Attackers are exploiting a privilege escalation bug in the WP Maps Pro WordPress plugin to create unauthorized administrator accounts on vulnerable websites.
A Microsoft 365 outage is preventing users from setting up multi-factor authentication or accessing the MySigns-In portal, with no root…
The emergency patches address a high severity identity spoofing flaw in AI workflow runners and a denial of service bug…
A healthcare data leak exposing biometrics and financial details and a separate Chrome zero day exploit underscore the growing urgency…
Dutch law enforcement seized servers from a hosting provider to dismantle a botnet that had compromised over 17 million devices…
The offline forensic tool scans mounted disk images and forensic collections to identify persistence mechanisms across three operating systems in…
Microsoft's emergency cumulative update permanently resolves a critical installation failure that crashed Windows 11 systems during the Patch Tuesday reboot…
A rogue NuGet package impersonating the Sicoob banking SDK secretly exfiltrated certificate credentials and transaction data to a legitimate telemetry…
Threat actors are actively exploiting an authentication bypass flaw in Palo Alto Networks PAN OS that allows forged cookies to…
The BTMOB malware as a service platform provides cybercriminals with a no code builder to generate custom Android trojans tailored…
Researchers show that adding malicious Markdown payloads to web pages can trick ChatGPT into serving phishing links, fake alerts, and QR codes within its trusted interface.
A threat actor used an LLM agent to automate post exploitation tasks after exploiting a Marimo notebook vulnerability, extracting cloud…
Two interconnected supply chain campaigns exploited the Nx Console VS Code extension and GitHub Actions workflows, stealing CI/CD secrets and…
Attackers impersonate Signal Support via text message, tricking users into revealing recovery keys that unlock encrypted message archives.
Michele Spagnuolo used internal Google 'Year in Search' data to win $1.2 million on Polymarket, leading to federal charges for insider trading.
A newly disclosed argument injection flaw in the Gogs self-hosted Git service allows authenticated attackers to execute arbitrary code on exposed servers, with no patch yet available from maintainers.
Unified SIEM platforms help MSPs correlate fragmented security signals into a single incident narrative, cutting investigation time and reducing alert fatigue.
The DDoS for hire market has evolved from scattered scripts to polished commercial platforms with subscription plans, botnet powered infrastructure, and customer support, making disruption accessible to anyone with a…
Oracle's new monthly Critical Security Patch Update model delivers 35 urgent fixes across database, middleware, and communications products with several…
Attack Campaign OverviewA North Korean advanced persistent threat group known as Kimsuky has been linked to a series of cyberattacks…
A flaw in OpenVPN Connect's macOS privileged helper allows local attackers to execute commands as root via the IPC channel,…
A local privilege escalation bug in the Linux kernel's CIFS client allows unprivileged users to gain full system root access…
The lawsuit alleges 23andMe failed to implement basic security measures against credential stuffing attacks, exposing sensitive genetic and health data…
Over 2,000 corporate applications built by non developer employees using AI platforms were found exposed on the open internet with…
