28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide.…
Emulating the Expedited Warlock Ransomware
Introduction Warlock is a ransomware strain operating under the Ransomware-as-a-Service (RaaS) model that emerged in June 2025, following an…
Researchers Discover First Reported AI-Powered Ransomware
In what is reportedly a world-first, ESET researchers have discovered PrompLock, a generative AI-powered ransomware implant currently in…
Nevada “Network Security Incident” Shuts Down State Offices and Services
The State of Nevada has been hit by a “network security incident,” which has resulted in the closure of government offices and…
ShadowSilk Campaign Targets Central Asian Governments
A series of cyber-attacks against government organizations in Central Asia and the Asia-Pacific has been linked to a threat cluster known as…
Innovator Spotlight: CSide
August 27, 2025 Securing the Browser’s Blind Spot By Victoria Hargrove, CDM Reporter What CSide Does Most security stacks fortify…
Cross-domain Solutions: The Present and Future of a Growing Industry
Cross-domain solutions (CDS) consist of the secure exchange of information between security domains. This type of solution, which emerged as a…
Analysis of Apple’s ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities
Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day…
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious container to escape…
New Android Trojan Variant Expands with Ransomware Tactics
A new version of the Hook Android banking Trojan has surfaced, showcasing one of the most extensive feature sets ever recorded for mobile…
CIISec: Most Security Professionals Want Stricter Regulations
More than two-thirds (69%) of industry professionals have argued that current cybersecurity laws still aren’t strict enough, according…
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA…
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay…
Black Hat Ignites Under Vegas Lights
Driving through the quiet, endless beauty of the Nevada desert, I let the raspy voice of Jim Morrison carry me forward. “The End”…
Digital Nomads and Cybersecurity: Navigating the New Frontier of Work
We live in an era where your next big idea could come from an employee working out of a cafe in Tokyo or on the beach in Bali. The digital…
Securden Unified PAM Vulnerability Let Attackers Bypass Authentication
Cybersecurity researchers have uncovered a critical security flaw in Securden Unified PAM that allows attackers to completely bypass…
Citrix patches trio of NetScaler bugs – after attackers beat them to it
Citrix has pushed out fixes for three fresh NetScaler holes – and yes, they’ve already been used in the wild before the vendor got…
URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack
The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler ADC and…
Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It
Online PDF editors have become common tools for quick document manipulation, providing convenient alternatives to desktop software. However,…
CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks
CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via…
Tech Manufacturer Data I/O Hit by Ransomware
A leading data and security programming specialist is scrambling to restore operations after a ransomware incident, a new regulatory filing…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging…
Microst Restricts MAPP with China
The summer of 2025 brought a seismic shift in the way Microsoft engages with the global cybersecurity community. At the heart of the story: a…
Onderzoeker: ransomware-aanval op telecombedrijf Colt via SharePoint-server
De ransomware-aanval op het Britse telecombedrijf Colt heeft plaatsgevonden via een gecompromitteerde SharePoint-server, zo stelt…
NVIDIA’s New Ethernet Tech Turns Distributed Data Centers Into a Single AI “Superfactory”
Ddos August 25, 2025 At the HOT Chips conference, NVIDIA unveiled its Spectrum-XGS Ethernet, a technology extending the Spectrum-X…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete…
MURKY PANDA: A Trusted-Relationship Threat in the Cloud
Since late 2024, CrowdStrike Counter Adversary Operations has observed significant activity conducted by MURKY PANDA, a China-nexus adversary…
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month’s patches include fixes for one…
Weekly Cybersecurity News Recap : Apple 0-day, Chrome, Copilot Vulnerabilities and Cyber Attacks
This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront,…
25W Wireless Charging Arrives: Qi 2.2 Ushers in a New Era of Fast Power
Ddos August 24, 2025 The Wireless Power Consortium (WPC) has officially introduced the Qi 2.2 wireless charging standard, offering devices…
Apple Sues Ex-Engineer, Alleging He Stole Apple Watch Secrets for Rival Oppo
Ddos August 24, 2025 Apple has recently accused a former member of its Apple Watch development team of misappropriating trade secrets related…
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign
A sophisticated malvertising campaign which sought to deploy a variant of Atomic macOS Stealer (AMOS) has targeted hundreds of…
Datadog threat roundup: Top insights for Q2 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…
Backdoors & Breaches gameplay guide
At DASH 2025, we released a Datadog expansion pack of Backdoors & Breaches, a popular incident response card game by Black Hills…
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker
Executive summary Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team…
I SPy: Escalating to Entra ID's Global Admin with a first-party app
This research was presented at fwd:cloudsec North America on June 30th, 2025. You can find the talk here. Key points Service principals (SPs)…
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions
Key points and observations Datadog Security Research discovered three malicious VS Code extensions that target Solidity developers on…
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale
Key points and observations Datadog Security Research has discovered a new Linux cryptojacking campaign, named RedisRaider, targeting publicly…
Datadog threat roundup: Top insights for Q1 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…