China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies acr…
Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure
Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable…
Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts
Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and…
New China-Aligned Hackers Hit State and Telecom Sectors
A newly identified cyber espionage group has been targeting government and telecommunications organizations across Africa, the Middle East and…
New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections…
Campaign Warns Solicitors and House Buyers of Payment Diversion Fraud
UK house buyers hit with payment diversion fraud (PDF) have suffered average losses of £82,000 over the past year, a new awareness campaign…
ICO: Imgur’s UK Decision Won’t Prevent Regulatory Fine
The UK’s data protection watchdog has clarified that even companies which cease to offer their services within the country can still be…
48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild
A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild. The…
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called…
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to…
CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise
The Red Hat team has disclosed a serious in Red Hat OpenShift AI, a platform designed to build, deploy, and manage machine learning (ML)…
NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS
NVIDIA has issued a bulletin addressing multiple across the NVIDIA App for Windows and the Delegated License Service (DLS) component of the…
Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform
The Apache Software Foundation has published a new advisory disclosing three in Apache Kylin, a high-concurrency OLAP engine widely used for…
Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access
The of the open-source software supply chain was once again tested when JFrog’s research team uncovered a malicious package on PyPI. The…
Imgur blocks UK users after data watchdog signals possible fine
People in the United Kingdom are no longer able to access content hosted on the Imgur, a popular media sharing site, after a UK data watchdog…
Sendit sued by the FTC for illegal collection of children data
The Federal Trade Commission (FTC) is suing Sendit's operating company and its CEO for unlawful collection of data from underage users, as…
New MatrixPDF toolkit turns PDFs into phishing and malware lures
A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that…
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Researchers at Palo Alto Networks say a Chinese-linked cyberespionage group has been targeting foreign ministries, embassies, and…
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the…
WestJet confirms recent breach exposed customers' passports
Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised their sensitive information, including…
Windows 11 2025 Update (25H2) is now available, Here's what's new
Today, Microsoft announced the general availability of Windows 11 25H2, also known as Windows 11 2025 Update. Windows 11 25H2 is a minor…
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable…
Hack of US Surveillance Provider RemoteCOM Exposes Court Data
A major data breach has compromised the personal records of nearly 14,000 individuals under court supervision, alongside contact information…
Warnings about Cisco vulns under active exploit are falling on deaf ears
Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the…
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously…
Smishing Campaigns Exploit Cellular Routers to Target Belgium
A newly identified wave of smishing attacks has been traced to exploited Milesight Industrial Cellular Routers. According to research by…
US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online
A massive collection of data belonging to customers of ClaimPix, an Illinois-based platform for managing auto insurance claims across the…
Critical WD My Cloud bug allows remote command injection
Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be…
CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog
The threat landscape continues to evolve rapidly and staying ahead of actively exploited vulnerabilities is key to effective cybersecurity…
Achieving Crypto Agility Through eFPGA: A Prerequisite for Secure ASIC and SoC Designs
In an era where digital threats evolve daily and quantum computing looms on the horizon, the need for true crypto agility has never been more…
New Android RAT Klopatra Targets Financial Data
A previously unknown Android Remote Access Trojan (RAT) has been identified by security researchers, marking a significant advancement in the…
Chinese hackers exploiting VMware zero-day since October 2024
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has…
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently…
Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web
Veeam Backup & Replication, a cornerstone of many enterprises’ data protection strategy, has reportedly become the focus of a new…
Apple Security Update Addresses Critical Font Parser Vulnerability Across Multiple Platforms
Apple has rolled out a series of important security updates across multiple platforms, addressing a vulnerability affecting the system font…
Microsoft fixes Windows DRM video playback issues for some users
Microsoft says it has "partially" resolved a known issue that caused problems when trying to play DRM-protected video in Blu-ray/DVD/Digital…
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with…
US Cuts Federal Funding for MS-ISAC Cybersecurity Program
The US federal government is cutting support for a major federal cyber threat information-sharing program. In a public statement published on…
Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability
Security researchers are observing a significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability…
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI)…
Learning from the Inevitable
The talent shortage in cybersecurity continues to persist. Just last year, research showed a cybersecurity market gap of 85 workers…
Gemini Trifecta Highlights Dangers of Indirect Prompt Injection
Network defenders must start treating AI integrations as active threat surfaces, experts have warned after revealing three new vulnerabilities…
Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic…