Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" n…
Final Windows 10 Patch Tuesday update rolls out as support ends
In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final cumulative update for the…
New Android Pixnapping attack steals MFA codes pixel-by-pixel
A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels…
Microsoft: Exchange 2016 and 2019 have reached end of support
Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to…
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow…
FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated…
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day…
Windows 11 KB5066835 and KB5066793 updates released
Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix…
US seizes $15 billion in crypto from 'pig butchering' kingpin
The U.S. Department of Justice has seized $15 billion in bitcoin from the leader of Prince Group, a criminal organization that stole billions…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four…
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for…
Oracles silently fixes zero-day exploit leaked by ShinyHunters
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a…
UEFI Shell Vulnerabilities Could Let Hackers Bypass Secure Boot on 200,000+ Laptops
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops.…
Legacy Windows Protocols Still Expose Networks to Credential Theft
A new cybersecurity study has found that legacy Windows communication protocols continue to expose organizations to credential theft, even…
Sweatpants & Cyberthreats: Managing Remote Employee Risk
The remote work revolution did not just change where we work, it redefined how we secure our workplaces. The shift, which was accelerated by…
Hacker Group TA585 Emerges With Advanced Attack Infrastructure
A newly identified cybercriminal group, TA585, has been uncovered by cybersecurity researchers for running one of the most autonomous and…
Microsoft warns that Windows 10 reaches end of support today
Microsoft has reminded customers today that Windows 10 has reached the end of support and will no longer receive patches for newly discovered…
Security firms dispute credit for overlapping CVE reports
Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability…
Security firms debate CVE credit in overlapping vulnerability reports
Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability…
Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns
Senior executives must do better to prepare for almost inevitable future cyber-attacks and cannot rely on government alone for protection, the…
New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds
Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including…
Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be…
CVE Deep Dive : CVE-2025–32463
Sudo “Chroot to Root” — Critical Library Loading Privilege EscalationPublished : Sept 23, 2025 | by : OptPress enter or…
Keeping Up with Compliance: Navigating a Patchwork of Global Regulations in 2025
Note: Nothing herein shall constitute legal advice, compliance directives, or otherwise. Customers and prospective customers should…
Chinese hackers abuse geo-mapping tool for year-long persistence
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool…
Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence
Security teams have been urged to adopt proactive threat hunting after a new report revealed how Chinese hackers used novel techniques to…
Moving Beyond Awareness: How Threat Hunting Builds Readiness
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and…
RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing…
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal…
What AI Reveals About Web Applications— and Why It Matters
Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login…
UK Firms Lose Average of £2.9m to AI Risk
British businesses have been urged to prioritize AI governance when adopting the technology in new projects, after new data from EY revealed…
UK: NCSC Reports 130% Spike in "Nationally Significant" Cyber Incidents
The UK’s National Cyber Security Centre (NCSC) reported 204 “national significant” cyber incidents between September 2024…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a…
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an…
Apple Hit with Second Lawsuit Alleging AI Training Used Pirated Books from “Shadow Libraries”
After previously being accused of using pirated books to train its artificial intelligence models, Apple now faces yet another class-action…
Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover
After discovering that hackers were exploiting a zero-day in the Chakra JavaScript engine used by Internet Explorer versions 9, 10, and 11,…
Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)
The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain — CVE-2025-11577 — after researchers…
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent updates for Elastic Cloud Enterprise (ECE) to patch a critical (CVE-2025-37729) that could allow attackers with…
RMPocalypse Flaw (CVE-2025-0033) Bypasses AMD SEV-SNP to Fully Compromise Encrypted VMs
A research team from ETH Zurich has disclosed a critical — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s…
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as…
iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026
The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be officially announced, but numerous…
Microsoft restricts IE mode access in Edge after zero-day attacks
Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in…
SimonMed says 1.2 million patients impacted in January data breach
U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive…