Vulnerabilities in its BIG-IP, BIG-IQ, and NGINX Controller API Products *

Dutch National Cybersecurity Centre Warns of Lingering Log4j Threats *

WordPress Plugin Flaw Puts Users of 20,000 Sites at Phishing and Code Injection Risk *

Several Spyware Campaigns Stealing Credentials in Industrial Firms *

DoNot Hacking Group Targeting Government and Military Entities in South Asia *

Indonesia's Central Bank Discloses Ransomware Attack, Conti Leaks Data *

Cisco Flaws Provide Remote Attackers Root Privileges via Debug Mode *

Red Cross Cyberattack Leaks Data of 515,000 Individuals *

SolarWinds Patches Serv-U Vulnerability Exploited for Log4j Attacks *

Russian Attackers Employing Subscription-based Malware Service to Deploy Malware *

Scammers Impersonating United States Department of Labor in Phishing Campaign *

A New Stealthy Malware Targeting Users' Cryptocurrency Wallets and Passwords *

Researchers Discloses a Critical Flaw in SAP NetWeaver AS ABAP and ABAP Platforms *

Critical Flaw in IDEMIA Biometric Identification Devices Enable Unauthorized Access *

Large-scale Phishing Campaign Targeting Renewable Energy Firms *

Researchers Link New White Rabbit Ransomware to FIN8 Hacking Group *

Earth Lusca Hackers Targeting High-Value Targets in Government and Private Sectors *

Microsoft Issues Emergency Patches for Windows Server, VPN Bugs *

Fashion Giant Moncler Discloses Data Breach Post Ransomware Attack *

Microsoft Warns of Fake Ransomware Targeting Ukraine in Data-wiping Attacks *

High-Severity CSRF Flaw in 3 WordPress Plugins Affected 84,000 Websites *

Nintendo Warns of Phony Sites Pushing Fake Switch Discounts *

eNom Data Center Migration Process Knocks Sites Offline *

Zoho Patches a Critical Security Flaw in Desktop Central *

An Undisclosed npm Dependency Flaw Affected Facebook's Create React App *

Vulnerable Apple Safari Browser Allows Hackers to Track User Activity *

Cybercriminals Abusing Public Cloud Infrastructure to Distribute Several RAT's *

Goodwill's E-commerce Platform 'ShopGoodwill' Suffers Data Breach *

Cisco Patches a Critical Bug Affecting Unified CCMP and Unified CCDM *

Qlocker Ransomware Returns to Target QNAP NAS Devices Globally *

Defense Contractor Hensoldt Discloses a Ransomware Attack *

Massive Cyber Attack Knocks Down Several Ukrainian Government Websites *

North Korean Hackers Stealing Millions from Cryptocurrency Startups Globally *

Financially Motivated Hacking Group Targeting Cryptocurrency Startups *

Threat Actors Compromised FIFA 22 Accounts Using Social Engineering Techniques *

AWS Patched Security Vulnerabilities that Exposed AWS Customers' Information *

Sentinel LABS Released an Unofficial Patch for Privilege Escalation Vulnerability, affecting all Windows Devices *

OceanLotus Threat Group is using Web Archive Files to Install Backdoors *

Magniber Ransomware Gang now Utilizing Signed APPX Files in Attacks *

Microsoft Patched Critical Flaw in Windows HTTP Protocol Stack *

Apple Fixed a Persistent Denial of Service (DoS) Flaw Dubbed 'doorLock' *

Ransomware Operators Leveraging Log4Shell Exploit to Infect VMware Horizon Systems *

Microsoft Patch Tuesday Security Advisory - January 2022 *

New SysJoker Backdoor Actively Targeting Windows, macOS, and Linux Users *

Threat Actors Deploying New RedLine Malware Via Fake Omicron Stat Counter App *

KCodes NetUSB Kernel Module Bug Affects Millions of Routers Globally *

CISA Warns Federal Agencies of Ancient Flaws Still Being Exploited *

Threat Actor Group 'Patchwork' Infecting Users with Ragnatela Malware *

Researchers Link 'Abcbot' Botnet Operation to Xanthe Cryptomining Botnet Operators *

Threat Actors Targeting Cybersecurity Researchers and Developers in Malware Campaign *

State Hackers Employ New PowerShell Backdoor in Log4j Attacks *

Vulnerable Open-Source NPM Libraries 'colors' and 'faker' Breaks Thousands of Apps *

Linux Version of AvosLocker Ransomware Encrypting VMware ESXi Servers *

Researchers Discovered Security Flaw like Log4Shell in H2 Database Console *

A New 'Night Sky' Ransomware Targeting Corporate Companies *

Microsoft Warns of Persistent Attacks Leveraging Apache Log4j Flaws *

Y2K22 Bug Hits SonicWall's Email Security, Firewall Products *

Hackers Employ BadUSB to Target Defense Firms with Ransomware *

NHS Warns of Unknown Hacker Group Exploiting Log4Shell in VMware Horizon *

FluBot Malware Operators Targeting Europe Posing as Flash Player App *

FinalSite Hit by a Ransomware Attack that Disrupted Thousands of Schools *

QNAP Warns of Attacks Targeted at Internet-exposed NAS Devices *

North Korean Hacker Group "Konni" Attacks Russian Foreign Ministry *

Credential Stuffing Attacks Impact 1.1 Million Users at 17 Companies *

US Online Pharmacy "Ravkoo" Suffers Data Breach Post AWS Portal Hack *

Hackers Abusing Google Docs Commenting Feature to Drop Malware *

FBI Warns of an Ongoing Google Voice Authentication Scams *

Microsoft Releases an Emergency Update to Address Windows Remote Desktop Issues *

Threat Actors Injecting Web Skimmer Code to Steal Sensitive Information *

U.S. Cellular Disclose Data Breach Post Billing System Hack *

Hospitality Chain McMenamins Suffers Data Breach Post Ransowmare Attack *

Apple iOS Vulnerable to Denial of Service Flaw "doorLock" *

Broward Health Company Discloses a Data Breach, 1.3 Million Individuals Affected *

Threat Actors Deploying Purple Fox Malware via Malicious Telegram Installers *

Microsoft Release a Temporary Fix to Address Exchange Server Flaw *

Kyoto University Loses 77TB of Research Data due to Backup Error *

Netgear Leaves Six High Severity Vulnerabilities Unpatched in Nighthawk Router *

PulseTV Discloses Data Breach of 200,000 Credit Cards *

Researcher Discloses a Security Flaw in Uber's Email System *

New iLOBleed Rootkit Wiping Data from Compromised HP Enterprise Servers *

AvosLocker Ransomware Group Releases Decryptor Post Breaching US Police *

Firmware Attack May Drop Persistent Malware in Hidden SSD Area *

Chinese APT Hackers Employ Log4Shell Flaw to Attack an Academic Institution *

Prominent Crypto Trading Platform, ONUS Suffers Ransomware Attack via Log4j Hack *

Storage Devices of Several Vendors Impacted by Encryption Software Bugs *

Norwegian Media Giant Amedia Suffers Disruption Due to Cyberattack *

Researchers Disclose New Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics *

Apache Releases Log4j 2.17.1 to Address a Remote Code Execution Bug *

RedLine Malware Stealing Passwords Saved in Chromium-based Web Browsers *

BlackTech Cyber-espionage APT Targeting Japanese Companies Using Flagpro Malware *

Threat Actors Attempted to Compromise LastPass Users Master Passwords *

Researchers Identify Infiltration of Riskware Apps on Samsung's Galaxy Store *

Threat Actors Actively Abusing MSBuild for Cobalt Strike Beacon Execution *

Photo Services Giant Shutterfly Hit by Conti Ransomware Attack *

ech0raix Ransomware Group Actively Scanning for Vulnerable QNAP NAS Devices *

Pirated 'Spiderman: No Way Home' Movie Torrent Delivers Crypto-Mining Malware *

Several Vulnerabilities in Garrett Metal Detectors Let Hackers to Alter Configurations *

Global IT Services Provider Inetum Suffers Ransomware Attack *

Android Banking Trojan Spreads via Bogus Google Play Store Page *

Blackmagic Patches Critical DaVinci Resolve Code Execution Flaws *

Dridex Operators Targeting Covid-19 Victims via Omicron Phishing Taunts *

Monongalia Health System Suffers Email Breach, Affecting 400,000 Individuals *

NVIDIA and HPE Patches Apache Log4j Library Vulnerabilities in its Products *

Researchers Disclose a New Variant of Babuk Ransomware *

New Dell BIOS Updates Results in Laptops and Desktops Boot Issues *

Apple Patches macOS Security Flaw Behind Gatekeeper Bypass *

Researchers Uncover New Phishing Campaign Aimed at CoinSpot Crypto Exchange *

Threat Actors Deploying Stealthy BLISTER Malware on Windows Devices *

Pro Wrestling Tees Discloses Data Breach, 31,000 Customers Info Compromised *

Apache Patches Two Severe Security Vulnerabilities in its HTTP Server *

Microsoft Azure App Service Bug Exposes Customers Source Code Repository *

CISA, FBI and NSA Releases Joint Advisory and Scanner for Log4j Vulnerabilities *

Chinese-speaking Espionage Group Targeting Government and Transportation Sectors *

Researchers Identify Stealthy Backdoors in Auerswald's COMpact 5500R PBX's Firmware *

All Mobile Phone Generations Since 2G Vulnerable to Newly Identified Mobile Network Vulnerabilities *

FBI: Threat Actors Actively Exploiting New Zoho Zero-Day Since October 2021 *

Over 820,000 Vulnerable WordPress sites are Exposed to Attacks *

PYSA Ransomware Group was Behind Major Attacks in November 2021 *

Scammers Impersonate Pharmaceutical company 'Pfizer' in Phishing Attacks *

Sony Life Insurance Employee Arrested for Stealing $154 Million Dollars *

Hackers Taking Over Vulnerable Windows Domains via Elevation of Privilege Vulnerabilities *

Researchers Suspect 'Cytrox' for Distributing 'Predator' Spyware on iPhones *

Cyber Criminals Infected U.S. Federal Agency's Network with Backdoor *

Malicious Android App Distributes New Joker Malware, Infected Over 500,000 Android Users *

Hackers Distributing New Stealthy DarkWatchman Malware through Phishing Emails *

Threat Actors Revived TellYouThePass Ransomware in Linux, and Windows Log4j Attacks *

Threat Actors Exploiting Log4j Vulnerability to Deploy Dridex Banking Malware *

Western Digital Urges Users to Upgrade their My Cloud Devices *

Logistics Firm "Hellmann" Warns Users of BEC Emails Post Ransomware Attack *

Threat Actors Infected Over 35,000 Computers in 2021 Using a New PseudoManuscrypt Malware *

Threat Actors Targeting Spider-Man Franchise Fans with Credit-Card Harvesting *

VMware Patches a Critical Flaw in Workspace ONE UEM *

Phorpiex Botnet Surfaces Again with a more Sophisticated Variant *

Khonsari Ransomware Group Targeting Self-Hosted Minecraft Servers *

Apache Issues a New Patch to Fix 3rd Log4j Vulnerability *

Researchers Suspect New Attack Vector Identified in Log4j Exploits may Expand the Attack Surface *

Iranian State-Sponsored Hacker Abused Slack API to Steal Asian Airline Data *

US Prominent Brewery and Hotel chain "McMenamins" Hit by a Conti Ransomware Attack *

Log4j Hackers Switch to Injecting Monero Miners via RMI *

Credit Card Skimmers Targeting Ecommerce Sector via Magecart Attacks *

DDoS Mitigation Service Provider "Cloudflare" Suffers Widespread Latency and Timeouts *

A New Espionage Campaign Targeting Telecom Organizations in Middle East and Asia *

Hackers Steal Microsoft Exchange Credentials Using Backdoor "Owowa " *

Threat Actors Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges *

Apple Releases an iOS Update for Remote Jailbreak Exploit *

PyPi Removes 3 Python Packages Suspected of Dropping a Trojan on Victim Systems *

Virginia Information Technology Agency Suffers Ransomware Attack *

Workforce Management Solutions Provider, Kronos Suffers Ransomware Attack *

Over 300,000 MikroTik Devices Still Vulnerable to Remote Hacking Flaws *

AWS Suffers Second Outage in this Month, Impacts Twitch, Zoom, PSN, Hulu, others *

Vulnerabilities in Wi-Fi and Bluetooth Chips Enable Hackers to Steal Passwords *

Researchers Identify "ALPHV" as the Most Sophisticated Ransomware in 2021 *

Threat Actors Actively Exploiting Log4Shell Vulnerability to Deliver Malware on Vulnerable Machines *

Partially Fixed Dell Computer Drivers Still Vulnerable to Windows Kernel-level Attacks *

Threat Actors Targeting German E-Banking Users via New Phishing Campaigns *

Volvo Cars Suffers Ransomware Attack, R&D Information Exposed *

Researchers Link 'XE Group' to Eight Years of Credit Card Theft *

Apache Foundation Releases a Security Patch for Second Log4j Vulnerability *

Microsoft Patch Tuesday Security Advisory - December 2021 *

Mojang Studios Publishes an Emergency Minecraft Update Amid Critical Log4j Vulnerability Exploits *

Threat Actors Dropping Agent Tesla Malware Using PowerPoint Macros in On-going Phishing Campaigns *

Hackers Employ Known Info-stealing Malware "TinyNuke" Targeting French Users *

Researchers Disclose Building Blocks of Widely Active Qakbot Banking Trojan *

AWS Discloses the Cause Behind the Recent Massive Outage *

Researches Disclose an Active Campaign Exploiting Over Vulnerable 1.6 Million WordPress Sites *

