China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to targe…
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been…
Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild
Google has released a Stable Channel update to version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux, addressing four…
Critical Vulnerabilities Discovered in Planet Technology Industrial Cellular Gateways
The Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) has issued a security advisory warning of two critical…
Phoenix (CVE-2025-6202): A New Rowhammer Attack Bypasses DDR5 Protections
Researchers from ETH Zurich have unveiled Phoenix, a new Rowhammer attack that successfully bypasses in-DRAM mitigations in all tested SK…
From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published
Security researcher Volticks has published a deep technical writeup on CVE-2025-21692, a vulnerability in the Linux kernel’s Enhanced…
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft…
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT…
VC giant Insight Partners warns thousands after ransomware breach
New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was…
New Raven Stealer Malware Hits Browsers for Passwords and Payment Data
A new sneaky type of malware, known as Raven Stealer, has been identified by the Lat61 Threat Intelligence Team at Point Wild. The research…
SonicWall warns customers to reset credentials after breach
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that…
How LLMs can be compromised in 2025 | Kaspersky official blog
Developers of LLM-powered public services and business applications are working hard to ensure the security of their products, but the…
FileFix Campaign Using Steganography and Multistage Payloads
A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell script and encrypted…
Deepfakes at the Gate: How Fake Job Applicants Are Becoming a Serious Cyber Threat
In recent months, the hiring process has become a new attack surface. Cybercriminals are no longer just spoofing emails or exploiting software…
Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution
Multiple CVEs in the Chaos-Mesh platform have been discovered, including three critical vulnerabilities that allow in-cluster attackers to run…
Microsoft: Office 2016 and Office 2019 reach end of support next month
Microsoft reminded customers again this week that Office 2016 and Office 2019 will reach the end of…
Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code
A critical vulnerability has been discovered in WatchGuard’s Firebox firewalls, which could allow a remote, unauthenticated attacker to…
TaskUs Employees Behind Coinbase Breach, US Court Filing Alleges
A court filing has identified an employee at business process outsourcing firm TaskUs as the key conspirator in a large-scale data breach…
CVE-2025-43300: Apple’s Critical Zero-Day ImageIO Vulnerability
IntroductionSecurity researchers and Apple users alike are on high alert following the discovery and active exploitation of…
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service
Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals…
Protecting CISOs and CSOs in an Era of Personal Liability
Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) face unprecedented pressures, not only from the evolving threat…
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and…
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation…
From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience
Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation…
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft has announced the disruption of RaccoonO365, a popular subscription-based phishing kit focused on the theft of Microsoft365…
Rethinking AI Data Security: A Buyer's Guide
Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in…
Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault…
A Quarter of UK and US Firms Suffer Data Poisoning Attacks
British and American cybersecurity leaders are increasingly concerned about their expanding AI attack surface, particularly unsanctioned use…
Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a…
Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as…
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection…
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially…
BreachForums hacking forum admin resentenced to three years in prison
Conor Brian Fitzpatrick, the 22-year-old behind the notorious BreachForums hacking forum, was resentenced today to three years in prison after…
Expert Spotlight: Koushik Anand on IAM and PAM Excellence at Enterprise Scale
By Gary Miliefsky, Publisher With more than 80% of breaches involving stolen or misused credentials, identity is the control point that…
Microsoft rolls out Copilot Chat to Microsoft 365 Office apps
Microsoft is rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers.…
Innovator Spotlight: WitnessAI
WitnessAI Delivers Security for the AI Era In the AI era, innovation is moving fast. Unfortunately, this means that the risks associated with…
Google nukes 224 Android malware apps behind massive ad fraud campaign
A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate…
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in…
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious…
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead…
Microsoft: WMIC will be removed after Windows 11 25H2 upgrade
Microsoft has announced that the Windows Management Instrumentation Command-line (WMIC) tool will be removed after upgrading to Windows…
Fifteen Ransomware Gangs “Retire,” Future Unclear
Fifteen well-known ransomware groups, including Scattered Spider, ShinyHunters and Lapsus$, have announced that they are shutting down their…
Innovator Spotlight: LastPass
LastPass Evolves Secure Access Experiences to Combat Shadow IT and AI Risks for CISOs Picture your organization humming along, with teams…