Category: Cyber Security News

Apple’s macOS Gatekeeper, a cornerstone of the operating system’s defense against malicious software, has undergone significant macOS Sequoia (15.0) updates to address emerging security challenges. These changes reflect Apple’s ongoing efforts to balance user freedom with robust protection against increasingly…

Read more →

Security Operations Centers (SOCs) and Managed Security Service Providers (MSSPs) operate at the forefront of cybersecurity, tasked with defending organizations against increasingly sophisticated threats. As adversaries refine their tactics, the need for continuous skill development, particularly through hands-on malware analysis training, has…

Read more →

As the Linux kernel continues to power everything from cloud infrastructure to embedded devices, its security remains critical. In 2025, patching strategies face unprecedented challenges: a 3,529% year-over-year increase in CVEs since 2024, sophisticated exploitation techniques targeting virtualization subsystems, and kernel-level attacks…

Read more →

A coordinated phishing campaign targeting Kuwait’s critical sectors has been exposed through a distinctive operational security lapse: the consistent reuse of SSH authentication keys across multiple attack servers. The campaign, which remains active as of May 2025, has deployed over…

Read more →

The Federal Bureau of Investigation (FBI) issued an urgent warning Thursday about an ongoing malicious campaign where cybercriminals are impersonating senior US officials through text messages and AI-generated voice calls. The sophisticated attack, which began in April 2025, primarily targets…

Read more →

In a significant setback for US cybercrime enforcement efforts, Russian hacker Andrei Tarasov has evaded extradition to the United States and successfully returned to his homeland, intelligence sources confirm. Tarasov, 33, known in cybercriminal circles by the aliases “Aels” and,…

Read more →

A recent investigation has uncovered a concerning case of espionage at one of America’s premier academic institutions, where a Chinese intelligence agent posed as a Stanford University student to gather sensitive research information. The agent, operating under the alias “Charles…

Read more →

A newly discovered class of vulnerabilities in Intel processors, termed Branch Predictor Race Conditions (BPRC), allows attackers to systematically extract sensitive data from the cache and random-access memory (RAM) of other users sharing the same hardware. Affecting all Intel processors…

Read more →

Cybersecurity experts have identified a concerning trend in the malware landscape as threat actors increasingly leverage fileless techniques to circumvent traditional security measures. A sophisticated PowerShell-based shellcode loader executing Remcos Remote Access Trojan (RAT) has emerged as the latest example…

Read more →

Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructure in the first quarter of 2025. This alarming figure, revealed in a comprehensive threat landscape…

Read more →

Multiple users and IT administrators are reporting that Microsoft’s latest security update KB5058379, released on May 13, 2025, is causing widespread issues with BitLocker recovery prompts and system boot failures. This mandatory Patch Tuesday update, which contains critical security fixes,…

Read more →

In April 2025, cybersecurity teams were starkly reminded of the stakes involved in patch management when Microsoft disclosed CVE-2025-29824, a zero-day privilege escalation flaw in the Windows Common Log File System (CLFS) driver. Exploited by ransomware groups to gain SYSTEM-level access,…

Read more →

Critical security flaws have been uncovered in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) solution, exposing organizations to the risk of unauthenticated remote code execution (RCE). The vulnerabilities, tracked as CVE-2025-4427 and CVE-2025-4428, have been…

Read more →

Mergers and acquisitions (M&A) have become a high-stakes battleground for cybersecurity risks, with 2024 witnessing a surge in regulatory scrutiny, sophisticated cyberattacks, and costly post-deal breaches. As global M&A activity rebounds to pre-pandemic levels, CISOs face unprecedented challenges in safeguarding…

Read more →

Apple’s macOS has experienced a concerning surge in zero-day vulnerabilities over the past six months, highlighting the need for robust security practices. Recent sophisticated attacks targeting businesses and individuals demonstrate that Apple’s relatively secure ecosystem remains vulnerable to determined threat…

Read more →

A lesser-known feature of Git, Dubbed “Commit Stomping,” this technique allows users to manipulate commit timestamps, potentially disguising malicious or unauthorized changes in a repository’s history. While not a bug or vulnerability, Commit Stomping exploits Git’s flexibility to rewrite the…