17 Malicious NPM Packages Let Attackers to Steal Discord Tokens *

Google Pushes Emergency Chrome Update to Fix Zero-day in its Chrome Browser *

South Australian Government Data Breach Expose Over 80,000 Employees Info *

Threat Actors Targeting Enterprises Using New Zero-day Exploit for Log4j Java Library *

StrongPity Hacking Group Pushing Malware Using Malicious Notepad++ Installers *

Dark Mirai Botnet Actively Targeting Unpatched TP-Link Routers *

Hackers Targeting US Universities via Office 365 Phishing Campaigns *

Vulnerable Hikvision's IoT Devices Targeted by Moobot Botnet *

Emotet Malware is Now Installing Cobalt Strike Directly on Infected Devices *

Fujitsu Cites the Breach on Japanese Ministries' on Stolen ProjectWEB Credentials *

Cox Communications Disclose Data Breach Post Hacker Impersonates Support Agent *

SanDisk SecureAccess Flaw Enables Brute Force Attacks Against Vault Passwords *

Google Fixes High Severity Use-After-Free Vulnerabilities in its Chrome Browser *

SolarWinds Hackers Targeting Government and Business Organizations Worldwide *

Phony KMSPico Software Stealing Victims' Cryptocurrency Wallets *

Hackers Employ Fake 'Spam Notification' Phishing Emails to Steal Microsoft Credentials *

SonicWall Patches Several Security Flaws in its SMA 100 Series Appliances *

Grafana Patches a Zero-day Flaw Post Exploits Spread Over Twitter *

Popular Cloud Service Providers Affected by Multiple Vulnerabilities in Eltima SDK *

AWS Suffers Outage, Impacts Ring, Netflix, and Amazon Deliveries *

QNAP Warns Users to Secure NAS Devices Against Bitcoin Miner *

Conti Ransomware Strikes Scandinavian Hotel Group "Nordic Choice" *

Hundreds of SPAR Stores Suffer Massive Outage in Northern England *

BitMart Cryptocurrency Exchnage Loses $200 Million Worth of Cryptocurrency Tokens Post Hack *

Microsoft Seizes Domains Used by APT15 Chinese State Hacker Group *

Researches Disclose 17 Malicious Frameworks Used to Attack Air-Gapped Networks *

Pakistani Threat Actor "SideCopy" Targeting Indian and Afghan Governments *

Malvertising Campaigns Distributing Backdoors and Malicious Chrome Extensions *

Threat Actors Distributing Android Banking Malware "BRATA" via SMS Phishing Campaign *

Researchers Disclose 14 New XS-Leaks Attacks on Well-known Web Browsers *

Finland's National Cyber Security Centre Warns of New Android Banking Malware Campaigns *

Threat Actors Employing RTF Template Injection Method in Phishing Campaigns *

Phishing Actors Actively Exploiting Users Via Omicron Themed Phishing Campaign *

Zoho Patches a Critical ManageEngine Bug Exploited in Wild *

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats *

Scammer Sentenced for Stealing Millions of Dollars of Cryptocurrencies via SIM Hijacking *

Threat Actors Promoting a Malicious Android App to Steal Malaysian Bank Credentials, and MFA Codes *

BlackByte Ransomware Group Exploiting Proxy-shell Flaws to Deploy Web-shells on Vulnerable Microsoft Exchange Servers *

New Malware "NginRAT" Actively Targeting E-commerce Servers *

Planned Parenthood LA Discloses Data Breach Post Ransomware Attack *

Threat Actors Spreading Emotet via Fake Adobe Windows App Installer Packages *

Four Android Banking Trojans Infected Over 300,000 Android Devices in 2021 *

Mozilla Patches a Critical Flaw in its Cross-platform Cryptography Library *

TrickBot Malware Authors Employing New Ways to Evade Detection *

Russian Threat Actors Employing Babadeda Crypter to Evade Detection *

Hardware Giant "HP" Patches 8-year-old Critical Flaws in its Multi-functional Printers *

Ohio-based DNA Testing Firm "DNA Diagnostics Center" Discloses Data Breach, Impacting 2.1 Million People *

'Sabbath' Ransomware Operators Target Critical Infrastructure in US and Canada *

North Korean Defectors and Journalists Targeted by a New Chinotto Malware *

Threat Actors Utilizing Compromised Google Cloud Instances to Mine Cryptocurrency *

Marine Services Provider "Swire Pacific Offshore" Suffers Ransomware Attack *

Threat Actors Hide New Linux Malware Payload in Cron Jobs to Steal Credit Card Data *

Stealthy Hacker Group "WIRTE" Targeting Governments in the Middle East *

Researchers Warn of Attacks Targeting Recently Patched Apache HTTP Server Vulnerability Exploited in Wild *

Japanese Multinational Conglomerate "Panasonic" Discloses Data Breach Post Network Hack *

Furniture Retail Giant IKEA Email Systems Hit by Ongoing Cyberattack *

Researchers Disclose New Zero-day Vulnerability in Windows 10 Mobile Device Management Service *

APT C-23 Hackers Targeting Target Middle East Users Using New Android Spyware Variant *

Researchers Uncover a New Stealthy JavaScript Malware Dropping Several Windows based RATs *

Iranian Threat Actors Exploiting Microsoft MSHTML RCE Flaw to Steal Google, Instagram Credentials *

Advanced Hacking Group Targeting Biomanufacturing Industries Via New Malware Variant *

Researchers Linked North Korean Attackers to Several Credential Theft Campaigns *

Malicious Python Libraries Steal Discord Tokens and Install Reverse Shells *

PHP Deserialize Bug in CloudLinux Imunity360 May Lead to Remote Code Execution *

"RedCurl," A Corporate Cyber Espionage Threat Group Strikes With New Hacking Tools *

Cisco Patches a High Severity Bug in its Cisco ASA and FTD Firewalls *

MediaTek Chips Bugs Affect 37% of All Smartphones and IoT Globally *

VMware Patches Multiple Vulnerabilities in its vCenter Server and Cloud Foundation *

Over 6 Million Sky Routers Vulnerable to Takeover Attacks for 17 months *

New Android Banking Malware ‘SharkBot’ Hitting Targets in U.S., UK and Italy *

North American Wind Turbine Giant "Vestas" Suffers a Data Breach *

Iran Airlines "Mahan Air" Hit By Cyber Attack *

Threat Actors Actively Exploiting New Windows Installer Zero-day Flaw *

US SEC Alerts Investors About Ongoing Impersonation Attacks *

Utah Medical Center Suffers Data Breach; 582k Patients Info Stolen *

Threat Actors Hacking Vulnerable Microsoft Exchange Servers to Hijack Internal Email Chains *

GoDaddy Suffers Data Breach Affecting 1.2 million Customers *

Android Malware BrazKing Back with New Stealthy Techniques *

Threat Actors Abusing Glitch Cloud Service to Host Short-lived Phishing Websites *

APT Group Exploiting FatPipe VPN Zero-Day Bug Since May 2021 *

Vulnerable eCommerce Sites Allow Hackers to Deploy a New Linux Backdoor *

Attackers Employing Domain Fronting Technique to Evade Malicious Traffic *

Attackers Distributing Emotet Malware in New Spam Campaigns *

Netgear Fixes Pre-Authentication Buffer Overflow Bug which Affects various Products *

New TikTok Phishing Attack Targeting Influencers’ Accounts *

Emotet Botnet Returns Using TrickBot Malware *

Microsoft Released Emergency Updates to Fix Windows Server Authentication Issues *

NPM Patched Private Package Names Leak and Serious Authorization Flaw *

New Release Google Chrome 96 Shatters Twitter and Discord Web Apps *

WordPress Sites are Targeted to Display Fake Ransomware Notes *

High Severity Flaws Discovered in BIOS Firmware Affects Various Intel Processors *

Hackers Actively Targeting Alibaba ECS Instances to Deploy Cryptojacking Malware *

Lazarus Attackers Targeting Security Researchers with Trojanized IDA Pro Application *

Attackers Hacked FBI Email Servers to Distribute Spam Campaign *

American Retail Giant 'Costco' Reveals Data Breach After Identifying Credit Card Skimmer *

A Zero-Day Flaw in the Windows User Profile Service Gets Free Unofficial Patch *

BotenaGo Malware Targeting Millions of Routers and IoT Devices with 33 Exploits *

TrickBot Hackers Abused Microsoft's App Installer in Spam Campaigns *

WP Reset PRO Plugin Enables Attackers to Hijack Websites *

Netflix, Instagram, and Twitter Users are Targeted by New Android Malware *

TeamTNT Cybercrime Group Actively Targeting Vulnerable Docker Servers *

German Medical Software Company Medatixx Hit by Ransomware Attack *

Palo Alto Addresses Multiple Vulnerabilities in PAN-OS *

Clop Ransomware Gang is now Exploiting SolarWinds Serv-U flaw in Attacks *

Zombie-themed Phishing Emails Infecting Users with MirCop Ransomware *

A New Variant of Mekotio Banking Trojan Spotted in the Wild *

Microsoft Patch Tuesday Security Advisory - November 2021 *

Microsoft Warned Admins to Patch Exchange Server Vulnerability *

Cisco Patches Hard Coded Credentials and Default SSH Key Issues in its Catalyst PON Switches *

Researchers Disclose a Critical RCE Vulnerability in Linux Kernel's TIPC Module *

Scammers Harvesting Microsoft O365, Google Logins Via Fake Proofpoint Emails *

Researchers Disclose Two Critical SQL Injection Flaws in Philips Healthcare Informatics Solution *

Prominent Stock Trading Platform "Robinhood" Suffers a Data Breach *

Electronics Giant "MediaMarkt" Hit by Hive Ransomware Attack *

Threat Actors Actively Targeting Patched Sitecore XP RCE Flaw *

Central Depository Services (India) Limited Discloses a Data Breach *

Babuk Ransomware Deployed via Microsoft Exchange ProxyShell Vulnerabilities *

New Android Rooting Malware "AbstractEmu" Takes Over Mobile Phones Via Root Access *

CISA Discloses a Catalog of Known Exploited Vulnerabilities for Multiple Products *

UK Labour Party Discloses a Data Breach Post Ransomware Attack *

Critical Flaw in Cisco Policy Suite's Hardcoded SSH Key Lets Remote Hackers Gain Root Access *

US Defense Contractor Electronic Warfare Associates (EWA) Suffers Data Breach *

Google Patches Actively Exploited Kernel Bugs in its Android November Patch *

Microsoft Suffers Outage, Blocks Access to Onedrive and Sharepoint Files *

Over 30,000 Unpatched GitLab Servers Vulnerable to Already Patched Critical RCE Flaw *

Over 1.6 Million Devices in China Infected by Pink Botnet *

Researchers Uncovered Multiple Critical Flaws in Pentaho Business Analytics Software *

Threat Actors Used Kaspersky's Stolen Amazon SES Token in Office 365 Phishing Campaigns *

Threat Actors Distributing Chaos Ransomware via Fake Minecraft 'alt list' Text Files *

Threat Actors Deploying Snake Infostealer Malware Via Phishing Emails *

Iranian Hackers Breach Israeli Web Hosting Provider"Cyberserve" *

Canadian Province Health Care System Hit by Cyberattack *

Researchers Disclose New Spook Ransomware Built on Prometheus Code Exposing All Victims *

Pirated Sports Streamer Hacked Major American Sports Leagues and Tried to Extort MLB for $150,000 *

Hive Ransomware Group Launches New Variants Capable of Encrypting Linux and FreeBSD Devices *

Israeli Internet Firm Hit By Ransomware Attack Led By Iranian Hackers *

UMass Memorial Health Care Center Suffers Data Breach *

Google Fixes the Flaw Causing Chromebooks Failing to Enroll Devices *

Google Patches Two Zero-Day Bugs in Chrome Browser *

macOS Flaw Allow Hackers to Deploy Rootkits *

WordPress's OptinMonster Plugin Flaw Allow to Hijack Sites *

Threat Actors Targeting YouTubers’ in Phishing Campaigns *

Cybercriminals Delivering Ransomware via Malicious NPM Packages *

Apple Fixed 22 Security Flaws in iOS and iPadOS Devices *

Iranian Gas Station Hit by a Cyberattack *

Hackers Employing a New Squirrelwaffle Malware In Spam Email Campaigns *

Attackers Used a New Yanluowang Ransomware in Targeted Attacks *

Russian Attackers Delivering Malicious Documents in Phishing Campaign *

WordPress Plugin Flaw can Lead to Complete Takeover of Vulnerable Sites *

South Korea's Telecommunications Firm 'KT Corporation' Suffers Nationwide Outage *

