VMScape attack | Kaspersky official blog
A team of researchers at the Swiss Federal Institute of Technology in Zurich (ETH Zurich) has published a research paper demonstrating how a…
Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge
Organizations must urgently update their defenses to protect against tactics deployed by the Scattered Spider hacking collective this year,…
Why VPNs Fail for Hybrid Workforces and The Importance of Privileged Access Management (PAM) To Protect Against Third-Party Risks
Let’s start by being clear that what you need to do to support “hybrid work” versus a “hybrid workforce”…
Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test
Three major providers of cybersecurity solutions have decided not to take part in the 2025 edition of MITRE’s annual endpoint detection and…
Why the Cybersecurity Talent Shortage is a Global Threat
In the era of digital transformation, where data flows across borders and devices, data security is paramount. Cyberattacks are no longer…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version…
Airport Chaos Enters Third Day After Supply Chain Attack
A suspected cyber-attack targeting a third-party software supplier has caused major flight cancellations and delays at several European…
Apple’s In-House Chips Pave the Way for On-Device AI Revolution
In recent years, Apple has vigorously advanced its strategy of self-developing chips, evolving from the A-series and M-series processors to…
Countering The Adaptive Playbook of Modern Threat Actors
The cybersecurity landscape has seen a substantial threat vector transformation. While malware and ransomware continue to be relevant threats,…
Strengthening Cybersecurity in Healthcare: Protecting Patient Data and Ensuring Regulatory Compliance in a Digital Age
Cybersecurity in Healthcare As healthcare increasingly relies on digital technologies, the urgency for robust cybersecurity measures has never…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
Why “Time to Patch” Is the Cybersecurity KPI That Matters Most
The way your organization manages its risk tolerance and regulatory factors are key performance indicators (KPIs) for assessing your…
GoAnywhere MFT Hit By Perfect 10 RCE
IntroductionOn September 18, 2025, Fortra dropped urgent security advisories for users of their flagship GoAnywhere Managed File Transfer…
Top Zero-Day Vulnerabilities Exploited in the Wild in 2025
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors.…
WannaCry Ransomware: A DFIR & SOC Monitoring Lab Walkthrough
Hello fellow defenders, I hope you are having a great day. In this article, I’m going to show you how you can make a cybersecurity home…
Fortra Fixes 10.0 GoAnywhere MFT Vulnerability. Patch Now!
Fortra has fixed a maximum-severity vulnerability in its GoAnywhere Managed File Transfer (MFT) software, and users are urged to patch…
The Good, the Bad and the Ugly in Cybersecurity – Week 38
The Good | Federal Courts Crack Down on BreachForums & UNC3944 Cybercrime Operators Conor Brian Fitzpatrick, the 22-year-old operator of…
How the U.S. Can Strengthen Its Cyber Defenses Against Nation-State Threats
The American power grid is not just the backbone of modern life. It’s a high-value target in our new era of geopolitical conflict. As…
CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting…
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs…
Researchers Uncover Link Between Belsen and ZeroSeven Cybercriminal Groups
Cybersecurity researchers have identified a potential connection between two Yemen-based cybercriminal organizations, the Belsen Group and…
Beyond Tick Boxes: An Auditor’s Perspective on Information Security Compliance
Introduction As cyber threats evolve and regulatory requirements tighten, businesses face increasing pressure to protect their sensitive data…
Zero-Click Vulnerability in ChatGPT's Agent Enables Silent Gmail Data Theft
A vulnerability in ChatGPT Deep Research agent allows an attacker to request the agent to leak sensitive Gmail inbox data with a single…
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as…
Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
Cybercriminals are abusing AI platforms to create and host fake CAPTCHA pages to enhance phishing campaigns, according to new Trend Micro…
U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack
Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged…
CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR), highlighting a new attack trend…
Intel’s Arc GPUs Are Safe, But a “Murky Future” Looms
With NVIDIA’s announcement of a $5 billion investment in Intel and confirmation that the two companies will jointly develop…
CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation
A newly disclosed vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) platform has been assigned CVE-2025-10035, carrying…
MuddyWater APT Shifts Tactics to Custom Malware
Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of…
GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware
The cyberthreat landscape has witnessed the emergence of another sophisticated ransomware operation as GOLD SALEM, a new threat actor group…
Pair of Suspected Scattered Spider Hackers Charged by UK, US Authorities
US and UK authorities have charged two suspected members of the infamous Scattered Spider cybercrime group with offenses connected to multiple…
Why Outdated Corporate Networks Are Analogous to the Aging U.S. Highway System
“Necessity is the mother of invention” has never been more fitting—whether you’re talking about America’s…
New York Blood Center Alerts 194,000 People to Data Breach
The New York Blood Center (NYBCe) has confirmed that nearly 194,000 people were affected by a data breach earlier this year. According to the…
SonicWall says attackers compromised some firewall configuration backup files
Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall…
Mapping a Future without Cyber Attacks
After countless attacks across a multitude of organizations, the cyber security industry has a fairly good grasp of how adversaries work, the…
SonicWall Discloses Compromise of Cloud Backup Service
Cybersecurity vendor SonicWall has disclosed a security incident affecting its cloud backup service for firewalls. An investigation found that…
VC Firm Insight Partners Notifies Victims After Ransomware Breach
A leading venture capital (VC) firm has revealed more details of a 2024 ransomware breach that impacted thousands of individuals. Insight…
SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift
SolarWinds has issued a security advisory regarding a major Salesforce data breach that exposed sensitive information from numerous companies…
NCA Singles Out “The Com” as it Chairs Five Eyes Group
The UK’s leading serious and organized crime agency has said it will harness the full force of law enforcement across Five Eyes countries to…
Deepfakes at the Gate: How Fake Job Applicants Are Becoming a Serious Cyber Threat
In recent months, the hiring process has become a new attack surface. Cybercriminals are no longer just spoofing emails or exploiting software…