Read more →

The Jenkins project has issued a critical security advisory detailing vulnerabilities in five widely used plugins: Cadence vManager, DingTalk, Health Advisor by CloudBees, OpenID Connect Provider, and WSO2 Oauth. These flaws, ranging from medium to critical severity, could allow attackers…

Read more →

As container adoption rapidly accelerates across enterprises in 2025, security professionals are under increasing pressure to focus on securing Linux containers and protecting these ephemeral environments. Container security requires a multi-layered approach that addresses vulnerabilities throughout the container lifecycle –…

Read more →

SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Tracked as CVE-2025-40595, the vulnerability carries a CVSS v3 score of 7.2, indicating a high-severity risk. Discovered…

Read more →

As cyberthreats grow in sophistication, organizations must prioritize robust endpoint protection strategies. Microsoft Defender for Endpoint has emerged as a critical tool in this landscape, offering AI-driven threat detection, automated response, and integration with broader security ecosystems like Microsoft Defender…

Read more →

Cybersecurity experts have successfully emulated the behaviors of VanHelsing, a sophisticated ransomware-as-a-service (RaaS) operation that emerged in March 2025 and has rapidly gained notoriety in cybercriminal circles. The ransomware employs a double extortion model, encrypting victims’ files with the Curve25519…

Read more →

Proofpoint, Inc., a global leader in cybersecurity and compliance, has announced a definitive agreement to acquire Hornetsecurity Group, a prominent pan-European provider of AI-powered Microsoft 365 (M365) security, compliance, and data protection services. This strategic acquisition marks a significant step…

Read more →

The first day of Pwn2Own Berlin 2025 wrapped up with a bang, as hackers showcased 11 exploit attempts, including AI-targeted attacks, and walked away with $260,000 in prizes. The Pwn2Own competition, known for pushing the boundaries of cybersecurity, saw successful…

Read more →

Google has announced a significant enhancement to its Advanced Protection Program with the release of Android 16, introducing a robust device-level security setting aimed at safeguarding users against sophisticated cyber threats. Tailored for at-risk individuals such as journalists, elected officials,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-4664 to its Known Exploited Vulnerabilities Catalog as the vulnerability is actively exploited in the wild in attacks. This high-severity issue in Google Chromium involves insufficient policy enforcement in the Loader component,…

Read more →

A sophisticated phishing campaign has emerged targeting Google users with fraudulent law enforcement data requests, exploiting legitimate Google services to bypass security systems and create highly convincing scams. The attack utilizes official Google infrastructure, including the company’s OAuth system and…

Read more →

A sophisticated .NET multi-stage malware loader has been actively targeting Windows systems since early 2022, serving as a distribution channel for dangerous payloads including information stealers and remote access trojans. This loader employs a complex three-stage deployment mechanism that helps…

Read more →

Coinbase Global, Inc., one of the world’s largest crypto exchanges, disclosed a major cybersecurity incident in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC) on May 14, 2025. The breach, orchestrated by an unknown threat actor,…

Read more →

U.S. energy officials have launched an investigation after discovering unauthorized communication equipment embedded within Chinese-manufactured solar power inverters connected to critical infrastructure grids across the country. These inverters, which are essential components that convert direct current from solar panels into…

Read more →

Nucor Corporation, the largest steel manufacturer in North America, has temporarily shut down production at several of its facilities after a significant cybersecurity incident involving unauthorized access to its information technology systems. The breach, which was detected earlier this week,…

Read more →

In the first half of 2025, cybersecurity experts have observed a significant rise in threat actors targeting the software supply chain through weaponized open source packages. These attacks leverage the implicit trust developers place in third-party dependencies, transforming seemingly benign…

Read more →

Researchers have uncovered a sophisticated technique to bypass Windows Defender Application Control (WDAC), a critical Windows security feature designed to prevent unauthorized code execution. The bypass leverages vulnerabilities in trusted Electron applications, effectively circumventing one of Microsoft’s most robust security…

Read more →

CISA has issued an urgent alert after adding five new Microsoft Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities, which affect core Windows components, have been flagged as…

Read more →

A widespread outage affecting Microsoft 365 services has left users across the globe unable to access key platforms, including Outlook, Hotmail, and the main Microsoft 365 website, since Wednesday evening. The disruption, which began at 10:30 PM UTC on May…

Read more →

A newly discovered .NET-based infostealer dubbed “Chihuahua Stealer” has emerged as a significant threat, exploiting Google Drive documents to deliver malicious PowerShell scripts and steal sensitive data. First identified by G DATA analysts in April 2025, the malware targets browser…