CISA Advised to Fix Critical Flaw in Discourse Software *

Attacker Hijacked NPM Library to Compromise Windows and Linux Devices *

macOS Malware Utilizes New Evasion Techniques *

New PurpleFox Backdoor Uses WebSockets for C2 Communication *

SCUF Gaming International Suffers Data Breach: 32,000 Customers Affected *

Attackers Distributing Malware Through Korean Webhard and Torrent Websites *

New Threat Group Targeting South Asian Organizations Using Custom Malware *

Chinese Attackers Exploited Windows Zero-Day Vulnerability in Cyberattacks *

FBI Alerts on Fake Govt Sites Used to Steal Sensitive Information *

Telecommunications Company 'Sinclair Broadcast Group' Hit by Ransomware Attack *

The University of Sunderland Hit by Cyberattack *

Olympus US Systems Hit by Cyberattack *

Ecuador's Largest Bank 'Banco Pichincha' Hit by Cyberattack *

Microsoft Fixed Compatibility Issues in Windows 11 KB5006674 Cumulative Update *

Attackers Using Math Symbols in Phishing Campaigns *

Microsoft Azure's Customer Hit by Largest DDoS Attack *

Microsoft Patch Tuesday Security Advisory - October 2021 *

Apple Fixes a Zero-day Flaw in an Emergency iOS 15.0.2 Update *

Google Fixes Four High-Severity Flaws in its Chrome Browser *

American Pacific City Bank Hit by AvosLocker Ransomware Attack *

Threat Actors Targeting Linux Devices Using New FontOnLake Rootkit *

Ransomware Group FIN12 Aggressively Attacking Healthcare Sectors *

Cox Media Group Discloses a Data Breach Post Ransomware Attack *

Threat Actors Impersonating "QuickBooks" in Ongoing Phishing Campaigns *

Global Brewery Firm BrewDog Exposes 200,000 Customers Sensitive Information *

Researchers Disclose New Android Malware Infecting Android Mobiles *

Telecommunication Firm 'Syniverse' Discloses a Database Breach *

Microsoft Patched Flaw Prevent Security Updates for Azure Virtual Desktops *

Apache Emergency Update Patched Incomplete Fix for Actively Exploited Bug *

Researchers Disclose UEFI Bootkit Exploiting Windows Systems Since 2012 *

Live Streaming Platform 'Twitch' Suffers Massive Data Leak *

APT Group "ChamelGang" Targeting Fuel, Energy, and Aviation Industries *

Researchers Disclose Multiple Critical Flaws in Honeywell Experion PKS and ACE Controllers *

Apache Patches a Zero-Day Vulnerability in its Web Server *

The Telegraph Suffers Massive Data Breach;10 TB Database Leaked *

Researchers Link Disparate Malware Attacks to Chinese Cyber-espionage Group *

Unknown Ransomware Gang Encrypting VMware ESXi Servers Using Python Script *

Industry Publication Giant Sandhills Global Hit by a Ransomware Attack *

Misconfigured Apache Airflow Servers Leak Credentials *

New Atom Silo Ransomware Group Targeting Unpatched Confluence Servers *

An Unpatched Flaw Enables Contactless Payments From Locked iPhones *

Threat Actors Targeting Commerzbank Customers Via New Malware Campaign *

Hackers Steal Cryptocurrency from Coinbase Customers Using MFA Flaw *

Threat Actor Group "GhostEmperor" Backdooring Windows 10 Systems Using a Rootkit *

WhatsApp, Instagram and Facebook Suffers Massive Outage Due to a Configuration Error *

Google Fixes Two Zero-Day Flaws in its Chrome Browser *

Hackers Spreading Flubot Android malware Via Fake Security Updates *

QNAP Patches 3 High-severity Stored Cross-site Scripting (XSS) Flaws Affecting NAS Devices *

MoneyLion Discloses a Data Breach Post Credential Stuffing Attacks *

Neiman Marcus Discloses a Massive Data Breach; 4.3 million Users Affected *

Fake Amnesty International Pegasus Antivirus Affects Windows Systems *

JVCKenwood Hit by CONTI Ransomware Attack *

Threat Actors Hijack Windows Boot Manager With UEFI Bootkit *

Microsoft Warns of Cyber Attacks Targeting Active Directory FS Servers *

Hackers Draining Brazil's PIX Payment System Users' Bank Accounts *

Researchers Linked New Tomiris Backdoor to Hackers Behind SolarWinds Cyberattack *

Giant Trucking Company "Forward Air" Suffers Data Breach *

Microsoft Suffers MFA Outage; Access to Microsoft 365 Services Blocked *

Threat Actors Distributing a New Jupyter Malware Version Via MSI Installers *

Threat Actors Stealing Financial Data from 378 Banking and Wallet Apps Via "ERMAC" Malware *

Multiple Cyberattack Campaigns Abusing Atlassian Confluence RCE Flaw *

Colossus Ransomware Hits Prominent Automobile Company in the USA *

Twitter Web Client Suffers Worldwide Outage *

Threat Actor Targets Indian Government With Commercial RATs Via Operation Armor Piercer Campaign *

QNAP Patches Two Critical Flaws in its QVR Software *

Prominent Communications Provider "Bandwidth.com" Hit By a DDoS Attack *

New Malware 'BloodyStealer' Targeting Popular Gaming Platforms *

Google Fixes High-Severity Zero-Day Flaw in its Chrome Browser *

Researcher Discloses Exploit Codes for 4 iOS Zero-Day Flaws on GitHub *

Microsoft Warns Organizations About a Wide-Scale Phishing-as-a-Service Operation *

Colombian Real Estate Firm "Coninsa Ramon" Suffers Data Breach *

Scammers Targeting US, Canada Users Via New Android Malware *

SonicWall Patches a Critical Vulnerability in its SMA 100 Series Products *

Threat Actors Deploying Web Shells Via Nagios RCE Vulnerabilities *

Researchers Disclose a Remote Code Execution Flaw in AWS WorkSpaces *

Netgear Patches a Remote Code Execution Vulnerability in its Routers *

Threat Actors Employing BitRAT to Target South American Organizations via Spam Campaigns *

Cisco Patches Three Critical Flaws in its IOS XR Software *

Apple Patches a Zero-day Flaw Used to Hack iPhones and Macs *

Threat actor Group "FamousSparrow" Breaching Hotels Worldwide Via ProxyLogon Exploits *

Cyber Criminals Deploying Rootkit Via a New Bug in Microsoft Windows *

Threat Actors Targeting Organizations in Latin America Via a New Banking Trojan *

Threat Actors Employing New Malware Campaigns to Mine Cryptocurrency *

Cring Ransomware Group Actively Exploiting Decade-Old Patched ColdFusion Vulnerabilities *

Microsoft Exchange's Autodiscover Flaw Leaks 100K Windows Credentials *

Russian Threat Actors Deploying TinyTurla Malware as Secondary Stage Backdoor *

VMware Fixed Critical Arbitrary File Upload Vulnerability in its vCenter Server *

Researchers Disclosed a New Zero-Day Vulnerability in macOS Finder *

Republican Governors Association's Server Breached Via Microsoft Exchange Cyberattack *

US Farmer Cooperative Suffered a BlackMatter Ransomware Attack *

Over 1.4 Million COVID-19 Test Results From Multiple Hospitals Exposed in Paris *

Scammers Sending Spam Emails to Promote Elon Musk-themed Cryptocurrency Scam *

VoIP.ms Hit By a DDoS Attack; Multiple Services Impacted *

AMD Patches An Information Disclosure Flaw in its Chipset Driver *

Prominent Integration Service Provider, Travis CI Patches a Critical Security Flaw *

Researchers Uncovered Phishing Campaign "Operation Layover" Targeting Aviation Industry *

Threat Actors Deploying New Malware to Compromise Windows Subsystem for Linux Environment *

Tamil Nadu Public Department Hit by Ransomware Attack *

Netgear Patches Third Critical Bug in its Smart Switches *

Microsoft Patches a Critical Flaw in Open Management Infrastructure Affecting Azure Cloud Services *

Adobe Patches 36 Critical Vulnerabilities in its Products *

Threat Actors Impersonate US Department of Transportation to Steal Microsoft Credentials *

South Africa's Justice Ministry Suffers Ransomware Attack *

Microsoft Warns of Information Leakage Vulnerability in Azure Container Instances *

Cyber Criminals Deploying New Linux Cobalt Strike Beacons in Ongoing Cyber Attacks *

Nitro Software Patches a Remote Code Execution Flaw in its Nitro Pro PDF *

Threat Actors Spreading New ZLoader Malware Through Fake TeamViewer Installer *

Millions of Computers Affected by HP Omen's Privilege Escalation Bug *

Microsoft Patch Tuesday Security Advisory - September 2021 *

Telecommunications Provider "MyRepublic" Suffers Data Breach *

New Android Banking Trojan Dubbed "S.O.V.A" Emerges With Growing Capabilities *

TeamTNT Hacking Group Stealing Credentials Using New Open-Source Tools *

Apple Patches Zero-click iPhone Exploit Deploying Pegasus Spyware *

Google Patches 2 Zero-day Flaws in its Chrome Browser *

“FudCo” Spam Empire Linked to Pakistan-based Software Firm *

Howard University Suffers Ransomware Attack Leading to Network Shutdown *

Threat Actors Targeting Kurdish Ethnic Group Via Mobile Spyware Attacks *

New Windows 0-Day Attack Targeting Users Via Weaponized Office Documents *

Meris Botnet Launches a 22 Million RPS DDoS Attack *

Cisco Patches Multiple High-Severity Flaws in its IOS XR Software *

Threat Actors Leaked 500,000 Fortinet VPN Credentials On Hacking Forum *

Zoho Patches Critical Vulnerability in its ManageEngine ADSelfService Plus Solution *

Critical Flaw in HAProxy Result in HTTP Request Smuggling Attack *

FIN7 Group Deploying Backdoor Via Windows 11 Alpha-themed Word Documents *

Ribbonsoft’s dxflib Library Flaw Allow Attackers to Remotely Execute Commands *

New Malware Family Leverages CLFS Log Files to Evade Detection *

Threat Actors Hacked Jenkins Project's Confluence Server to Install Monero Miners *

NPM, Package Manager Patches a Critical Bug in the Package Pac-Resolver *

Microsoft Links SolarWinds Serv-U SSH Zero-Day Attack to Chinese Hackers *

Netgear Patches High Severity Bugs in its Smart Switches *

Threat Actors Exploiting Confluence Bug to Install Cryptocurrency Miners *

Billions of Bluetooth Devices From Multiple Vendors Remain Highly Vulnerable to BrakTooth Flaws *

Dallas Public School Suffers Data Breach *

Canada Immigration Accepts Additional 7,300 Applications in TR to PR Program Due to a Technical Bug *

Cisco Patches Critical Authentication Bypass Flaw in NFV Infrastructure Software (NFVIS) *

Over 60,000 Parked Domains Were Vulnerable to Domain Hijacking Attacks *

Autodesk Targeted By SolarWinds Hackers Via Sunburst Backdoor *

LockFile Ransomware Bypassing Protection Via Intermittent File Encryption *

Microsoft Exchange ProxyToken Flaw Allow Attackers to Access User Email Messages *

Multiple Vulnerabilities Identified in Fortress S03 Wi-Fi Home Security Systems *

Threat Actors Selling a GPU Based Malware Via Hacker Forums *

Annke Patches a Stack-based Buffer Overflow Flaw in its Video Surveillance Product *

Synology Discloses Open SSL Vulnerabilities Impacting its NAS Devices *

Attackers Abusing Proxyware Applications to Monetize Malware Campaigns *

QNAP Discloses OpenSSL Flaws Impacting its NAS Devices *

New York Credit Union Discloses An Insider Threat; 21GB of Sensitive Data Destroyed *

Google App Bug Restrict Users To Make & Receive Calls *

Attackers Distributing Phishing Mails Using Open Redirect Links *

Researchers Warn Users About Four Emerging Ransomware Groups *

FIN8 Threat Group Targeting Financial Institutions Using Sardonic Backdoor *

U.S. Based Computer Retail Company Targeted by New SideWalk Backdoor *

Critical F5 BIG-IP Vulnerability Affects Customers in Sensitive Sectors *

VMware Fixes Four High Severity Flaws in vRealize Operations Manager API *

Microsoft Power App Leaks 38 Million Sensitive Data Records Via Misconfigured Tables *

Threat Actors Actively Exploiting 15 Vulnerabilities to Hack Linux Systems *

Microsoft Warns Customers of Azure Critical Cosmos DB Vulnerability *

Cisco Patched a Critical Flaw in its APIC Software *

Boston Public Library Suffers System Wide Outage *

Cyber Criminals Deploying BazaLoader Malware via Fake DDoS Notifications *

Emsisoft Releases Free Decryptor for SynAck Ransomware Victims *

Compromised WhatsApp Mod Distributing Malicious Payloads Via Supply Chain Attack *

Threat Actors Discreetly Marketing ShadowPad Malware Among Chinese Espionage Groups *

NSO Group Deploying Pegasus Spyware Via New Zero-click iPhone Exploit *

OpenSSL Vulnerabilities May Be Exploited For Multiple Cyber Attacks *

ACROS Security Releases a Micro Patch to Address PetitPotam Flaw *

Mozi, an IoT Botnet Targets Network Gateways and IoT Devices *

Threat Actors Actively Exploiting Newly Disclosed Realtek SDK Vulnerabilities in the Wild *

AT&T Denies Data Breach Post Attacker Auctions 70 Million User Database *

Google Discloses Information of Unpatched Windows AppContainer Vulnerability *

Cloudflare Thwarts the Largest DDOS Attack Ever Recorded *

Microsoft Exchange Servers Under Attack By New LockFile Ransomware *

SAC Wireless, A Nokia Subsidiary Discloses Data Breach Post Conti Ransomware Attack *

Phishing Campaign Used a XSS Flaw in UPS Website to Distribute Malware *

Vulnerable Microsoft Exchange Servers Under Attack Via ProxyShell Vulnerabilities *

Attackers Hacked US Census Bureau Servers Using Citrix Vulnerability *

Critical Vulnerability Discovered in the Universal Plug-and-Play (UPnP) Service of Multiple Cisco Routers *

BadAlloc Flaw Affects BlackBerry's QNX Real-Time Operating System (RTOS) *

Chase Bank Suffers Data Leak Via Technical Glitch *

Data Exfiltration Attacks Can Bypass Cisco Safety Products *

Ransomware Attacks Hit Maine's Rural Sewage Treatment Plants *

Memorial Health System, Florida Suffers Ransomware Attack *

Attackers Targeting Multiple Users in Mexico via Neurevt Trojan *

Adobe Patches Critical Photoshop Security Flaws *

Critical Flaw in ThroughTek's Point-to-Point (P2P) SDKs Impacting Million IoT Devices *

