Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show…
Whisper 2FA Behind One Million Phishing Attempts Since July
The phishing platform “Whisper 2FA” has rapidly become one of the most active tools used in large-scale credential theft…
Windows Remote Access Connection Manager 0-Day Vulnerability Exploited in Attacks
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan)…
Chrome Fix: New Use-After-Free Flaw (CVE-2025-11756) in Safe Browsing Component Poses High Risk
Google has released a new Stable Channel Update for Desktop, rolling out gradually to Windows, macOS, and Linux systems over the coming days…
Sweatpants & Cyberthreats: Managing Remote Employee Risk
The remote work revolution did not just change where we work, it redefined how we secure our workplaces. The shift, which was accelerated by…
Hacker Group TA585 Emerges With Advanced Attack Infrastructure
A newly identified cybercriminal group, TA585, has been uncovered by cybersecurity researchers for running one of the most autonomous and…
New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds
Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including…
Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover
After discovering that hackers were exploiting a zero-day in the Chakra JavaScript engine used by Internet Explorer versions 9, 10, and 11,…
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent updates for Elastic Cloud Enterprise (ECE) to patch a critical (CVE-2025-37729) that could allow attackers with…
Hackers Target ScreenConnect Features For Network Intrusions
A rise in cyber-attacks exploiting remote monitoring and management (RMM) tools for initial access via phishing has been observed by…
AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant?
How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager –…
Your Alerts Are Increasing Your Cybersecurity Risk
At their core, alerts exist to bring attention to something meaningful: an indicator of compromise (IOC), an indicator of attack (IOA), or a…
Spain Arrests Alleged Leader of GXC Team Cybercrime Network
Spanish authorities have arrested a 25-year-old Brazilian national accused of leading the “GXC Team” – a…
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from…
Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM)
In today’s cybersecurity landscape, identity is no longer just a credentialing concern; it is the battleground. Modern cyber defenses…
Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)
The Zero Day Initiative (ZDI) has published details of two critical in the popular open-source compression utility 7-Zip, which could allow…
How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics
Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better…
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has launched a new AI Vulnerability Reward Program (VRP), which is offering base rewards of up to $30,000 for bugs identified in the…
‘Payroll Pirate’ Attacks Target U.S. Universities, Diverting Employee Salaries
Microsoft Threat Intelligence has revealed a spate of financially motivated cyberattacks against universities across the United States. The…
Researchers Warn of Security Gaps in AI Browsers
A new report by security researchers at SquareX Labs has identified several architectural security weaknesses in AI browsers, including…
ClayRat Spyware Campaign Targets Android Users in Russia
A rapidly evolving Android spyware campaign known as “ClayRat” has been discovered targeting Russian users through Telegram…
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify…
Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue
A sharp rise in digital fraud is costing companies worldwide an average of 7.7% of annual revenue, according to TransUnion’s H2 2025…
Critical AWS VPN Client Flaw CVE-2025-11462 (CVSS 9.3) Allows Root Privilege Escalation on macOS
Amazon Web Services (AWS) has released an important bulletin warning users of a critical local privilege escalation in the AWS Client VPN…
Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog
A cross-site scripting (XSS) in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has been confirmed to be…
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…
Qilin Claims Ransomware Attack on Mecklenburg Schools
A ransomware attack that disrupted operations at Mecklenburg County Public Schools (MCPS) in early September has been claimed by the Russian…
Security in AI Era: Protecting AI Workloads with Google Cloud
Network Infrastructure & Security are the foundation any day even in the AI era. The evolution of artificial intelligence, along with…
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of…
Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
A vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) tool with a CVSS score of 10.0 is being actively exploited in…
Ransomware Group “Trinity of Chaos” Launches Data Leak Site
A new data leak site hosted on the TOR network has been launched by the “Trinity of Chaos” – a ransomware collective…
Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Renault Informs Customers of Supply Chain Data Breach
Carmaker Renault has been forced to notify an unspecified number of customers that their personal data may have been compromised by threat…
ParkMobile pays… $1 each for 2021 data breach that hit 22 million
ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…
The Good, the Bad and the Ugly in Cybersecurity – Week 40
The Good | UK Convicts “Bitcoin Queen” in World’s Largest Cryptocurrency Seizure This week, a court in the UK convicted…
Critical Splunk Vulnerabilities Expose Platforms to Remote JavaScript Injection and More
Splunk has disclosed six critical security vulnerabilities impacting multiple versions of both Splunk Enterprise and Splunk Cloud Platform.…
Google Announces $4 Billion Arkansas Investment for New AI Data Center and 600 MW Solar Project
Google has announced plans to invest up to $4 billion in Arkansas by 2027, channeling resources into infrastructure, energy transition, and…
Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites
A new has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially exposing millions of websites to cross-site…
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor
The Confucius group, a long-running cyber-espionage actor first identified in 2013, has resurfaced with a new wave of operations across South…
US Government Shutdown to Slash Federal Cybersecurity Staff
The US government shutdown will severely deplete federal cybersecurity capabilities, with the Cybersecurity and Infrastructure Security Agency…
Confucius Shifts from Document Stealers to Python Backdoors
A long-running cyber-espionage group known as Confucius has introduced new techniques in its campaigns against Microsoft Windows users. First…