Read more →

A new variant of the DarkCloud information-stealing malware has emerged, leveraging the AutoIt scripting language to bypass security tools and harvest sensitive credentials from infected systems. Dubbed DarkCloud Stealer v4, the malware has targeted financial institutions, healthcare organizations, and e-commerce…

Read more →

A newly identified malware loader dubbed TransferLoader has emerged as a critical threat, enabling attackers to execute arbitrary commands on compromised systems and deliver payloads such as the Morpheus ransomware. First detected in February 2025 by Zscaler ThreatLabz researchers, this…

Read more →

Xerox has announced the release of its April 2025 Security Patch Update for the FreeFlow® Print Server v2 running on Windows® 10, reinforcing the company’s commitment to robust cybersecurity for its production print platforms. The update, officially released on May…

Read more →

A recently uncovered cyber-espionage campaign linked to Russian state-sponsored actors has been targeting enterprise webmail servers using a critical zero-day vulnerability in MDaemon, a widely used email server software. Dubbed “MailStorm” by researchers, the campaign exploits an unpatched buffer overflow…

Read more →

A sophisticated backdoor campaign in which attackers cleverly disguised remote access malware as a legitimate Microsoft Edge service. The malicious Mesh agent, masquerading under the path C:\Program Files\Microsoft\MicrosoftEdge\msedge.exe, was found running on multiple computers and servers across the affected network.…

Read more →

A new wave of sophisticated phishing campaigns targeting Spanish-speaking users in Latin America has emerged, leveraging weaponized HTML files to deploy the Horabot malware. First identified in April 2025 by Fortinet’s FortiGuard Labs, Horabot combines credential theft, email automation, and…

Read more →

A dangerous ransomware operation dubbed Interlock has escalated its focus on defense contractors and their supply chains, jeopardizing sensitive military logistics, intellectual property, and national security. First observed in September 2024, the group employs “big-game hunting” tactics-targeting high-value organizations-and double…

Read more →

The European Union has taken a significant leap forward in its digital security strategy with the official launch of the European Vulnerability Database (EUVD), developed and maintained by the European Union Agency for Cybersecurity (ENISA). Announced on May 13, 2025,…

Read more →

A Democratic People’s Republic of Korea (DPRK)-linked threat actor tracked as TA406 has intensified cyber espionage efforts against Ukrainian government entities since February 2025, deploying sophisticated phishing campaigns aimed at stealing login credentials and deploying reconnaissance malware. The group, which…

Read more →

In May 2025, cybersecurity researchers from Cisco Talos and The Vertex Project announced a groundbreaking methodology to combat the rising trend of compartmentalized cyberattacks, where multiple threat actors collaborate to execute distinct stages of an intrusion. This shift from single-actor…

Read more →

The Node.js project has issued urgent security updates after disclosing a high-severity vulnerability that could allow remote attackers to crash Node.js processes, potentially halting critical services and causing widespread denial of service across affected systems. High-Severity Flaw: CVE-2025-23166 The vulnerability,…

Read more →

The Xanthorox tool first appeared on dark web forums and cybersecurity blogs in April 2025. Xanthorox is not just another rogue AI chatbot; it is a purpose-built, self-hosted artificial intelligence platform designed from the ground up to facilitate cybercrime. Unlike previous blackhat…

Read more →

Cybercriminals are increasingly weaponizing generative AI and large language models (LLMs) like ChatGPT, Claude, and DeepSeek to automate exploit development, bypass security safeguards, and refine malware campaigns. According to a recent report by the S2W Threat Intelligence Center (TALON), dark…

Read more →

A new botnet family named HTTPBot has emerged as a critical threat to the Windows ecosystem, leveraging sophisticated HTTP-based distributed denial-of-service (DDoS) attacks to disrupt high-value targets. First observed in August 2024, HTTPBot’s activity surged in April 2025, with attacks…

Read more →

The healthcare sector faces an unprecedented surge in cyberattacks from nation-state actors seeking to disrupt critical IT infrastructure and operational technology (OT) systems. Since early 2024, advanced persistent threat (APT) groups linked to Iran, North Korea, and China have exploited…

