Threat actors are actively exploiting an authentication bypass flaw in Palo Alto Networks PAN OS that allows forged cookies to gain unauthorized VPN access through Global Protect gateways.
The BTMOB malware as a service platform provides cybercriminals with a no code builder to generate custom Android trojans tailored…
Researchers show that adding malicious Markdown payloads to web pages can trick ChatGPT into serving phishing links, fake alerts, and…
A threat actor used an LLM agent to automate post exploitation tasks after exploiting a Marimo notebook vulnerability, extracting cloud…
Two interconnected supply chain campaigns exploited the Nx Console VS Code extension and GitHub Actions workflows, stealing CI/CD secrets and…
Attackers impersonate Signal Support via text message, tricking users into revealing recovery keys that unlock encrypted message archives.
Michele Spagnuolo used internal Google 'Year in Search' data to win $1.2 million on Polymarket, leading to federal charges for…
A newly disclosed argument injection flaw in the Gogs self-hosted Git service allows authenticated attackers to execute arbitrary code on…
Unified SIEM platforms help MSPs correlate fragmented security signals into a single incident narrative, cutting investigation time and reducing alert…
The DDoS for hire market has evolved from scattered scripts to polished commercial platforms with subscription plans, botnet powered infrastructure,…
Oracle's new monthly Critical Security Patch Update model delivers 35 urgent fixes across database, middleware, and communications products with several remotely exploitable without credentials.
Attack Campaign OverviewA North Korean advanced persistent threat group known as Kimsuky has been linked to a series of cyberattacks…
A flaw in OpenVPN Connect's macOS privileged helper allows local attackers to execute commands as root via the IPC channel,…
A local privilege escalation bug in the Linux kernel's CIFS client allows unprivileged users to gain full system root access…
The lawsuit alleges 23andMe failed to implement basic security measures against credential stuffing attacks, exposing sensitive genetic and health data of nearly 7 million customers.
Over 2,000 corporate applications built by non developer employees using AI platforms were found exposed on the open internet with sensitive data accessible to anyone.
A Russian-linked group is using generative AI to develop custom malware and targeting Ukrainian organizations through phishing emails and fake CAPTCHA pages.
Attackers are abusing Microsoft Teams external collaboration features to pose as IT helpdesk staff, bypassing email security filters through voice phishing.
Attackers exploit FortiClient EMS to push previously undetected EKZ infostealer malware through trusted administrative scripts.
India's cybersecurity agency mandates that organizations patch actively exploited vulnerabilities in internet-facing systems within 12 hours, citing the rise of…
A fraudulent Sicoob.Sdk NuGet package steals client IDs and PFX certificates, potentially allowing attackers to impersonate Brazilian banking API integrations.
Microsoft warns that recent public disclosure of several zero-day vulnerabilities without prior notification has increased user risk by giving attackers…
Researchers uncovered a fake RVTools installer signed with a legitimate Sectigo certificate that bypasses Windows SmartScreen and delivers a remote…
The Chrome 148 update addresses 151 vulnerabilities, including 22 critical flaws in graphics, networking, and rendering components that could enable…
