China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies acr…
Windows 11 KB5065789 update released with 41 changes and fixes
Microsoft has released the KB5065789 preview cumulative update for Windows 11 24H2, which includes 41 improvements, including…
Broadcom fixes high-severity VMware NSX bugs reported by NSA
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency…
Stop Alert Chaos: Context Is the Key to Effective Incident Response
The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up…
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since…
Asahi Suspends Operations in Japan After Cyber-Attack
Brewing giant Asahi has suspended operations in Japan following a “system failure” caused by a cyber-attack. The firm, which is headquartered…
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Forget the old, error-filled emails you could spot easily. Cybercriminals have completely upgraded their methods, using AI (Artificial…
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO)…
Tips for Merging Large PDF Files Online
As more businesses rely on digital documents today, effective large file management has also become necessary. PDFs are a ubiquitous file…
Evolving Enterprise Defense to Secure the Modern AI Supply Chain
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors…
CIISec Members Say Budgets Are Falling Behind Threats
Cybersecurity budgets in the UK are stagnating, even as job prospects and industry growth improves, a new poll of industry professionals has…
U.K. Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K.…
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line…
UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure
The Metropolitan Police has secured a conviction in what is believed to be the world's largest cryptocurrency seizure, valued at more than…
Japan's largest brewer suspends operations due to cyberattack
Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its…
China-linked RedNovember Campaign Shows Importance of Patching Edge Devices
A long-running threat campaign linked to a Chinese state-sponsored cyber-espionage group highlights the importance of patching and protecting…
Dutch Teens Arrested Over Alleged Spying for Pro-Russian Hackers
Two 17-year-old boys from the Netherlands have been arrested on suspicion of spying for pro-Russian hackers, Dutch authorities recently…
Ransomware gang sought BBC reporter’s help in hacking media giant
Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a…
You name it, VMware elevates it (CVE-2025-41244)
On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service…
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for…
UK govt backs JLR with £1.5 billion loan guarantee after cyberattack
The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a…
Brave launches 'Ask Brave' feature to fuse AI with traditional search
Brave Software, the creator of the privacy-focused web browser and search engine, has introduced a new subsystem called Ask Brave that unifies…
Dutch Authorities Arrest Teens in Foreign Interference Case
Two 17-year-old boys have been arrested in the Netherlands on suspicion of involvement in espionage activities. Dutch media reported…
AI-Generated Code Used in Phishing Campaign Blocked by Microsoft
A credential phishing campaign that likely relied on AI-generated code to evade detection has been stopped by Microsoft Threat Intelligence.…
Akira ransomware: From SonicWall VPN login to encryption in under four hours
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their…
Inside the Mind of a Threat Actor: What CISOs Must Learn Before the Next Breach
Cybersecurity isn’t a game of defense—it’s a game of anticipation. Yet too many CISOs and security leaders still think in…
Harrods suffers new data breach exposing 430,000 customer records
UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records…
New TamperedChef Malware Leverages Productivity Tools to Gain Access and Exfiltrate Sensitive Data
A sophisticated malware campaign has emerged that weaponizes seemingly legitimate productivity tools to infiltrate systems and steal sensitive…
National Cyber Authorities Launch OT Security Guidance
National cybersecurity agencies from seven countries, including the Five Eyes nations, have released new operational technology (OT) security…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
ChatGPT tests free trial for paid plans, rolls out cheaper Go in more regions
OpenAI is offering some users a free trial for ChatGPT Plus, which costs $20. In addition, $4 GPT Go is now available in Indonesia. As spotted…
Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden…
OpenAI is routing GPT-4o to safety models when it detects harmful activities
Over the weekend, some people noticed that GPT-4o is routing requests to an unknown model out of nowhere. Turns out it's a "safety" feature.…
The State of AI in the SOC 2025 – Insights from Recent Study
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A…
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of…
Vulnerability in CivetWeb software
CVE ID CVE-2025-9648 Publication date 29 September 2025 Vendor CivetWeb Product CivetWeb Vulnerable versions All before 1.08 Vulnerability…
SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames…
Two-Thirds of Organizations Have Unfilled Cybersecurity Positions
Organizations continue to experience significant cybersecurity skills shortages, with 65% of firms reporting unfilled cyber positions, a new…
Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework
Google Project Zero has revealed a new technique capable of bypassing Address Space Layout Randomization (ASLR) protections on Apple devices.…
SonicWall SSL VPN Attacks Escalate, Bypassing MFA
Security experts have warned of a surge in malicious activity from Akira ransomware actors targeted at victims running SonicWall SSL VPN…
Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild
The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day…
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated…
Harrods Reveals Supply Chain Breach Impacting Online Customers
Luxury London department store Harrods has revealed that some of its e-commerce customers have had their personal information stolen via a…