Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targe…
DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute…
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing…
Critical Splunk Vulnerabilities Expose Platforms to Remote JavaScript Injection and More
Splunk has disclosed six critical security vulnerabilities impacting multiple versions of both Splunk Enterprise and Splunk Cloud Platform.…
Gmail business users can now send encrypted emails to anyone
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. To send an…
Hackers Target Unpatched Flaws in Oracle E-Business Suite
Oracle has advised customers that hackers may be exploiting vulnerabilities in unpatched instances of its E-Business Suite (EBS). This follows…
New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT
A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector…
WestJet Data Breach Impacts 1.2 Million Customers
Canadian airline WestJet has revealed that 1.2 million customers have been impacted by a data breach following a June 2025 cyber-attack. The…
CISA KEV Catalog Update October 2025 – Part I
CISA recently updated its Known Exploited Vulnerabilities (KEV) catalog with critical vulnerabilities across GNU Bash, Juniper, Samsung,…
Japan’s Beer Taps Fear Running Dry as Cyberattack on Asahi Disrupts Production
Japan’s largest brewery, Asahi Group Holdings, is racing against time as it struggles to recover from a cyberattack that has severely…
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded…
Your Easiest Fix: The 3 Golden Rules for a Password that AI Can’t Crack
October is here, and Cybersecurity Awareness Month 2025 is about to come into being. Department of Homeland Security (DHS) and CISA have…
Red Hat Confirms Data Breach After Hackers Claim to Steal 570GB of Private GitHub Repositories
Red Hat, the world’s leading enterprise open-source software provider, has officially confirmed a significant security incident…
Google Announces $4 Billion Arkansas Investment for New AI Data Center and 600 MW Solar Project
Google has announced plans to invest up to $4 billion in Arkansas by 2027, channeling resources into infrastructure, energy transition, and…
Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin
A newly disclosed in the Spirit Framework plugin for WordPress has put thousands of websites at immediate risk of compromise. Tracked as…
Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites
A new has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially exposing millions of websites to cross-site…
GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)
Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path traversal…
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor
The Confucius group, a long-running cyber-espionage actor first identified in 2013, has resurfaced with a new wave of operations across South…
Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352)
researcher StreyPaws has published an in-depth analysis of CVE-2025-38352, a Time-of-Check to Time-of-Use (TOCTOU) race condition in the…
Renault UK Customer Records Stolen in Third-Party Breach
Renault UK is informing customers that their personal data may have been compromised following a cyberattack on one of its third-party service…
Microsoft Outlook stops displaying inline SVG images used in attacks
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks.…
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow…
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the past 12 months. HackerOne manages over…
US Government Shutdown to Slash Federal Cybersecurity Staff
The US government shutdown will severely deplete federal cybersecurity capabilities, with the Cybersecurity and Infrastructure Security Agency…
Brave browser surpasses the 100 million active monthly users mark
Brave browser reached 101 million monthly active users and 42 million daily active users this September, marking a new record in the…
The Digital Campus Challenge: Why Universities Need to Reassess Cyber Risks
In February 2024, several British universities were hit by a major DDoS attack. In the past, a disruption to connectivity would mostly…
Extortion Emails Sent to Executives by Self-Proclaimed Clop Gang Member
An individual or group of people claiming to be working with the Clop ransomware has been sending extortion emails to executives at several…
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like…
Microsoft Defender bug triggers erroneous BIOS update alerts
Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output…
$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk
Cybersecurity researchers at Bishop Fox have revealed security vulnerabilities in the popular, inexpensive YoLink Smart Hub (v0382), leaving…
Confucius Shifts from Document Stealers to Python Backdoors
A long-running cyber-espionage group known as Confucius has introduced new techniques in its campaigns against Microsoft Windows users. First…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to…
Google Patches “Gemini Trifecta” Vulnerabilities in Gemini AI Suite
Cybersecurity researchers at Tenable recently discovered three critical security flaws within Google’s Gemini AI assistant suite, which…
Rethinking NHI Security: The Essential Shift to Zero Trust Security and Ephemeral Identities
As identity security becomes increasingly critical in cybersecurity, the focus has shifted from safeguarding human identities to…
Free VPN Apps Found Riddled With Security Flaws
A large-scale study of free virtual private network (VPN) apps has uncovered serious privacy and security risks that affect both consumers and…
Automating Pentest Delivery: 7 Key Workflows for Maximum Impact
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is…
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe.…
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to…
How to Close Threat Detection Gaps: Your SOC's Action Plan
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant.…
Android spyware campaigns impersonate Signal and ToTok messengers
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok…
Expired US Cyber Law Puts Data Sharing and Threat Response at Risk
A critical US law that shields companies from legal liability when sharing cyber threat intelligence has expired after lawmakers failed to…
Malicious ZIP Files Use Windows Shortcuts to Drop Malware
A new wave of phishing attacks has been detected by the cybersecurity research firm, Blackpoint Cyber, that is exploiting users’ trust…
Forrester: Agentic AI-Powered Breach Will Happen in 2026
An agentic AI deployment will cause a publicly disclosed data breach next year, leading to employee dismissals, Forrester has predicted.…