Read more →

As macOS adoption grows, so does its attractiveness to cybercriminals. Recent reports reveal a 60% surge in macOS market share over three years, correlating with a dramatic escalation in sophisticated adware, infostealers, and malware-as-a-service (MaaS) campaigns. While Apple’s built-in defenses,…

Read more →

A critical vulnerability in Microsoft’s BitLocker full disk encryption, demonstrating that it can be bypassed in under five minutes using a software-only attack dubbed “Bitpixie” (CVE-2023-21563). A public proof-of-concept (PoC) exploit has now been released, highlighting the severity of the…

Read more →

In 2024, the healthcare sector faced an unprecedented wave of cyber attacks, with 276 million patient records exposed globally. Among the most insidious threats was MedStealer, a malware strain that targeted electronic health records (EHRs), insurance databases, and patient portals.…

Read more →

As organizations face sophisticated cyber threats in 2025, securing Windows Server environments has become more critical than ever. With the release of Windows Server 2025, Microsoft has introduced enhanced security features and hardening capabilities designed to protect against the latest…

Read more →

The Linux ecosystem, long celebrated for its open-source ethos and robust security architecture, faces an escalating threat landscape dominated by sophisticated supply chain attacks. Recent incidents, including the near-catastrophic XZ Utils backdoor, malicious Go modules delivering disk-wiping payloads, and compromised…

Read more →

A newly discovered malicious Python package, solana-token, has been weaponized to steal source code and sensitive secrets from developers working on Solana blockchain applications. Uploaded to the Python Package Index (PyPI), the module masqueraded as a legitimate utility for Solana-based…

Read more →

Europol announced on May 14 that law enforcement agencies have dismantled a sophisticated criminal parallel banking network operating across multiple European countries. The operation, conducted on January 14, 2025, resulted in the arrest of 17 individuals and the seizure of…

Read more →

Google has released an urgent security update for Chrome to patch a critical vulnerability that hackers are actively exploiting in the wild. The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and…

Read more →

As digital threats grow in sophistication, the cybersecurity sector has ignited a funding frenzy, with startups raising $1.7 billion in April 2025 alone ahead of the RSA Conference in San Francisco. This influx underscores investor confidence in technologies poised to redefine global…

Read more →

Identity theft has reached unprecedented levels in 2024, fueled by increasingly sophisticated criminal tactics that exploit technological advancements and systemic vulnerabilities. Recent reports from law enforcement, cybersecurity firms, and regulatory agencies reveal a stark escalation in the volume and complexity…

Read more →

The race between cybersecurity professionals and malicious hackers has reached alarming speeds in 2025, with new data revealing that more than a quarter of software vulnerabilities are now exploited within 24 hours of disclosure. This rapidly shrinking window between vulnerability…

Read more →

The digital frontlines of modern conflict have expanded dramatically in 2025, with state-sponsored hackers from China, Russia, North Korea, and Iran executing sophisticated attacks against energy grids, telecommunications networks, and transportation systems worldwide. These operations, often masked as routine cybercrime,…

Read more →

Malware doesn’t need fancy tools to be dangerous. Sometimes, all it takes is WMIC, a quiet, native utility that’s still doing damage.   In the past weeks, we’ve seen a consistent pattern in some ANY.RUN sandbox sessions: malware keeps reaching for…

Read more →

A new attack vector where cybercriminals are weaponizing Google Calendar invites to deliver malware, using a sophisticated obfuscation technique involving just a single visible character that hides malicious code. This discovery highlights how threat actors are evolving their tactics to…

Read more →

Adobe has released a critical security update for its popular design software Illustrator, addressing a severe vulnerability that could allow attackers to execute arbitrary code on targeted systems.  The security bulletin details a heap-based buffer overflow vulnerability that affects multiple…

Read more →

Entro Security, a pioneer in Non-Human Identity (NHI) and Secrets Security, and Wiz, a leading cloud security platform, have announced a strategic partnership that brings together Entro’s NHI security platform with Wiz’s Data Security Posture Management (DSPM) capabilities. Announced on…

Read more →

Adobe has released critical security updates for Photoshop on both Windows and macOS platforms after discovering multiple severe vulnerabilities that could allow attackers to execute arbitrary code on victims’ systems.  The security bulletin addresses three critical flaws affecting Photoshop 2025…

