New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts
Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…
CISA warns of actively exploited Dassault RCE vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw…
The first three things you’ll want during a cyberattack
The moment a cyberattack strikes, the clock starts ticking. Files lock up, systems stall, phones light up and the pressure skyrockets. Every…
Man gets over 4 years in prison for selling unreleased movies
A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison…
New HybridPetya ransomware can bypass UEFI Secure Boot
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on…
SEO Poisoning Attack Hits Windows Users With Hiddengh0st and Winos Malware
New SEO poisoning campaign exposed! FortiGuard Labs reveals how attackers trick users with fake websites to deliver Hiddengh0st and Winos…
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer, ConnectWise…
Samsung patches actively exploited zero-day reported by WhatsApp
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android…
U.S. Senator accuses Microsoft of “gross cybersecurity negligence”
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for…
Panama Ministry of Economy discloses breach claimed by INC ransomware
Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a…
Microsoft adds malicious link warnings to Teams private chats
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as…
Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack
US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital,…
New Google AppSheet Phishing Scam Deliver Fake Trademark Notices
A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using legitimate tools…
UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data
LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but customers are…
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden, and install…
DDoS defender targeted in 1.5 Bpps denial-of-service attack
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion…
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but…
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware
Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations.…
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
LevelBlue Labs has published new research on a recent attack that used a fileless loader to deliver AsyncRAT, a well-known Remote Access…
Pixel 10 fights AI fakes with new Android photo verification tech
Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic,…
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as…
Jaguar Land Rover confirms data theft after recent cyberattack
Jaguar Land Rover (JLR) confirmed today that attackers also stole “some data” during a recent cyberattack that forced it to…
Can I have a new password, please? The $400M question.
Back in August 2023, attackers tied to the Scattered Spider group didn’t exploit a zero-day vulnerability to
U.S. sanctions cyber scammers who stole billions from Americans
The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10…
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation…
Windows 10 KB5065429 update includes 14 changes and fixes
Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including…
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed…
Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace
Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. Kosovar…
US charges admin of LockerGoga, MegaCortex, Nefilim ransomware
The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the…
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call…
How External Attack Surface Management helps enterprises manage cyber risk
Every day, businesses spin up new digital services (websites, APIs, and cloud instances) and it can be for security teams to keep track.…
Microsoft: Anti-spam bug blocks links in Exchange Online, Teams
Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams…
SAP fixes maximum severity NetWeaver command execution flaw
SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the…
Plex tells users to reset passwords after new data breach
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal…
TamperedChef infostealer delivered through fraudulent PDF Editor
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an…
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The…
Microsoft to enforce MFA for Azure resource management in October
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure…
Google warns Salesloft breach impacted some Workspace accounts
Google now reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to…
Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic’s Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop…
Passwordstate dev urges users to patch auth bypass vulnerability
Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity…
Police seize VerifTools fake ID marketplace servers, domains
The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in…
MATLAB dev says ransomware gang stole data of 10,000 people
MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over…