Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo A…
Innovator Spotlight: LastPass
LastPass Evolves Secure Access Experiences to Combat Shadow IT and AI Risks for CISOs Picture your organization humming along, with teams…
Gucci and Alexander McQueen Hit by Customer Data Breach
Luxury fashion brands Gucci, Alexander McQueen and Balenciaga have suffered a customer data breach, in another attack linked to the…
Bridging the Cybersecurity Talent Gap
There’s no doubt about it. Cybersecurity incidents are rising. In 2024, the FBI reported a 9% increase in ransomware…
Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads
A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two…
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228…
Jaguar Land Rover extends shutdown after cyberattack by another week
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that…
Digital Transformation Failures: A National Security Crisis in the Making
In the hyperconnected world, digital transformation has become synonymous with progress, efficiency and innovation. For governments, business…
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any…
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the…
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that…
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing…
WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login
A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing…
UK: Tax Refund-Themed Phishing Slows in 2025
Phishing reports impersonating HM Revenue & Customs (HMRC), the British national tax authority, appear to be slowing, according to a new…
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in…
Webinar: Your browser is the breach — securing the modern web edge
The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. On…
Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making…
Vulnerabilities in Sparkle software
CVE ID CVE-2025-10015 Publication date 16 September 2025 Vendor Sparkle Project Product Sparkle Vulnerable versions All before 2.7.2…
Chrome’s New Preloading is a Game-Changer
Google has long experimented with prerendering technology in Chrome to accelerate page loading by rendering content in advance so that pages…
China Accuses NVIDIA of Anti-Monopoly Violations
China’s State Administration for Market Regulation (SAMR) issued a statement today declaring that NVIDIA’s $6.9 billion…
Apple Ends iCloud Support for Older Devices
According to Apple’s newly published support documentation, devices running iOS 10 or macOS 10.12 no longer meet the minimum system…
JLR Extends Production Halt After Cyber-Attack
Jaguar Land Rover (JLR) has confirmed it will extend its production pause until at least September 24 following a cyber-attack earlier this…
Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit…
Apple Releases iOS 26: Key Updates and Vulnerability Patches
On September 15, 2025, Apple officially rolled out iOS 26 and iPadOS 26, bringing a fresh set of features and critical security fixes aimed at…
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests…
API Threats Surge to 40,000 Incidents in 1H 2025
The financial services, telecoms and travel sectors were in the crosshairs of threat actors in the first half of the year, after Thales…
FinWise Bank Warns of Insider Data Breach
A US fintech player has notified customers that their personal information may have been compromised after a former employee accessed it. The…
0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities
A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45…
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5)…
New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The…
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages…
OpenAI's new GPT-5 Codex model takes on Claude Code
OpenAI is rolling out the GPT-5 Codex model to all Codex instances, including Terminal, IDE extension, and Codex Web (chatgpt.com/codex).…
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses…
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a…
FinWise insider breach impacts 689K American First Finance customers
FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after…
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory
Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK…
Microsoft: Exchange 2016 and 2019 reach end of support in 30 days
Microsoft has reminded administrators again that Exchange 2016 and Exchange 2019 will reach the end of extended support next month and…
Microsoft to force install the Microsoft 365 Copilot app in October
Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside of the EEA region that have…
HybridPetya Mimics NotPetya, Adds UEFI Compromise
A newly identified ransomware strain called HybridPetya has appeared on the VirusTotal platform. Uploaded in February 2025, the sample showed…
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a…
SEO Poisoning Targets Chinese Users with Fake Software Sites
A search engine optimization (SEO) poisoning attack aimed at Chinese-speaking Microsoft Windows users has been identified by security…
Microsoft fixes Windows 11 audio issues confirmed in December
Microsoft has removed a safeguard hold that prevented some users from upgrading their systems to Windows 11 24H2 due to compatibility issues…
Preparing for the EU’s DORA amidst Technical Controls Ambiguity
The financial sector is bracing for a significant shift in its digital landscape as the EU’s Digital Operational Resilience Act (DORA)…