Read more →

Samsung has disclosed a critical security vulnerability (CVE-2025-4632) affecting its MagicINFO 9 Server platform, a widely deployed content management system used for digital signage across retail, transportation, healthcare, and corporate environments worldwide.  The flaw allows unauthenticated attackers to write arbitrary…

Read more →

Microsoft Security Response Center (MSRC) has released important security updates to address a critical vulnerability in Windows Remote Desktop Gateway (RD) service tracked as CVE-2025-26677 that could allow unauthorized attackers to trigger denial of service (DoS) conditions, potentially disrupting remote…

Read more →

Cybersecurity experts have unveiled sophisticated techniques to identify potential abuse of Azure Managed Identities (MIs), addressing a critical but often overlooked security concern in cloud environments. Azure MIs streamline credential management by eliminating the need for manual secret handling, yet…

Read more →

Microsoft addressed a significant security flaw in its Outlook email client during the May 2025 Patch Tuesday, releasing fixes for 72 vulnerabilities across its ecosystem.  Among these, CVE-2025-32705-a remote code execution (RCE) vulnerability in Microsoft Outlook has drawn attention due…

Read more →

A sophisticated threat actor known as Earth Ammit has launched coordinated multi-wave attacks targeting drone supply chains, primarily in Taiwan’s military and satellite industries. The group, which security researchers have linked to Chinese-speaking APT groups, has executed two distinct campaigns…

Read more →

In April 2025, security researchers identified a sophisticated campaign targeting critical infrastructure networks worldwide through a previously unknown vulnerability in SAP NetWeaver Visual Composer. The vulnerability, tracked as CVE-2025-31324, allows unauthenticated attackers to upload malicious files and gain remote code…

Read more →

The rapid adoption of electric vehicles (EVs) has introduced unprecedented cybersecurity risks. Hackers exploit vulnerabilities in charging infrastructure, vehicle software, and grid connectivity to threaten driver safety, data privacy, and energy systems. Recent research reveals systemic weaknesses across the EV…

Read more →

Critical vulnerabilities were identified in TheGem, a premium WordPress theme with more than 82,000 installations worldwide.  Researchers identified two separate but interconnected vulnerabilities in TheGem theme versions 5.10.3 and earlier.  When combined, these vulnerabilities create a dangerous attack vector that…

Read more →

A sophisticated phishing operation exploiting compromised Indiana government sender accounts to distribute fraudulent TxTag toll collection messages.  The campaign, which emerged this week, leverages the GovDelivery communications platform to lend legitimacy to the scam emails targeting unsuspecting recipients nationwide. Sophisticated…

Read more →

Microsoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services (AD CS) that could allow attackers to perform denial-of-service attacks over a network.  The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and…

Read more →

Google Threat Intelligence has launched a new blog series aimed at empowering security professionals with advanced threat hunting techniques, kicking off with a deep dive into detecting malicious .desktop files on Linux systems. .desktop files, standard configuration files in Linux…

Read more →

A newly disclosed security flaw in Microsoft Defender for Endpoint could allow attackers with local access to elevate their privileges to SYSTEM level, potentially gaining complete control over affected systems.  The vulnerability, tracked as CVE-2025-26684, was patched as part of…

Read more →

Microsoft’s May 2025 Patch Tuesday has addressed several critical vulnerabilities in Windows Remote Desktop services that could allow attackers to execute malicious code remotely. Security experts are urging users to apply these patches immediately to safeguard their systems against potential…

Read more →

Microsoft has rolled out Windows 11 Insider Preview Build 26200.5600 (KB5058493) to the Dev Channel, bringing a host of new features, improvements, and fixes for Windows Insiders. Announced by Amanda Langowski and Brandon LeBlanc, this update introduces enhanced Copilot+ PC…

Read more →

Microsoft has disclosed a critical memory corruption vulnerability in its Scripting Engine (CVE-2025-30397), which allows unauthorized attackers to execute code remotely over a network. The flaw, classified as “Important” and tracked under CWE-843 (Type Confusion), was released as part of…

Read more →

Microsoft has patched an actively exploited zero-day vulnerability in the Windows Ancillary Function Driver for WinSock (afd.sys) as part of its May 2025 Patch Tuesday release. Tracked as CVE-2025-32709, this “use-after-free” vulnerability allowed attackers to elevate privileges and gain administrator…

