The Miasma campaign uses obfuscated install hooks in legitimate npm packages to steal credentials and secrets from developer machines while actively avoiding Russian language systems.
Leading organizations are moving beyond simply deploying EDR platforms to building sustainable response workflows that close the operational gap between…
Armur AI's new open-source platform uses swarm intelligence to coordinate penetration testing tools like nmap and Metasploit through decentralized agent…
IBM discloses a critical unauthenticated remote code execution vulnerability in WebSphere Application Server's Web Server Plug-ins component affecting versions 8.5…
Dashlane automatically locked user accounts after detecting a coordinated brute force attack that attempted to bypass two factor authentication by…
The Android Framework vulnerability allows remote privilege escalation without user interaction, impacting devices running Android 14 through 16 QPR2.
MSPs are adopting integrated Security Growth Platforms that combine program management, decision intelligence, and revenue tools as an alternative to…
The Operation Dragon Weave campaign targets Czech and Taiwanese officials through spear phishing emails that deploy an AdaptixC2 agent using…
The flaw allows attackers to bypass origin restrictions through DNS rebinding, potentially exposing enterprise database connectors to unauthorized access.
An unauthenticated PHP object injection flaw in Mirasvit Cache Warmer allows attackers to execute arbitrary code on any public Magento…
Iran-linked hackers destroyed IT, backup, and recovery systems at LA Metro, South Florida transit, and a GPS tracking firm in a campaign that prevented data restoration.
Threat actors manipulated Meta's AI assistant on Instagram to reset passwords and steal premium account handles, selling them on Telegram…
Threat group GREYVIBE is using ChatGPT and Google Gemini to craft phishing lures, develop malware, and target Ukrainian government and…
Privileged containers and insecure capability assignments are giving attackers a reliable path from container breakout to full host compromise across…
Attackers are exploiting a privilege escalation bug in the WP Maps Pro WordPress plugin to create unauthorized administrator accounts on vulnerable websites.
A Microsoft 365 outage is preventing users from setting up multi-factor authentication or accessing the MySigns-In portal, with no root cause or resolution timeline provided yet.
The emergency patches address a high severity identity spoofing flaw in AI workflow runners and a denial of service bug in the Wiki component for self managed instances.
A healthcare data leak exposing biometrics and financial details and a separate Chrome zero day exploit underscore the growing urgency of prompt patching across all sectors.
Dutch law enforcement seized servers from a hosting provider to dismantle a botnet that had compromised over 17 million devices…
The offline forensic tool scans mounted disk images and forensic collections to identify persistence mechanisms across three operating systems in…
Microsoft's emergency cumulative update permanently resolves a critical installation failure that crashed Windows 11 systems during the Patch Tuesday reboot…
A rogue NuGet package impersonating the Sicoob banking SDK secretly exfiltrated certificate credentials and transaction data to a legitimate telemetry…
Threat actors are actively exploiting an authentication bypass flaw in Palo Alto Networks PAN OS that allows forged cookies to…
The BTMOB malware as a service platform provides cybercriminals with a no code builder to generate custom Android trojans tailored…