Fortinet Delays Patching a Zero-day Bug in its Web Application Firewall (WAF) *

Multiple Realtek Related Flaws Affecting its Wi-Fi SDKs; Impacting Nearly a Million IoT Devices *

Tokio Marine's Singapore Branch Suffers Ransomware Attack *

Threat Actors Selling Ficker Info Stealer Malware as a Malware-as-a-Service (MaaS) *

Iranian Government-linked Hacker Groups Conducting Cyber Espionage Activities in Israel *

Attackers Use 'CAPTCHA' Images to Trick Users into Bypassing Browser Warnings *

Brazilian National Treasury Suffers Ransomware Attack *

Threat Actors may use Middleboxes Related Flaws for TCP Reflected Amplification *

Threat Actors Distributing WarzoneRAT via Compromised WordPress Sites *

TA505 Threat Group Installing ServHelper RAT Using New Techniques *

Multiple STARTTLS Related Bugs Found in Popular Email Clients *

Trend Micro Addresses Wild Zero-Day Vulnerabilities *

T-Mobile Suffers Massive Data Breach; 100 Million Customers Data Stolen *

The Infamous AlphaBay Darknet Market Has Reopened for Business *

Microsoft Spotted Hackers Using Morse Code in Phishing Campaigns to Evade Detection *

Threat Actors Employing CAPTCHA Protected Phishing Campaigns *

Scammers Impersonating FINRA in an Ongoing Phishing Campaign *

Multiple Flaws in Wodify Fitness Platform Allow Hackers to Take Control *

New AdLoad Malware Variant Escapes through Apple's XProtect Defence *

Ford Flaw Exposed Sensitive Information from Internal Systems *

Attackers Can Now Spy On DNS Traffic via Bugs in Managed DNS Services *

Intel Releases Patches for High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers *

Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising *

One Million Stolen Credit Cards Data Leaked on Carding Marketplace *

Gigabyte Suffers RansomEXX Ransomware Attack *

Microsoft Confirms another Zero-Day Bug in Windows Print Spooler *

Accenture Hit by LockBit Ransomware Attack *

Attackers Stole Cryptocurrency worth of $600 Million *

Researchers Revealed eCh0raix Ransomware Targeting Both NAP and Synology NAS Devices *

Microsoft Patch Tuesday Security Advisory - August 2021 *

Adobe Patched Several Critical Vulnerabilities in its Products *

Russian Federal Executive Authorities Targeted by Chinese Threat Actors *

Chinese Threat Actors Targeting Prominent Southeast Asian Telecom Firms *

Joplin City Suffers from Ransomware Attack *

FatalRAT Trojan Exploiting Telegram *

New FlyTrap Malware Compromises Thousands of Facebook Accounts *

New Chinese Spyware Used in Widespread of Cyber Espionage Attacks *

VMware Patches Security Vulnerabilities in Workspace ONE Access and Identity Manager *

INFRA:HALT Flaws Affect Embedded TCP/IP Stack Widely Used in OT Devices *

Cisco: Firewall Manager RCE Flaw is a Zero-day, Patch Incoming *

Go & Rust Languages Affected by Critical IP Address Validation Flaw in "net" Library *

New York City Public School's Info Leaked; Officials Confirm *

Threat Actors are Actively Exploiting Vulnerable Home Routers *

Solarmarker Malware Targeting Healthcare and Education Sectors *

Attacker Scanning Microsoft Exchange Servers for ProxyShell Vulnerability *

New APT Threat Group Targeting Microsoft IIS Servers *

Google Fixed Several High-Severity Security Flaws in Android OS *

Linux Variant of BlackMatter Ransomware Encrypting VMware ESXi Machines *

New Android Malware Vultur Abuses Accessibility Services *

Energy Group ERG Reports Minor Interruptions Post Ransomware Attack *

Google Patches Several Chrome Vulnerabilities *

New Cobalt Strike DoS Vulnerability Allows Takedown of Attackers’ Servers *

Advanced Technology Ventures Discloses a Data Breach Attack *

Cisco Patches Pre-Auth Security Flaws in its VPN Routers *

Romania Cryptojacking Attackers Targeting Linux Devices *

Multiple TransLogic Firmware Vulnerabilities Discovered; Major Impact on North America Hospitals *

Italy's Lazio Region Suffers Ransomware Attack *

New Meteor Malware Used in Iranian Railway Attack *

Multiple Vulnerabilities Patched in WordPress Download Manager *

Node.js Patched Severe HTTP Vulnerability *

Russians Attackers Compromised Federal Prosecutors Email Accounts *

New Vulnerabilities could let Attackers to Compromise Zimbra Server via Email *

Researchers Discovered New Haron Ransomware Gang *

A New .Stolen Ransomware Deleting Disc Shadow Copies Post Encrypting Disc Drives *

LockBit 2.0 Ransomware Uses Group Policies to Encrypt Windows Domains *

Attackers Compromised Chipotle’s Marketing Account to Deliver Phishing Emails *

Multiple Flaws Discovered in 3 Open-Source Software *

DarkSide Ransomware Gang Returns as New BlackMatter Ransomware *

Attackers Installing PlugX Malware Variant on Compromised MS Exchange Servers *

Northern Ireland Suspends COVID Certificate Service Post Data Breach *

Attackers Posed as Aerobics Instructors to Target Employees *

APT Attackers Distributed Android Trojan via Syrian E-Government Portal *

UC San Diego Health Suffers Data Breach Post Phishing Attack *

Oracle Fixes Critical Flaws in its Products *

LemonDuck Malware Targeting Windows and Linux Systems *

Signal Patches a Critical Flaw in its Android Versions *

Apple Patches a Zero-day Flaw Exploited in the Wild *

XCSSET MacOS Malware Targets Telegram Accounts and Google Chrome Data *

Researchers Disclose 3 Zero-day Flaws in Kaseya Unitrends Backup Solution *

Kaseya Gets Universal Decryptor Tool to Help Victims *

Critical Security Flaws Reported in Etherpad *

Law Firm Campbell Conroy & O'Neil Suffered Ransomware Attack *

Malicious NPM Package Steals Chrome Passwords on Windows via Recovery Tool *

Federal Agencies Say China Breached Dozens of Pipeline Companies between 2011 and 2013 *

Akamai Suffers DNS Outage; Prominent Websites and Online Services Across the Globe Impacted *

Dell Patches 3 Critical Vulnerabilities in OpenManage Enterprise Service *

Atlassian Patches Critical Vulnerability in its Jira Data Center and Jira Service Management Data Center Products *

Ecuador's State-run CNT Telco Suffers Ransomware Attack *

Juniper Fixed Multiple Flaws in its Products *

Attackers Distributing Remcos RAT via Visual Basic *

Microsoft Seizes Homoglyph Domains used in BEC Campaign *

Saudi Aramco Suffers Data Breach; 1 TB Stolen Data for Sale *

16-Year-Old Bug Impacts Millions of HP, Samsung, Xerox Printers *

Bug discovered in Fortinet lets Attackers to run Code as Root *

WIFIDemon Leading to Remote Code Execution Attacks on iOS Devices *

Magecart Attackers Using Unique Techniques to Avoid Detection *

Cisco Patches High Severity Flaw in its ASA & FTD Software Versions *

Pegasus Spyware Infecting Prominent Personnel's Mobile Devices Across the Globe *

WildPressure APT Targeting Windows and macOS Systems via New Malware Variant *

Google Patches Zero-Day Vulnerability in its Chrome Browser *

D-Link Fixes Multiple Security Bugs in its DIR-3040 Router Version v1.13B03 *

Scammers Target Comparis Group Users Post Ransomware Attack *

Multiple Vulnerabilities in NuGet Packages Affect .NET Platform *

Microsoft Patched Windows Hello Authentication Bypass Vulnerability *

Recent ZLoader Malware Attacks Adopt New Macro-Related Delivery Method *

Sage X3 Patched Multiple Security Flaws in its Enterprise Resource Planning (ERP) Product *

Attackers Spreading BazarBackdoor Malware via Nested RAR and ZIP Archives *

SonicWall Warns of Imminent Ransomware Attacks Targeting SMA 100 & SRA VPN Appliances *

VMware Fixed Flaws In ESXi and ThinApp Applications *

Chinese Hackers Utilizing SolarWinds Zero-Day to Target US Defense Companies *

New BIOPASS RAT Live Stream Victim's Computer Screen *

Kaspersky Password Manager Generated Passwords used in Brute Force Attacks *

Adobe Patch Tuesday Security Advisory - July 2021 *

Microsoft Patch Tuesday Security Advisory - July 2021 *

Kaseya Fixed Multiple VSA Bugs Exploited in REvil Ransomware Attack *

Flaws in Cisco BPA and WSA could lead to Privilege Escalation Attacks *

Mitsubishi Electric Fixed Bugs in Air Conditioner Control Systems *

Fashion Retailer Guess Suffers Data Breach Post Ransomware Attack *

SolarWinds Patches a Zero-day Flaw Exploited in the Wild *

Insurance Firm CNA Suffers Data Breach After Ransomware Attack *

Mint Mobile Suffers Data Breach; Hackers Port Victims Phone Numbers *

Morgan Stanley Reports Data Breach After Vendor Reports Accellion Hack *

Nobelium Hacking Group Reportedly Accessed Microsoft's Customers Support Tools *

Crypto Mining Scams Targeting Victims via Fraudulent Android Apps *

Malspam Campaign Deploying Cobalt Strike Payloads Posing as Kaseya VSA Security Update *

Microsoft Addresses Critical Edge Bug Leading to UXSS Attacks *

CISA Discloses 15 Vulnerabilities Affecting Philips Vue Healthcare Products *

Pro-Trump Social Media Site "GETTR" Suffers Data Breach *

QNAP Patches Critical Flaw in NAS Backup and Disaster Recovery Solution *

Insurance Giant AJG Reports Data Breach post a Ransomware Attack *

Threat Actor Group Wizard Spider Linked to a New Ransomware 'Diavol' *

NETGEAR Patches 3 Critical Bugs in DGN-2200v1 Series Routers *

Microsoft Urges Azure Users to Update their PowerShell Tool *

Threat Actors Hacked Mongolian Certificate Authority to Deploy Backdoors *

Threat Actors Targeting Unpatched Cisco ASA Devices Aggressively Post the PoC Release *

Kaseya Suffers Massive Ransomware Attack; Hundreds of Companies around the Globe Affected *

Retail Giant Coop Shuts Down 500 Stores Post Kaseya Ransomware Attack *

Microsoft Releases Emergency Patch for Windows Zero-day PrintNightmare Vulnerability *

Attackers Target Microsoft's Halo Development Servers via Dependency Hijacking *

Law Enforcement Officials Seize DoubleVPN Service's Servers *

WD Storage Devices Vulnerable to Ongoing Cyber-Attacks *

LinkedIn Suffers Data Breach, 700 Million Users Data Exposed *

DarkRadiation Ransomware Gang Targeting Linux & Docker Instances *

Threat Actors using WIM Files to Bypass Security Solutions via Phishing Emails *

Microsoft Signs a Rootkit Malware Disguised as Windows Driver *

Unpatched Flaws in PlingStore Apps may Lead to Supply-Chain Attacks *

Scammers Impersonating FINRA Support in a New Phishing Campaign *

Fortinet Patches 2 Vulnerabilities in its Web Application Firewall (WAF) *

High Severity Flaws Found in Vulnerable NVIDIA Jetson Chipsets *

Spam Campaign Hides "handwritten" Links in Tinder Profile Images *

Pakistan Hackers are Targeting Indian Power Company with ReverseRat *

Mercedes-Benz Suffers Data Breach *

Multiple Bugs in Dell SupportAssist; Impacts 30 Million PCs *

Researchers Discovered Security Vulnerability in 2G Mobile Data Encryption Standard *

Conti Ransomware Gang Leaked Tulsa City's Police Citation Documents *

Covid-19 tracking app ‘MassNotify’ Auto-installed on Massachusetts Android Phones *

VMware Fixed Critical Vulnerability in Carbon Black App Control *

A Partially Fixed Bug in SonicWall Affecting 800K Firewalls *

Vulnerabilities in Open Design Alliance's SDK Impacting Multiple Vendors *

Nuclear Research Agency of South Korea was Hacked Using VPN Flaw *

Multiple Vulnerabilities Discovered in Schneider PowerLogic Devices *

Zephyr RTOS Patched Multiple Bugs in its Bluetooth LE Stack *

Healthcare Giant Grupo Fleury Suffers Ransomware Attack *

Palo Alto Networks Fixed Critical Vulnerability in Cortex XSOAR *

Microsoft Patched High-Pitched Noise Bug in Windows 10 *

Threat Actors are Sending Fake Extortion Emails by Impersonating DarkSide Gang *

Supermarket Chain Wegmans Suffers Data Breach *

Andariel Hacking Group Targeted South Korean Industries with New Malware Campaign *

Poland Officials Targeted in Russian Cyber Attacks *

Russian Consumer Watchdog Bans VyprVPN & Opera VPN Services *

Gelsemium Hackers Target NoxPlayer with Supply Chain Attack *

Reproductive Biology Associates Clinic Suffers Ransomware Attack *

Critical Flaw in ThroughTek Allows Millions of Cameras to Spy *

Newly Discovered iPhone Bug can Disable iPhone's Wi-Fi Functionality *

Researchers Warn of SolarMarker Malware Deployed via SEO Poisoning *

Attackers Bypass Office 365 MFA in BEC Attacks *

Attackers can Access Victim Information via Vulnerability found in Microsoft Power Apps *