Read more →

Microsoft has patched a critical zero-day vulnerability in the Windows Desktop Window Manager (DWM) Core Library, tracked as CVE-2025-30400, which was actively exploited in the wild to grant attackers SYSTEM-level privileges on affected systems. The flaw, disclosed as part of…

Read more →

Microsoft released two significant cumulative updates for Windows 11, KB5058411 and KB5058405, targeting improved security and system performance across various versions of the operating system. These updates, part of Microsoft’s monthly quality update cycle, address critical security vulnerabilities and introduce…

Read more →

Ivanti has released security updates to address a critical authentication bypass vulnerability in its Neurons for ITSM (IT Service Management) solution that could allow unauthenticated attackers to gain administrative access to vulnerable systems. Disclosed on May 13, 2025, the flaw…

Read more →

Fortinet has disclosed a critical stack-based buffer overflow vulnerability (CVE-2025-32756) affecting multiple products in its security portfolio, with confirmed exploitation targeting FortiVoice systems in the wild. The vulnerability, assigned a CVSS score of 9.6, allows remote unauthenticated attackers to execute…

Read more →

Ivanti has disclosed a high-severity security vulnerability affecting its Cloud Services Application (CSA) that could allow attackers to escalate privileges on vulnerable systems. The security flaw, tracked as CVE-2025-22460, was announced on May 13, 2025, as part of Ivanti’s ongoing…

Read more →

Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws. The updates cover a wide range of software, including Windows, Microsoft Office,…

Read more →

Microsoft has confirmed that threat actors are actively exploiting two critical vulnerabilities in the Windows Common Log File System (CLFS) driver to gain SYSTEM-level privileges on compromised systems. The vulnerabilities, tracked as CVE-2025-32706 and CVE-2025-32701, were addressed in the May…

Read more →

Ivanti has issued an important security advisory addressing vulnerabilities in open-source libraries used in its Endpoint Manager Mobile (EPMM) solution. The company announced today that a small number of customers have already experienced exploitation of these vulnerabilities, prompting immediate action…

Read more →

Fortinet has disclosed a significant security vulnerability affecting multiple Fortinet products, allowing attackers to bypass authentication and gain administrative access to affected systems. The vulnerability, CVE-2025-22252 (Missing Authentication for Critical Function), affects FortiOS, FortiProxy, and FortiSwitchManager products configured to use…

Read more →

A sophisticated cyber espionage campaign dubbed “Swan Vector” has emerged targeting organizations across East Asia, particularly in Taiwan and Japan. The threat actors behind this operation have deployed a multi-stage attack chain utilizing malicious LNK shortcuts and custom DLL implants…

Read more →

Phishing remains a pervasive cybersecurity threat responsible for over 80% of security incidents, costing businesses billions annually and eroding trust. Threat intelligence real-time, actionable data on cyber threats, actors, and tactics —empowers organizations to stay ahead of these risks. Tools…

Read more →

British retail giant Marks & Spencer has confirmed that customer personal information was compromised in the recent cyber attack that has crippled its digital operations for over three weeks.  The incident, which began during Easter weekend, has resulted in continued…

Read more →

Cybersecurity professionals constantly seek more effective penetration testing tools to stay ahead of threat actors and properly assess organizational defenses. A recent innovation in this field comes from security researchers who have developed a specialized agent for the Mythic framework…

Read more →

Zoom Video Communications disclosed multiple vulnerabilities affecting its Workplace Apps across various platforms, including Windows, macOS, Linux, iOS, and Android.  These vulnerabilities pose significant risks such as privilege escalation, denial-of-service (DoS), and remote code execution, potentially allowing attackers to compromise…

Read more →

Apache Superset, the popular open-source data visualization and business intelligence platform, has been found to have a significant security vulnerability.  The vulnerability, CVE-2025-27696, allows authenticated users with read permissions to take over ownership of dashboards, charts, and datasets through improper…

Read more →

In a concerning development for cybersecurity professionals and everyday users alike, sophisticated threat actors have begun targeting KeePass, one of the most popular open-source password managers, to distribute malware and exfiltrate sensitive credentials. The campaign, which appears to have begun…

Read more →

Broadcom has released an urgent security advisory for a high-severity DOM-based Cross-Site Scripting (XSS) vulnerability affecting VMware Aria automation products. The vulnerability, tracked as CVE-2025-22249, could allow attackers to steal access tokens from logged-in users, potentially leading to unauthorized system…

Read more →