Customer Authentication Challenges That Impact Your Organization’s Security Posture
Introduction In today’s cybersecurity landscape, CISOs face the challenge of securing data while managing costs effectively. As cyber…
Interpol Cracks Down on Large-Scale African Scamming Networks
A transnational operation involving 14 African countries has taken down a large-scale digital scamming network, leading to 260 arrests and the…
Critical Vulnerability in Salesforce AgentForce Exposed
A critical vulnerability chain in Salesforce's AI-powered AgentForce platform has been discovered by cybersecurity researchers. The flaw,…
Malicious AI Agent Server Reportedly Steals Emails
A popular Model Context Protocol (MCP) server used to deploy AI agents has turned malicious in one of its latest updates, according to Koi…
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The…
US Federal Agency Breached Via GeoServer Vulnerability
IntroductionIn September 2025, CISA confirmed that a major breach had impacted a US federal agency through the exploitation of a critical…
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero…
SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)
SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular…
CISA Says Failure to Patch, Untested IRP, Silent EDR Alerts, Led to a Federal Agency Breach
CISA this week offered a rare window into a real-world breach at a U.S. federal civilian agency. Delays in patching, unexercised incident…
Supermicro server motherboards can be infected with unremovable malware
Servers running on motherboards sold by Supermicro contain high-severity vulnerabilities that can allow hackers to remotely install malicious…
Federal Agency Compromised Via GeoServer Exploit, CISA Reveals
A federal agency was compromised last year after failures in vulnerability remediation, incident response and EDR log reviews, according to…
Google Chrome Patches Three High-Severity Flaws in V8 Engine
Google has released a Stable Channel Update for Desktop with builds 140.0.7339.207/.208 for Windows and Mac and 140.0.7339.207 for Linux. The…
OnePlus leaves researchers on read over Android bug that exposes texts
Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS…
Attacker Breakout Time Falls to 18 Minutes
Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new…
Review: Practical Purple Teaming
Practical Purple Teaming is a guide to building stronger collaboration between offensive and defensive security teams. The book focuses on how…
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway…
Why the Cybersecurity Talent Shortage is a Global Threat
In the era of digital transformation, where data flows across borders and devices, data security is paramount. Cyberattacks are no longer…
Microsoft Entra ID Exposed: Actor Token Flaw Enables Stealthy Global Admin Takeove
A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed…
Countering The Adaptive Playbook of Modern Threat Actors
The cybersecurity landscape has seen a substantial threat vector transformation. While malware and ransomware continue to be relevant threats,…
Why “Time to Patch” Is the Cybersecurity KPI That Matters Most
The way your organization manages its risk tolerance and regulatory factors are key performance indicators (KPIs) for assessing your…
GoAnywhere MFT Hit By Perfect 10 RCE
IntroductionOn September 18, 2025, Fortra dropped urgent security advisories for users of their flagship GoAnywhere Managed File Transfer…
Ivanti EPMM holes let miscreants plant shady listeners, CISA says
An unknown attacker has abused a couple of flaws in Ivanti Endpoint Manager Mobile (EPMM) and deployed two sets of malware against an unnamed…
How the U.S. Can Strengthen Its Cyber Defenses Against Nation-State Threats
The American power grid is not just the backbone of modern life. It’s a high-value target in our new era of geopolitical conflict. As…
CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting…
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs…
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as…
CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR), highlighting a new attack trend…
CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation
A newly disclosed vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) platform has been assigned CVE-2025-10035, carrying…
SonicWall says attackers compromised some firewall configuration backup files
Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall…
1 in 3 Android Apps Leak Sensitive Data
A significant share of mobile applications are exposing sensitive information through insecure APIs, leaving users and businesses vulnerable…
Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
Google has released a security update for the Chrome stable channel to fix a zero‑day vulnerability (CVE-2025-10585) reported by its…
NCA Singles Out “The Com” as it Chairs Five Eyes Group
The UK’s leading serious and organized crime agency has said it will harness the full force of law enforcement across Five Eyes countries to…
Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild
Google has released a Stable Channel update to version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux, addressing four…
Phoenix (CVE-2025-6202): A New Rowhammer Attack Bypasses DDR5 Protections
Researchers from ETH Zurich have unveiled Phoenix, a new Rowhammer attack that successfully bypasses in-DRAM mitigations in all tested SK…
From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published
Security researcher Volticks has published a deep technical writeup on CVE-2025-21692, a vulnerability in the Linux kernel’s Enhanced…
How LLMs can be compromised in 2025 | Kaspersky official blog
Developers of LLM-powered public services and business applications are working hard to ensure the security of their products, but the…
FileFix Campaign Using Steganography and Multistage Payloads
A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell script and encrypted…
Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution
Multiple CVEs in the Chaos-Mesh platform have been discovered, including three critical vulnerabilities that allow in-cluster attackers to run…
Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code
A critical vulnerability has been discovered in WatchGuard’s Firebox firewalls, which could allow a remote, unauthenticated attacker to…
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation…
Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault…
Digital Transformation Failures: A National Security Crisis in the Making
In the hyperconnected world, digital transformation has become synonymous with progress, efficiency and innovation. For governments, business…