Instagram Bug Allows Attacker to View Private Accounts Details of the User *

Propane Service Provider AmeriGas Discloses Data Breach *

Cake Box Suffers Data Breach; Credit Card Numbers of Customers Exposed *

Clop Ransomware Gang Suspects are Arrested in Ukraine *

Google Patched Zero-Day Bug in Chrome Web Browser *

Scammers are Sending Fake Ledger Devices to Steal Cryptocurrency *

Thousands of VMWare vCenter Servers are Still Vulnerable to Remote Code Execution Attacks *

Apple has Fixed 2 Zero-Day Flaws in iOS Devices *

Hackers can Spy on Samsung Mobile Users using Pre-installed Applications *

Interpol Removed Multiple Fake Online Pharmaceutical Websites *

Spain's Ministry of Labor and Social Economy Suffers Cyberattack *

Avaddon Ransomware Group Shuts Down *

Food Supply Giant Edward Don Shuts Down Temporarily Due to Ransomware Attack *

7-Year-Old Privilege Escalation Polkit Flaw Affecting Linux Devices *

McDonald's Discloses Data Breach; Customers and Employee Information Exposed *

Audi and Volkswagen Suffers Data Breach; 3.3 Million Customers Affected *

Food Giant JBS Pays $11 million to REvil Ransomware Group *

Famous Video Game Company Electronic Arts Suffers Data Breach *

WAGO Controller Flaws Could Lead to Industrial Process Disruptions *

Stolen Login Credential Marketplace Slilpp is Seized by Law Enforcement *

Fastly CDN Outage Impacted Multiple Websites *

Latest Necro Python Malware has New Exploits and Crypto Mining Capabilities *

Phishing Campaign Targets U.S. Financial Industry Regulatory Authority (FINRA) *

Memory & Storage Manufacturing Giant ADATA Suffers Ransomware Attack *

Microsoft Patched Vulnerability In MSGraph Component *

PuzzleMaker Threat Actors Targeting Windows 10 Systems using Chrome Zero-days *

STUN Servers Abused for DDoS Attacks *

New Siloscape Malware Targets Windows Containers to Access Vulnerable Kubernetes Clusters *

Attackers are Actively Targeting Vulnerable VMware vCenter Servers *

Google Fixed Multiple Critical Bugs In Latest Android Security Updates *

Adobe Patches 41 Vulnerabilities in 10 Products *

Intel Fixes 73 Security Vulnerabilities *

Microsoft Patch Tuesday Security Advisory - June 2021 *

EvilCorp Cybercrime Gang Mimics PayloadBIN to Evade US Sanctions *

US Truck Manufacturer Navistar Discloses Data Breach *

Cisco Patches High-Risk Security Flaws in its Multiple Products *

Open Source Application "Have I Been Pwned" Used to Expose Stolen Credentials *

Nantucket Steamship Authority Suffers Ransomware Attack *

Researchers Disclosed Critical Bug In Realtek Wi-Fi Module *

Threat Actors Deploying SkinnyBoy Malware using Malicious MS Word Documents *

Threat Actors Bypassing Ransomware Defense in Antivirus Solutions via Whitelisted Applications *

Huawei Fixed Privilege Escalation Bug in its USB LTE Dongle *

FUJIFILM Suffers Ransomware Attack *

North Korean Hacking Operation Targeting South Korea Government Units *

Multiple Products from Cisco, Akamai & Linux affected by Vulnerability in Lasso Library *

Multiple Vulnerabilities Reported in Industrial Switches from Several Vendors *

Swedish Health Agency Shuts Down SmiNet's Database after Multiple Intrusion Attempts *

Attackers Exploiting Critical Zero-day Flaw in WordPress Plugin *

Researchers Disclosed Two New Attack Techniques which Modifies Certified PDF Document Content *

New Phishing Campaign Targeting Walmart Users Discovered *

Two Domains Used In Nobelium Phishing Campaign Seized *

Food Giant JBS Shuts down Temporarily due to Cyberattack *

BazaLoader Campaign Spreading Phishing Emails to Compromise Users Windows System *

FBI Reports Attackers are Exploiting Unpatched Fortinet Devices *

Researchers Warn of Facefish Backdoor Infecting Linux Devices *

New VSCode Extensions Bugs may Lead To Supply Chain Attacks *

Siemens Patches a High-severity Memory Protection Bypass in its PLCs *

Canada Post Reports Data Breach Post Supplier Ransomware Attack *

Threat Actors Distributing Trojanized AnyDesk Installer via Malvertising Campaign *

SolarWinds Hackers Deploying New 'NativeZone' Backdoor via a New Supply Chain Attack *

Klarna Mobile Application's Technical Bug Leaking Users Data *

New Epsilon Red Ransomware Abusing Unpatched Microsoft Exchange Servers *

Threat Actors Actively Exploiting a Command Injection Flaw in SonicWall's NSM On-Premises Products *

TPG Shutdown the Legacy TrustedCloud Service Post Data Breach *

Threat Actors Deploying Data Wiper Malware Disguised as Ransomware *

Checkbox Survey Patches Arbitrary Code Execution Flaw Being Exploited in the Wild *

Attackers Impersonating Devices via Newly Disclosed Bluetooth Bugs *

HPE Patches Critical Zero-day Flaw in Systems Insight Manager (SIM) *

Office 365 Bug Sending Exchange Online, Outlook Emails to Junk Folder *

Malware Attack Knocks out Siegfried Group’s Network *

Multiple Japanese Agencies Suffer Data Breaches in a Supply Chain Attack *

Hackers Sent Racist Registration Emails Pretending to be from Walmart *

Zeppelin Ransomware Back in Operation with an Updated Malware *

Apple Patches a Zero-day Flaw in TCC Framework *

Japan’s Omiai Dating App Data Breach; Over 2 Million Users Data Exposed *

VMware Patches Critical Remote Code Execution Flaw in vCenter *

CryptoCore Campaign Hacking Cryptocurrency Exchanges Globally *

Scheme Flooding Vulnerability Enables Hackers in Identifying Users *

Florida Water Treatment Plant Suffered a Cyber Incident Prior to the Poisoning Attack *

Ivanti Addresses a High-Severity Vulnerability in Pulse Connect Secure VPN *

Electronic Giant Bose Reports Data Breach Post Ransomware Attack *

Trend Micro Patches 3 Vulnerabilities in Home Network Security Devices *

Threat Actor Behind Infamous UPMC Breach Gets Verdict; Faces 7 Years in Prison *

Apple Patches 3 Zero-days Affecting macOS & tvOS Devices *

Microsoft Releases a Simulated Tool for Attack Scenarios *

23 Misconfigured Android Applications Leaking Users Personal Data *

Google Fixes Chrome Browser Crash on Windows 10 and Linux Platforms *

Google Patches Heap-based Buffer Overflow Vulnerability in Chrome *

CNA Financial Paid $40 Million Ransom to Evil Corporation *

FBI Warns Organizations about Conti Ransomware *

E-commerce Giant Mercari Suffers Massive Data Breach in Codecov Incident *

QNAP Warns Organizations about Qlocker Ransomware Impacting Vulnerable HBS Devices *

Stolen Dominos India Data Up for Sale on Dark Web *

Air India Hacked; 4.5 Million Passengers Information Leaked *

Android Releases Patches for 4 New Zero-day Vulnerabilities *

New Malware Campaign Delivers Fake Ransomware *

Slack Messaging Application Suffers Massive Outage *

Over 600,000 WordPress Sites Impacted by a Vulnerability in WP Statistics Plugin *

Magecart Hackers Deploying PHP-based Backdoor via Website Favicons *

New Banking Trojan Bizzaro Targeting European and South American Banks *

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks *

FBI Warns of a Spear Phishing Campaign Delivering Advanced Malware *

Student Insurance Provider Guard[.]me Suffers a Data Breach *

Insurance Giant AXA Hit by Ransomware Attack *

Threat Actors Deploying Lizar Malware under the Disguise of Ethical Hacking Tool *

APT36 Group Mimicking Legitimate Indian Military and Defense Organizations *

Monday[.]com Source Code Accessed by Codecov Hackers *

Toshiba's Subsidiary Unit Struck by DarkSide Ransomware Group *

Cisco Patches a Zero-day Bug in Cisco AnyConnect Client *

Rapid7 Source Code Accessed in Codecov Supply-chain Attack *

AMD Patches Two Flaws Bypassing AMD's SEV Protection System *

Snip3 Crypter Service Deploying Multiple RAT Variants *

Hackers Delivering Malware via Microsoft Build Engine Files *

Citrix Patches Vulnerability in Workspace Application for Windows *

New Cryptocurrency Phishing Scam Stealing Recovery Phrases via Twitter *

Colonial’s Pipeline Hack; $5 Million Ransom Paid *

QNAP warns of Zero-day Bug in Roon Servers *

Herff Jones Suffers Data Breach *

New Lorenz Ransomware Affecting Multiple Organizations Globally *

Brenntag Hack; $4.4 Million Ransom Paid *

DarkSide Ransomware Servers Seized Post-Colonial Pipeline Attack *

Lemon Duck Cryptominer Strikes Again *

Ireland’s Health Services Reports Ransomware Attack; $20 million Ransom Demanded *

Threat Actor Leaks Stolen Data Post D.C. Police Columbia Hack *

FBI and ACSC Warns of Avaddon Ransomware Attacks *

VideoLan Patches Auto-updater Bug in VLC Media Player *

Ransomware Attack on the City of Tulsa, USA *

All Wi-Fi Devices are Vulnerable to FragAttacks *

A New Qualcomm Vulnerability Impacting Android-based Mobile Devices *

Over 25% of Tor Exit Relays Spied on Users Dark Web Activities *

Google Patches 19 Bugs in Chrome 90.0.4430.212 *

Twitter's New Feature Tip Jar Exposing Sensitive Information *

Cuba Ransomware Partners With Hancitor for Spam-Fueled Attacks *

Law Firm Jones Day Hit by Data Breach *

Attackers are Exploiting Authoritative DNS Servers via TsuNAME DNS Bug *

NatWest Bank Scheduled Payments Bug May Cost Customers Money *

Russian Hackers Are Allegedly Exploiting 12 Vulnerabilities in the Wild *

New Stealthy Rootkit Targeting High-Profile Organizations *

Twilio & HashiCorp Reports Cyber Attacks Post Codecov Supply Chain Hack *

UNC2529 Threat Group Delivers Three New Malware Strains via Phishing Emails *

Six Unpatched Critical Flaws Detected in Remote Mouse Application *

Foxit Patches Remote Code Execution (RCE) Vulnerability in Foxit Reader *

Colonial Pipeline Suffers from Alleged Ransomware Attack *

Microsoft Edge Crashes while Playing YouTube *

Scammers Impersonate "SNL in Elon Musk" Show in a Cryptocurrency Scam *

VMware Patches Critical Flaw in vRealize Business for Cloud Virtual Appliance *

HP Enterprise Fixes Critical Bug In Edge Platform Tool *

New Windows Malware 'Pingback' Using ICMP for C2 Operations *

N3TW0RM Ransomware Targeting Israel-based Companies *

Alaska Court System Went Offline Amid Cyber Attack *

Critical 21Nails Exim bugs Affecting Vulnerable Linux Servers *

Network Solution and Register.com Reports DNS Outage *

Tesla Car Hacked Remotely using Drones *

Dell Fixes a 12-year-old Bug in DBUtil BIOS Driver *

Insight Global's Insider Threat Leaks COVID-19 Information *

Complexcodes is Selling Subscription based Commodity Malware "WeSteal" *

Chinese Attackers Hacked Russia's Largest Nuclear Submarine Designer *

A New Malspam Campaign Distributing Rust-based Buer Malware Variant *

Intel and AMD Chips are Vulnerable to Spectre Side-Channel Attacks *

Pulse Secure Addresses VPN Zero-Day Vulnerability *

LuckyMouse Targets Multiple Organizations via Sys-update Toolkit *

Critical IP Address Validation Vulnerability found in Python *

Mount Locker Ransomware Uses New Tricks to Evade Detection *

ISC Patches Several BIND Vulnerabilities in DNS Servers *

Researchers Expose a New Iranian State-Sponsored Ransomware Campaign *

SolarMarket RAT Uses Google SEO Tactics to Lure Victims *

First Horizon Bank Hacked; $1 Million Stolen *

2 iOS Zero-day Vulnerabilities fixed by Apple *

Chinese Hackers Attacking Military Organizations in South-East Asia *

Stealthy Backdoor Infecting Linux Systems *

FBI Shares 4 Million Emotet Botnet Stolen Email Addresses *

PHP Composer Bug Ends Up in a Widespread Supply-Chain Attacks *

Hotbit Cryptocurrency Exchange Down Post Cyberattack *

ParkMobile Stolen Customers Data Exposed Online *

Whistler Resort Municipality Suffers Ransomware Attack *

Microsoft Uncovered Critical Code Execution Bugs In IoT, OT Devices *

DigitalOcean Data Breach Exposes Customer Billing Information *

Brazil's Rio Grande Do Sul Court System Suffers Ransomware Attack *

Attackers are exploiting SonicWall Zero-day for Ransomware Attacks *

F5 Discloses KDC Spoofing Vulnerability in BIG-IP Consoles *

UnitingCare, Queensland Systems Taken Down *

UK Rail Network Merseyrail Hit by Lockbit Ransomware *

Google Patches Critical RCE Vulnerability in Chrome *

MangaDex Stolen Database Leaked Online *

NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability *

Guilderland Central Schools Hit With Malware Attack *

Apple iCloud Mail Server Outage *

Fake Microsoft DirectX 12 Deploying Crypto-Stealing Malware *

D.C. Police Columbia Hacked; Ransom Demanded *

Oilfield Services Giant Gyrodata Discloses Data Breach *

Microsoft Teams Suffers Outage *

Attackers Spreading FluBot Malware via Android Devices *

Prometei Botnet Operators Exploiting Obscure Microsoft Exchange Servers *

New Cryptomining Malware Turning Vulnerable Windows, Linux Devices into Bots *

Hacker Leaks 20 million BigBasket's Data for Free *

Critical RCE Bug Reported in Homebrew Package Manager *

Hackers Exploiting PulseSecure to Deploy SUPERNOVA Malware *

Qlocker Malware Encrypting QNAP Devices Using 7zip *

Twitter Mistakenly Sends Spam Emails *

ToxicEye Trojan Abusing Telegram to Steal Data *

PasswordState is Latest Victim of Supply Chain Attack *

WhatsApp Pink Malware Auto Replies to Skype, Signal and other Messengers *

Exchange Online Down; Microsoft 365 Outage Affects Email Delivery *

Pareto Android Botnet Attacks Smart TV Ads *

1.3 Million Windows RDP Servers Login Credentials found in Hacker Forum *

Multiple Vulnerabilities in Google Chrome Patched *

Microsoft Partially Fixes Windows 7 and Server 2008 R2 Vulnerability *

Attackers Infecting Google Play Store via Fake Applications *

Eversource Energy Reported Data Breach *

Attackers Actively Exploiting 4 Pulse Secure Vulnerabilities *

Attackers Target Multiple Networks in a Supply Chain Attack Post Codecov's Data Breach *

Revil Gang Attempted to Extort Apple via Alleged Quanta Hack *

Zero-day Vulnerabilities Patched in SonicWall Email Security *

Remote Code Execution Vulnerabilities Discovered in Cosori Smart Air Fryer *

Malvertising Campaign "Tag Barnakle" Compromised 120 Ad Servers *

Attackers Hacking Android Devices Remotely via WhatsApp Flaws *

Lazarus APT Using BMP Images to Distribute Trojan *

Geico Suffers Data Breach; Policyholders' Driver's License Numbers Stolen *

Researchers Found Campaign Mimicking Microsoft Store, Spotify Sites, and Chess Application *

WordPress Patches XXE Flaw in PHP 8 *

Domino's India Database Hacked; 10 Lakh Credit Card Details Leaked *

Critical Remote Code Execution Vulnerability in Juniper Devices Discovered *

Attackers Exploiting Critical Flaw in Facebook's Live Videos Feature *

Multiple Vulnerabilities Reported in EtherNet/IP Stack for Industrial Systems *

Malware Spreading via Xcode Projects; Infecting Apple's M1-based Macs *

Attackers Stealing Credentials via Operation "Overtrap" *

Fortinet Discloses a New FormBook Variant *

Hackers Gained Access via Vulnerable VPN Device in Capcom Ransomware Attack *

Critical Zero-day Vulnerability Found in Desktop Window Manager (DWM) *

Swinburne University, Australia Suffers Data Breach *

Twitter Suffering Worldwide Outage *

Google Released Chrome 90 *

Cyberattack on The University of Hertfordshire, UK *

Tata Communications Data Breached via Route Mobile *

Over 100 Million Devices Vulnerable to DNS Vulnerabilities *

Attackers Tampering Popular App Stores to Distribute Malicious Apps *

Researchers Disclosing Second Chrome Zero-day Exploit *

SAP Fixes Critical Flaws in SAP Commerce, NetWeaver & Business Client *

Spying Android RAT "BRATA" Strikes Back *

New Phishing Campaign Delivering Fake Antivirus Billing Notices *

Malware hidden in Fake Browserify NPM package *

Adobe Fixes 10 Vulnerabilities in Multiple Products *

QBot Operators Using QBot & IcedID Malware as Final Payload *

Malicious Facebook Ads Dropping Malware on Systems *

Bakker Logistiek Suffers Ransomware Attack *

Microsoft Office 365 Phishing Campaign Evades Detection with Malicious Javascript Code *

10 Malicious Applications in App Gallery Infected with Joker Malware *

Microsoft Patch Tuesday Security Advisory - April 2021 *

New Malware "Saint Bot" Snatching User Passwords *

IcedID Malware Delivered via Contact Forms *

Swarmshop Hacked; Over 600,000 Stolen Records Exposed *

Pharmaceutical Giant "Pierre Fabre" Suffers REvil Ransomware Attack *

Multiple Gigaset Android Smartphones are Infected with Malware *

New Android Malware Auto-spreads to Devices using WhatsApp Auto-replies *

Lazarus Hacking Group Strikes Back with Vyveva Backdoor *

Rockwell Automation Addresses 9 Critical Vulnerabilities in FactoryTalk AssetCentre *

VISA Warns of Increasing Web Skimming Attacks *

LinkedIn Data Breach; 500 Million Users Data Posted On Dark Web *

Unpatched Fortinet VPN devices are exploited by Cring Ransomware *

Cisco Patches Cisco SD-WAN vManage Software Vulnerabilities *

Chinese Hackers Attacks Government & Military of Vietnam *

A New Spear-Phishing Campaign Deploying Malware Using Voice Changing Software *

Attackers Targeting Firms Using new Banking Trojan "Janeleiro" *

Hackers Deploying 'more_eggs' Malware via Fake LinkedIn Job Offers *

European Commission and EU Organizations Suffer Cyber Attack *

Booking.com Fined $560,000 by DPA *

VMware Fixes Critical RCE Flaw in Carbon Black Cloud Workload *

Data of Over 279 "Only Fans" Accounts Posted Online *

TU Dublin and National College of Ireland Suffers from Ransomware Attack *

Attackers Actively Exploiting Unpatched SAP Applications *

Hackers Exploiting Windows OS "BITS" Component *

$38M Worth of Gift Cards Sold by Cybercriminal on Russian Hacking Forum *

Outlook "Cannot send this item" Error Patched by Microsoft *

Clop Ransomware Gang Leaks Multiple Universities Sensitive Data Online *

Attackers are targeting Japan Industries with Multiple Backdoors *

Fake jQuery Plugin Deploying Malware on Systems *

Electronics Manufacturer "Asteelflash" Suffers REvil Ransomware Attack *

Brown University Suffers Cyberattack *

US DOJ Warns of Fake Covid-19 Vaccine Survey Phishing Campaign *

FBI and CISA Warns of Exploits Against Unpatched Fortinet FortiOS Servers *

Threat Actors Attempt to Extort Ubiquiti Post Data Breach *

Researchers Report Spike in Ransom DDoS Attacks *

Bogus Pen-Test Company "SecuriElite" Targeting Security Professionals *

Facebook Data Breach; 533 Million Users Data Exposed *

Citrix Addresses Multiple Vulnerabilities in Hypervisor *

SolarWinds Patches Four Vulnerabilities in Orion Platform *

Attackers Hacked PHP's Git Server to add Backdoors *

Malicious “System Update” Android Malware is Compromising Devices *

German Parliament Members Targeted by Spear-Phishing Attack *

BazarCall Malware Infecting Systems via Malicious Phone Calls *

New 5G Security Flaw allows Denial-of Service Attacks & Data Access *

Campaigns Spotted Targeting Gamers via Malware hidden in Game Cheats and Mods *

Fat Face Discloses Data Breach; Pays $2 Million Ransom *

VMware Fixes Two Critical Flaws in vRealize Operations Manager *

Harris Federation Hit by Ransomware Attack *

Slack Disables New Feature Amid Security Related Concerns *

npm Fixes a Critical Networking Vulnerability in "netmask" Library *

OpenSSL fixes Two High Severity Vulnerabilities *

Microsoft Patches Windows 10 Secure Boot Vulnerability *

Weintek Patches Remote Code Execution Flaws in its Product Range *

Evil Corporation Employs Hades Ransomware to Evade Detection *

Two Critical Vulnerabilities Patched in a WordPress Plugin *

FBI Warns of Mamba Ransomware *

Mobikwik Data Breach; Over 5 Million Users Data Exposed *

Threat Actors Exploiting Critical Flaws in GE's Universal Relay Products *

Apple Patches Webkit Browser Engine's Zero-day Vulnerability *

Backblaze Reports Data Breach; 9,245 Users' Metadata Exposed *

New Cloudflare's Page Shield Feature notifies Malicious JavaScript Dependencies *

Purple Fox Operators are Targeting Vulnerable Windows Systems *

Two Dozen Malicious Chrome Extensions are distributing Malware Globally *

Microsoft Patches Privilege Elevation Flaw in PSExec *

Multiple Security Vulnerabilities discovered in Cisco Jabber *

Adobe Fixes Critical Vulnerability in ColdFusion *

CISA and FBI warn about Phishing Attack spreading TrickBot Malware *

Colorado & Miami Universities Suffers Data Breach due to Vulnerable Accellion FTA Servers *

High Availability Server Manufacturer Stratus Suffers Ransomware Attack *

Shell Suffers Data Breach due to usage of Vulnerable Accellion FTA Servers *

Attackers Exploiting Vulnerable Qualcomm Graphic Components on Android Devices *

CNA Insurance Firm Suffers Ransomware Attack; New Malware Family Used *

IoT maker "Sierra Wireless" Reports Ransomware Attack; Site Taken Offline *

Attackers are taking Control of Vulnerable Apache OFBiz ERP via RCE Vulnerability *

Phishing Campaigns Bypassing Secure Email Gateways *

Phishing Mails containing fake COVID-19 Relief Checks downloads Dridex Trojan *

Threat Actors Hacked Windows, iOS, Android Users via Zero-day Attacks *

Mirai Botnet Exploiting Critical Flaws in Network Security Devices *

MangaDex Taken Offline Post Cyberattack *

Black Kingdom Ransomware Exploits Zero-day Flaws in Microsoft Exchange Servers *

Road Ministry warns Multiple Indian Government Organizations post Cyber-Attack Threats *

Fake Telegram Desktop Application downloads AZORult Malware *

CISA releases CHIRP Tool for SolarWinds Malicious Activity Detection *

CopperStealer Malware is Hijacking Social Media Accounts *

DDoS-as-a-Service exploits Citrix Devices *

New Malware XcodeSpy Targets iOS & macOS Developers *

Acer Suffers Ransomware Attack; $50 million Ransom Demanded *

Zoom Screen-sharing Bug is exposing Sensitive Data to Unauthorized Users *

Post Microsoft Outage files are missing from SharePoint *

Phishing Campaign Targets US Taxpayers *

Pysa Ransomware is Targeting US & UK Educational Institutions *

Twitter Image can be abused to hide Malicious Files *

Hackers Exfiltrating Stolen Data via JPG Files *

Mimecast Says SolarWinds Hackers Accessed Some Source Code *

Ransomware Attack on Pune District Smart City Costs Project Operators 50 Million Dollars *

RTM & Quoter Ransomware are Targeting Russian Finance and Transport Organizations *

A Time Zone Bug Crashing iOS Clock Application *

Microsoft Releases Mitigation Tool for Exchange Servers Affected in ProxyLogon Hack *

WeLeakInfo Hacker Site Hacked *

Phishing Domains can now Detect Virtual Machines using JavaScript *

Blender Software Developer Reports Cyber Attack *

Researchers Discovered Nim based Malware Exploiting Devices *

Microsoft Suffers Outage; Multiple Services Affected *

Metamorfo Banking Trojan abuses AutoHotKey to steal User Information *

Threat Actors Exploiting Avira Antivirus to Deliver Banking Trojans via DLL Side Loading Attack *

New ZHtrap Botnet Malware is turning Infected Targets to Honeypots *

Three Privilege Escalation Vulnerabilities fixed in Linux Kernel *

Threat Actors Exploiting Linux based Systems with new RedXOR Malware *

A New Zero-day WordPress Vulnerability enables Site Takeover *

Google Patches Zero-day Vulnerability in Chrome *

Mozilla Addresses Linux Crashes, Apple Silicon Hangs in Firefox 86.0.1 *

Molson Coors Reports an Outage *

Windows 10 Emergency Updates fixes Printing Crashes *

Researchers Disclose New and Powerful Version of BADHATCH PoS Malware *

Spanish Government Labor Agency Suffers Ransomware Attack *

New DEARCRY Ransomware Exploiting Vulnerable Microsoft Exchange Servers *

OVH Data Center Reported Massive Outage *

Second Cyber Attack on Norway's Parliament *

Maryland Attorney Seizes 5th Domain Used in COVID-19 Vaccine Phishing Attacks *

Hackers Accessed Verkada's Live Surveillance Cameras *

iPhone Call Recorder App Exposes People's Conversations *

F5 BIG-IP issued patches for Critical Remote Code Execution Vulnerabilities *

Microsoft Discloses 3 New Malware Strains in SolarWinds Hack *

Microsoft Patch Tuesday Security Advisory - March 2021 *

GitHub Users were forcibly Signed out to patch a Security Bug *

9 Android Application on Google Play Store found to be distributing Malware Dropper *

Researchers Disclose Side-Channel Attacks on Vulnerable Intel CPUs *

Global Aviation Industry Tech Supplier "SITA" Suffers Massive Data Breach *

Apple Addresses Remote Code Execution Vulnerability in WebKit *

Adobe Patches Flaws in Creative Cloud, Connect & Frame-maker *

Researchers Disclose New Tor based Malware "gafgyt" *

New Sarbloh Ransomware Encrypting Victim Files through Political Agenda *

Flagster Bank Suffers Data Breach due to usage of Vulnerable Accellion FTA Servers *

Google Chrome Blocks Port 554 as a Counter to NAT Slipstreaming Attacks *

European Banking Authorities Exchange Servers Hacked *

Microsoft Themed Phishing Attack Stealing User Credentials *

Over 15 Schools in UK Suffered Cyberattack *

Multiple Cisco Products Exposed to DoS Attack due to Snort Vulnerability *

Microsoft Releases a Tool for ProxyLogon Security Verification on Exchange Servers *

Microsoft Outlook Breached; Over 20,000 Organisations Affected Globally *

Supermicro, Pulse Secure Patches Vulnerabilities in BIOS & UEFI Products *

Attackers Hiding ObliqueRAT Trojan in Image Files via Steganography *

GRUB2 Patches Multiple High Severity Vulnerabilities in Boot Loader *

Over 6,700 VMware Servers Exposed post Exploit Code Release *

Hackers Deploying Malware on Compromised Websites via SEO Techniques *

Over 100 Italian Banks Targeted via Ursnif Trojan *

VMware Patches Remote Code Execution Vulnerability in View Planner *

Attackers Targeting Investors via BEC Campaigns *

CompuCom Suffers Malware Attack Leading to Service Outage *

Botnet Campaigns Abusing Bitcoin Blockchains & Deploying Skidmap Malware *

AOL Phishing Campaign Reported Stealing User Credentials *

Researchers Disocvered DoS Vulnerability in Eclipse Jetty *

Qualys Suffered Data Breach due to Zero-day Vulnerability in Accellion FTA Server *

PrismHR Suffers Massive Outage *

Malaysia Airlines Discloses a Data Breach *

Chinese Cybercriminals Exploiting 4 Zero-day Vulnerabilities in Microsoft Exchange *

Universal Health Services lost $67 Million by Ryuk Ransomware Attack *

Google Patches Zero-day Vulnerability in Chrome *

Dependency Confusion Vulnerability Exploited to steal Linux/Unix Password Files *

Ransomware Attack on Aviation Giant Bombardier *

Dutch e-Ticketing Platform Ticketcounter Suffers Data Breach *

Chinese Hackers Targeting Indian Power Grids & Seaports *

World's Leading Dairy Products Group Lactalis Hit by Cyber Attack *

Drive Corruption Vulnerability in Windows 10 *

LazyScripter Actors Target Airlines with Remote Access Trojans *

New Variant of Ryuk Ransomware Observed Self-propagating in Local Network *

Cisco Patches Critical Severity Authentication Bypass Vulnerability in Cisco ACI MSO *

Sequoia Capital Suffers Data Breach post a Failed BEC Attack *

FriarFox Browser Extension Targeting Tibetan Organizations *

Windows 10 BSOD Issues Resolved via Intel Wireless Driver Updates *

Online Dating Application Gaper Vulnerable to Multiple Critical Zero-day Flaws *

US Federal Reserve Suffers Massive Outage Nationwide *

Researchers Discloses Potential Code Injection Flaw in NodeJS Library "systeminformation" *

TD Bank Recovering from Systemwide Banking Outage *

XBOX Live Suffers Global Outage *

Accellion Vulnerability Exposes Pharmacy & Employee Data in Kroger Data Breach *

Keybase Patches a Bug that Exposes Deleted Sensitive Media to Attackers *

Threat Actors Deploying New Variants of MINEBRIDGE RAT via Word Documents *

Powerhouse Management Suffers from Large Scale DDoS Attacks *

WACUP Patches Several Bugs in Winamp Media Player *

Over 8 Million COVID-19 Test Results Leaked *

TietoEVRY IT Services Suffers Ransomware Attack *

Microsoft Begins Windows 10 21H1 Beta Testing *

VMware Patches Critical RCE Bug in vCenter *

Python Software Foundation Addresses Two Vulnerabilities *

US Shares Information on AppleJeus Malware *

LinkedIn Suffers Global Outage for Two Hours *

Fake Adobe Flashplayer Update Installs Adware Bundle *

Brave Browser's "Tor Mode" Leaks Onion Queries in DNS Traffic *

Certification Giant Underwriters Laboratories (UL) Suffers from Ransomware Attack *

Magecart Hackers Stealing Credit Card Information via Google Apps Script *

Attackers Targeting Apple's M1 Chip via Malicious Adware Extension *

Cuba Ransomware Triggers Data Breaches In US Cities & Agencies *

Dutch Research Council (NWO) Suffered Cyberattack *

RIPE NCC Suffers Credential Stuffing Attack *

OpenSSL Project Releases A New Patch For Three New Vulnerabilities *

VMware Patches Vulnerability in vSphere Replication Software *

Windows 10 Secure Boot Patch Exposes BitLocker Recovery Key *

Kia Motors USA Suffers Massive IT Outage *

EMSISOFT Exposes Internal Log Data Generated by their Test Products *

EXMO Cryptocurrency Exchange Suffers DDoS Attack *

Researchers Discloses Unpatched Vulnerabilities in SHAREit for Android OS *

Yandex Insider Threat Compromises 4887 Customer Accounts *

Telegram's "Super-Secret" Feature Exposes Self-Destructing Media Files to Attackers *

Siemens Patches Multiple Vulnerabilities in Virtualization Software *

PayPal Patches XSS Vulnerability in Currency Converter Feature *

Over 30 Mobile Health Apps Exposing Records of Millions of Users *

Fortinet Patches Multiple Vulnerabilities In SSL, VPN & Web Firewall Products *

Critical XSS Vulnerabilities Fixed In WordPress Plugin "NextGen Gallery" *

Windows Kernel Escalation of Privilege Zero Day Bug is Fixed in Microsoft Patch Tuesday *

CISA Warns of High-Severity Vulnerabilities in Fuji Electric Products *

Researchers Discloses Multiple Vulnerabilities in YouPHPTube and AVideo *

Dairy Farm Suffers REvil Ransomware Attack *

C-Level Executives Targeted via Phishing Attack *

Over 3 Million Cook County Court's Sensitive Data Records Exposed *

Mozilla Enhances Firefox Security Against Super Cookies & Disables Adobe Flash Support *

Microsoft Azure Function Vulnerable to Privileges Escalation & Docker Escape *

Apple Patched iOS, iPadOS & tvOS Multiple Vulnerabilities *

Law Enforcement Agencies around the Globe takes Down Emotet Ransomware Gang *

Oscorp - Credential Stealing Android Malware *

Lebanese Cedar APT Targeted Telecoms, Hosting, ISPs Worldwide *

North Korean Hackers Attacking Security Researchers *

Cisco Discloses Multiple Vulnerabilities in Small Business Routers *

Researchers Discloses Critical Vulnerabilities in F5 BIG-IP Products *

Well-known Religious Services "The Temple" Suffers a DoS Attack *

Linux Systems Under Attack via FreakOut Malware *

QNAP Warns Users of Dovecat Crypto Miner Malware *

Microsoft Discloses Methods used by SolarWinds Hacker Group to Avoid Detection *

1.9 Million Pixlr Users Stolen Data Available on Free Forums *

Adult Social Media Platform Fleek Leaking Users Explicit Data *

4.1 Million AnyVan Users Data Compromised via Data Breach *

VLC Media Player Patches Several Remote Code Execution Vulnerabilities *

Cisco Fixes PreAuth Remote Code Execution Vulnerabilities *

Crypto Exchange LiveCoin Shutting Down Post Cyber Attack *

Microsoft Enabling Full Automation Support for Microsoft Defender AV *

Cisco Fixes Windows DLL Injection Vulnerability in Cisco AnyConnect Secure Mobility Client *

Raindrop Malware Observed in SolarWinds Hack *

FireEye Releases Tool to Detect SolarWinds Hack Techniques *

SolarWinds Malware "Raindrop" Hiding in Modified 7Zip Source Code *

Oracle Releases Quarterly Critical Patches *

Multiple Twitter Accounts Hacked in "Elon Musk" Crypto Scam *

Malwarebytes Breached by SolarWinds Threat Actors *

Apple Removes Vulnerable MacOS Features in MacOS 11.2 Beta 2 *

Cybercriminals Blunder Exposes Stolen Credentials in Plain Sight *

Threat Actors Bypassing Two-Factor Authentication for Several Cloud Services Accounts *

Microsoft Patches Zero Day Vulnerability in Defender Antivirus *

Google Bans 164 Offending Android Applications from Play Store *

Mozilla Releases Security Updates for Thunderbird *

Scammers Blackmailing Coinmama Users via Porn Backlinks *

Windows 10 Bug Corrupts Hard Drive via Single Line Command *

NSA Urges Organizations Not to Use Third Party DNS Resolvers *

Bitdefender Releasing Free Decryptor for DarkSide Ransomware Victims *

Scottish Environment Protection Agency (SEPA) Suffering Conti Ransomware Attack *

Microsoft Announces Windows Zerologon Flaw ‘Enforcement Mode’ *

Threat Actors Compromising Mimecast's SSL Certificates *

Researchers Exposes United Nations Data Breach *

Linux Mint OS Patches ScreenSaver Bypass Vulnerability *

UK's Nohow International Cloud Data Breached *

Threat Actors Exploiting Windows "Finger Command" via Phishing Campaign *

Large Scale Data Breaches Targeting Russian Federation in Year 2020 *

Over 390,000 Users Data Compromised in Capcom Data Breach *

DoS Vulnerability in RockWell Automation RSLinx Classic Software *

Breached COVID-19 Vaccine Data Leaked Online via Hacker Forums *

Fake Trump Scandal Video Distributing QNode Malware *

SolarWinds Threat Actors Accessing Department of Justice's Email Servers *

FBI Warns Organizations on Egregor Ransomware *

Pysa Ransomware Hits Hackney Council & Leaked Data Up for Sale *

FIN7 Hacking Group Leveraging JSSLoader Malware *

Indian Government Websites Leaking COVID-19 Patient's Test Results *

Earth Wendigo Campaign Exfiltrating Emails via JavaScript Backdoor *

British Airways Plans £3bn Breach Settlement *

North Korean Hacking Group Supply Chain Attack Targeting Stock Investors *

Multiple Vulnerabilities in Fortinet FortiWeb WAF Leading to Arbitrary Code Execution *

Phone and Email Scammers Impersonating as ACSC *

Ransomware Attack Knocks Out Funke Media Group *

ElectroRAT Malware Drains Funds from 6,500 Digital Wallets *

Lake Regional Healthcare Suffers Ransomware Attack *

NameSouth's Data Breached by NetWalker Ransomware Group *

Sabre Corporation's 2017 Data Breach LawSuit Verdict *

Microsoft’s Windows Core Polaris Leaked Online *

10,000 American Express Credit Card Holder's Data Breached *

Vodafone's ho. Mobile Suffers Data Breach Impacting 2.5m User Records *

Hackers Launch Swatting Attacks by Exploiting Smart Home Devices *

SolarWinds Supply Chain Attack Led Hackers Access to Microsoft Source Code *

Secret Backdoor Account Detected in Several Zyxel Firewall & VPN Products *

CISA Releases Sparrow.ps1 Tool for Azure/M365 *

Japanese Aerospace Firm Kawasaki Warns of Data Breach *

Japanese Game Developer Koei Tecmo Suffers Data Breach *

FreePBX Developer Sangoma Technologies Hit by Conti Ransomware *

Authentication Bypass Vulnerability in SolarWinds Orion API *

Whirlpool Hit by Nefilim Ransomware Attack *

Adobe Flash Player Reaches End-Of-Life (EOL) *

Phishing Campaign Using Chase Banking Security Notice Emails *

Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability *

Smart Doorbell Devices Easily targeted by Hackers *

Cybercriminal's Bulletproof VPN Service Shuts Down *

Authentication Bypass Vulnerability in Bouncy Castle *

Chinese APT Group Operation StealthyTrident *

Critical Security Vulnerabilities Reported in Dell Wyse Thin Clients *

Ransomware Threat Actors Using 'SystemBC' Malware as Backdoor *

QNAP Fixes High Severity Vulnerabilities in NAS Devices *

CrowdStrike Launches Reporting Tool to Audit Azure AD Permissions *

Chinese Mobile Giant Xiaomi Recording Millions of Users Private Web & Phone Usage *

Al Jazeera Journalists Targeted via Pegasus Spyware *

VMware Vulnerability Exploited in SolarWinds Supply Chain Attack *

Credential Stealer Malware Targeting Financial Institutions *

Clop Ransomware Attack Detected on Symrise *

Microsoft Defender Blocking Known Malicious SolarWinds Binaries *

Mozilla Releases Security Fixes for Multiple Security Vulnerabilities *

Sextortion Campaign Targeting iOS, Android Users via Goontact Spyware *

New Windows Trojan Steals Browser Credentials, Outlook Files *

5G Network Architecture Multiple Vulnerabilities Discovered *

Contact Form 7 WordPress Plugin Emergency Patch Released *

MoleRats APT Variant Stealing Sensitive Data *

Unauthenticated Command Injection Flaw Exposes D-Link VPN Routers to Attacks *

Iranian Rana Android Malware Snooping on Instant Messenging Platforms *

Samsung Fixes Critical Android Bugs *

Adobe Releases Security Updates *

COVID-19 Vaccine Data Leaked *

Ransomware Attack on Netgain Technologies *

70 Lakh Indian Cardholders Data Leaked on Dark Web *

FireEye's Red Team Security Testing and Assessment Tools Stolen by State-Sponsored Hackers *

Microsoft Patch Tuesday Security Advisory - December 2020 *

Ransomware Attack on Television Production Company - Banijay Group SAS *

Maze Ransomware Attack on Canon *

DeathStalker APT Group Offers Hack For Hire Service *

Security Researchers Accidentally Discovers Windows Zero-Day *

Bandook Malware Targeting Multiple Sectors *

Windows 10 20H2 Update Fixes Broken In-Place Upgrade Feature *

Microsoft Office Products Non-Security Updates November 2020 *

Advanced Persistent Threat Attack Targeting U.S. Think Tank *

Huntsville City Schools District Shut Down by Ransomware Attack *

Ryuk Ransomware Attacks K12 Online School Platform *

Malicious npm Packages Installing Remote Access Trojans *

IoT Chip Maker Advantech Hit by Conti Ransomware *

Gootkit Malware Returns with REvil Ransomware *

New CursedGrabber Malware *

Delaware County Hit by DoppelPaymer Ransomware Attack *

Hackers Targeting COVID Vaccine Maker AstraZeneca *

Data Breach Attack on Peatix Events Management Organization Inbox *

LidarPhone Attack Converts Smart Vacuums into Microphones *

Mercy Iowa City Hospital Data Breach *

Over 300K Spotify Accounts Hacked *

Industrial Control System Vendors Warn of Critical Bugs *

Cisco Webex Ghost Flaw *

Chinese Sponsored Cyber Criminal Group Attacking Japan-Linked Organizations *

Cisco Webex Meetings API Cross-Site Scripting Vulnerability *

Mozilla Released Firefox 83 *

Unprotected Database Exposed a Scam Targeting 100K+ Facebook Accounts *

Mount Locker Ransomware Targeting TurboTax files *

Chinese APT Group FunnyDream *

Supply-Chain Attack Distributing Malware in South Korea *

APT 'Hackers For Hire' Target Financial, Entertainment Firms *

Multiple Vulnerabilities in Cisco Security Manager Software *

New Phishing Campaign Delivering Jupyter Malware *

Image Inversion Technique to Bypass Office 365 *

Critical Vulnerabilities Discovered in World's Largest Android TV Manufacturer *

E-Shops Running Vulnerable Version of Magento *

Source Code of Cobalt Strike Toolkit Shared Online *

Critical Remote Code Execution Vulnerability in Oracle WebLogic Server *

Animal Jam Kids Virtual Playground Suffered Data Breach *

Security Vulnerabilities in Unity Orchestrator SD-WAN *

High Severity Security Vulnerability in Cisco’s IOS XR Software *

Chrome Zero-day Vulnerabilities *

Australian Government Warns Healthcare Sector against Ransomware Attack *

Mozilla Releases Security Updates *

xHunt Hackers Attacking Exchange Servers *

Ransomware Attack on Blackbaud Cloud Software Provider *

Ransomware Hits E-Commerce Software Platform X-Cart *

Ubuntu GNOME Display Manager Vulnerability allows Root Access *

Ransomware Attack on Australian Media Monitoring Company *

Scammers Impersonating IRS for Payment Fraud *

Adobe Releases Security Updates *

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug *

Microsoft Teams ‘Fake Updates’ Malware Campaign *

Critical Security Updates for Multiple Intel Products *

Ghimob Banking Trojan *

Ransomware Attack on Italian Liquor Brand - Campari *

Microsoft Patch Tuesday - November 2020 *

Pay2Key Ransomware *

True Social Network App Exposed *

Critical Security Flaws in SaltStack IT Infra Management Solution *

Phishing Attacks on Russian Industrial Enterprises *

Cisco AnyConnect Arbitrary Code Execution Vulnerability *

Multiple Vulnerabilities in Google Android OS *

Multiple Vulnerabilities in Adobe *

Folksam Data Breach *

Bigbasket Suffers Data Breach - Data of 2 Crore Users Now On Sale In Dark Web *

Apple Fixes Three iOS Zero-Days *

Capcom Hit by Ragnar Locker Ransomware *

Dridex Botnet Stealing Banking Credentials *

VMware Multiple Security Updates *

Second Hand USB Drives Expose Sensitive Information of Previous Owners *

New Google Drive Phishing Campaign *

Cyberattack on Vermont Health Network *

Alibaba's Online Store RedMart Suffers Data Breach *

Bank Phone Numbers are being Spoofed to Rob Victims *

Windows Zero-Day Exploit Publicly Disclosed *

Nitro Software Massive Data Breach *

Cryptocurrency Service 'Harvest Finance' Hacked - $24 Million Stolen *

New Delivery Method of Emotet has been discovered *

Cyberattacks Hit Schools & Colleges *

Patients in Finland Blackmailed *

KashmirBlack Botnet *

Multiple Vulnerabilities in Fujitsu M12 Servers *

IT Service Provider Sopra Steria Hit by Ryuk Ransomware *

High Severity NVIDIA GeForce Experience Vulnerabilities Patched *

SQL Injection Vulnerability in Rapid7 Nexpose *

Information Disclosure Vulnerability in Linux Kernel *

Multiple Security Vulnerabilities Identified in WAGO’s Cloud Connectivity Controllers *

Browser Locker Scam Campaigns *

VMware Multiple Security Updates *

Zero-Click Vulnerabilities Identified in the Linux Bluetooth Software Stack *

Browser Address Bar Spoofing Vulnerabilities in Multiple Mobile Browsers *

Multiple Vulnerabilities in HP's Intelligent Management Center (IMC) Software *

High Severity Router Vulnerability in Cisco IOS XR Software *

Google Chrome Browser Multiple Security Updates *

GravityRAT *

Rise in QR Code Related Scams *

Latest Release of Chrome and Edge Generating Random Log Files *

Multiple Vulnerabilities in Magento CMS *

Multiple Vulnerabilities in SonicWALL Sonic OS *

Multiple Vulnerabilities in F2FS Toolset *

Juniper Networks Releases Security Updates *

Silent Librarian APT *

Clips from Exposed Home Security Cameras Posted Online *

Microsoft Disrupts TrickBot Malware Network *

Double Extortion Ransomware Attack on Software AG *

Denial-of-Service Vulnerabilities in Allen-Bradley Flex I/O System *

Adobe Flash Player Application Critical Patch Update *

Microsoft Patch Tuesday - October 2020 *

Microsoft Patches Critical Remote Code Execution Vulnerabilities *

Information Disclosure Vulnerability in Apache Tomcat *

Fitbit Spyware Watch Face *

MontysThree Malware Used In Targeted Industrial Espionage Attacks *

Critical Flaws Found In QNAP Helpdesk Leading To Device Takeover *

New Cryptojacking Variant : Black-T *

Vulnerability in Apple's T2 Mac Security Chips *

Google Releases Patches for 50 Android System's Vulnerabilities *

Trump's Health Email phishing Campaign Delivering BazarLoader Trojan *

Cisco Patches Multiple Vulnerabilities *

BAHAMUT : Hack For Hire Service *

Flaws In Top Antivirus Softwares Leading to Privilege Escalation *

Facebook Disables Chinese-Sponsored SilentFade Malware Campaign *

HEH Botnet *

APT Attack Injects Malware into Windows Error Reporting *

COVID-19 Clinical Trial Hit by Ransomware *

Multiple Vulnerabilities in Google Chrome Web Browser *

Iranian hackers are exploiting the Zerologon vulnerability *

Indian State Government Massive Data Breach *

MosaicRegressor Malware Framework UEFI Firmware Bootkit *

DDoS Attacks by Ransomware Attacker Groups *

XDSpy APT Group *

Backdoors in Microsoft 365 & Azure Active Directory using AADInternals PowerShell Module *

Raccine Ransomware Vaccine *

Microsoft Office 365 OAuth Access Token Phishing *

Egregor Ransomware *

InterPlanetary Storm Botnet Infects 13K Mac and Android Devices *

Multiple Security Vulnerabilities in Wireshark Packet Analyzer *

Palmerworm Espionage Campaign *

Swatch Shuts Down IT Systems to Stop Cyberattack *

Operation Sidecopy Launches Attack on Defense Forces in India *

Microsoft Removed 18 Azure AD Applications *

Microsoft Windows XP Source Code Leaked Online *

Multiple Vulnerabilities in Apple Products *

247K Microsoft Exchange Servers Vulnerable for RCE *

A Bug in Windows Server 2016 *

Magento Credit Card Stealing Malware *

Federal Agency Hit by Cyber Attack *

Chalubo DDoS Botnet Targeting Unsecured SSH Servers *

UHS hospitals Hit By Ransomware Attack *

Phishing Campaign stating End of Support for Windows 7 *

Microsoft Office 365 Outage Reported in USA & Australia *

Joker Trojan *

Taurus Malicious Ad Campaign *

Cisco Patches Multiple Security Bugs *

APT-C-43 Steals Military Secrets *

Microsoft Outlook Squatting Campaign *

MoDi RAT *

Heap Buffer Overflow Vulnerability in Instagram *

Mozilla Firefox 81 Released *

Automated MEOW Attack *

RansomExx Ransomware Attack on Tyler Technologies *

Phishing Campaign Targets AT&T Global Employees *

TinyCryptor Ransomware *

Multiple Security Vulnerabilities in Google Chrome Web Browser *

Mozilla Bug - Hijacking Firefox Android Browsers *

Maze Attackers adopt Ragnar Locker VM technique *

Chinese Hackers Targeting U.S. Agencies *

Multiple Vulnerabilities in Apple Safari *

ZShlayer Malware *

APT41 Chinese Hacking Group *

Phishing Scam using Security Awareness Training Emails *

MrbMiner Malware *

MFA Bypass Vulnerability in Microsoft 365 *

Prometei Multi-Modular Botnet *

Emotet Malware New Spamming Campaign *

Lemon Duck Cryptominer *

Qakbot malware *

Trojan Glupteba

Amazon Q Developer Workspace Trust Vulnerability (CVE-2026-12957) Enables Arbitrary Code Execution via Malicious MCP Configurations

Publish Date: 2026-06-27

Description

Amazon has addressed a high-severity security vulnerability, tracked as CVE-2026-12957, affecting Amazon Q Developer IDE plugins. The flaw could allow a malicious Git repository to execute arbitrary commands on a developer's workstation after the repository is opened and the workspace is marked as trusted. Successful exploitation could expose cloud credentials, API tokens, SSH agent sockets, and other sensitive environment variables, potentially leading to compromise of AWS environments. The issue was responsibly disclosed by Wiz Research and has since been patched by Amazon. The vulnerability exists in the way Amazon Q Developer processed Model Context Protocol (MCP) configuration files stored within a repository, specifically the .amazonq/mcp.json file. When a developer opened a malicious repository and trusted the workspace, Amazon Q automatically launched the MCP servers defined in the configuration. Since MCP servers execute as local processes, they inherited the developer's environment, including AWS credentials, cloud CLI authentication tokens, API keys, SSH agent sockets, and other sensitive secrets. An attacker could therefore embed malicious commands inside the repository configuration, resulting in arbitrary code execution without requiring additional authentication. Wiz demonstrated the attack by executing the aws sts get-caller-identity command and transmitting the active AWS session details to an attacker-controlled server. Depending on the victim's cloud permissions, attackers could establish persistence, access internal infrastructure, modify cloud resources, or pivot into production environments. Amazon confirmed the issue and released updated Language Servers for AWS and corresponding Amazon Q Developer plugin versions that eliminate the unsafe behavior.

CVE-IDs
CVE-2026-12957

Affected Platform(s) / Version(s)
Amazon Q Developer IDE Plugins / Language Servers for AWS

Distribution Method
Malicious Git Repository

Attack Type
Arbitrary Code Execution

Attack Source
Crafted MCP Configuration

Region
Global

Affected Business(s)
Multiple Sectors

Recommendations
- Upgrade Amazon Q Developer plugins and Language Servers for AWS to the latest patched versions (Language Servers for AWS v1.69.0 or later).
- Open and trust repositories only from verified and trusted sources.
- Review MCP configuration files before enabling workspace trust.
- Implement least-privilege IAM policies to reduce the impact of credential exposure.
- Rotate exposed AWS credentials and API tokens if compromise is suspected.
- Continuously monitor AWS CloudTrail and security logs for unauthorized activity.
- Deploy endpoint detection and response (EDR) solutions to identify suspicious local process execution.

References
- https://github.com/aws/language-servers/security/advisories/GHSA-xhcr-j4j9-3gh7
- https://aws.amazon.com/security/security-bulletins/2026-047-aws/
- https://www.cve.org/cverecord?id=CVE-2026-12958
- https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html

New Miasma Malware Wave Targets Developer Workflows Through npm Packages and CICD Systems

Cybersecurity researchers have uncovered another evolution of the ongoing supply chain attack linked to the Mini Shai Hulud, Miasma, and Hades malware family, targeting both the np...

Published Date: 2026-06-27

Microsoft Warns of Photo ZIP Phishing Campaign Delivering Node.js Malware to Hotels

?An active phishing campaign has targeted hotels and hospitality organizations across Europe and Asia since April 2026. Attackers send emails impersonating "Booking Manager (vi...

Published Date: 2026-06-26

DirtyClone Linux Kernel Flaw Enables Local Privilege Escalation

A newly disclosed Linux kernel vulnerability, DirtyClone (CVE-2026-43503), has been identified as a high-severity local privilege escalation flaw affecting the kernel's XFRM/IP...

Published Date: 2026-06-26

Back

Home

Amazon Q Developer Workspace Trust Vulnerability (CVE-2026-12957) Enables Arbitrary Code Execution via Malicious MCP Configurations

This website uses COOKIES in order to offer you the most relevant information. Please accept cookies for optimal performance.

Amazon Q Developer Workspace Trust Vulnerability (CVE-2026-12957) Enables Arbitrary Code Execution via Malicious MCP Configurations

Publish Date: 2026-06-27

Description

Protect your Data and Brand Value from Data Breaches!

Infoshare-Varutra provide security services at an affordable price!

Reach Us: contact@infosharesystems.com

Related Posts

New Miasma Malware Wave Targets Developer Workflows Through npm Packages and CICD Systems

Microsoft Warns of Photo ZIP Phishing Campaign Delivering Node.js Malware to Hotels

DirtyClone Linux Kernel Flaw Enables Local Privilege Escalation

Share Post

Amazon Q Developer Workspace Trust Vulnerability (CVE-2026-12957) Enables Arbitrary Code Execution via Malicious MCP Configurations

Download PDF

Amazon Q Developer Workspace Trust Vulnerability (CVE-2026-12957) Enables Arbitrary Code Execution via Malicious MCP Configurations