Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vuln…
What AI Reveals About Web Applications— and Why It Matters
Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login…
UK Firms Lose Average of £2.9m to AI Risk
British businesses have been urged to prioritize AI governance when adopting the technology in new projects, after new data from EY revealed…
UK: NCSC Reports 130% Spike in "Nationally Significant" Cyber Incidents
The UK’s National Cyber Security Centre (NCSC) reported 204 “national significant” cyber incidents between September 2024…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a…
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an…
Apple Hit with Second Lawsuit Alleging AI Training Used Pirated Books from “Shadow Libraries”
After previously being accused of using pirated books to train its artificial intelligence models, Apple now faces yet another class-action…
Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover
After discovering that hackers were exploiting a zero-day in the Chakra JavaScript engine used by Internet Explorer versions 9, 10, and 11,…
Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)
The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain — CVE-2025-11577 — after researchers…
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent updates for Elastic Cloud Enterprise (ECE) to patch a critical (CVE-2025-37729) that could allow attackers with…
RMPocalypse Flaw (CVE-2025-0033) Bypasses AMD SEV-SNP to Fully Compromise Encrypted VMs
A research team from ETH Zurich has disclosed a critical — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s…
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as…
iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026
The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be officially announced, but numerous…
Microsoft restricts IE mode access in Edge after zero-day attacks
Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in…
SimonMed says 1.2 million patients impacted in January data breach
U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive…
Massive multi-country botnet targets RDP services in the US
A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. The…
SonicWall VPN accounts breached using stolen creds in widespread attacks
Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen,…
Microsoft investigates outage affecting Microsoft 365 apps
Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. While the company…
Hackers Target ScreenConnect Features For Network Intrusions
A rise in cyber-attacks exploiting remote monitoring and management (RMM) tools for initial access via phishing has been observed by…
AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant?
How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager –…
Your Alerts Are Increasing Your Cybersecurity Risk
At their core, alerts exist to bring attention to something meaningful: an indicator of compromise (IOC), an indicator of attack (IOA), or a…
Spain Arrests Alleged Leader of GXC Team Cybercrime Network
Spanish authorities have arrested a 25-year-old Brazilian national accused of leading the “GXC Team” – a…
Oracle releases emergency patch for new E-Business Suite flaw
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited…
New Stealit Malware Campaign Spreads via VPN and Game Installer Apps
Threat actors are conducting a new malicious campaign deploying the Stealit malware via disguised applications, according to Fortinet. The…
Microsoft: Windows 11 Media Creation Tool broken on Windows 10 PCs
Microsoft says the latest version of the Windows 11 Media Creation Tool (MCT) no longer works correctly on Windows 10 22H2 computers. The…
Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one…
Is Hacking Back Ever a Good Strategy?
Hacking back aims to retaliate against cyberattackers by launching a counterattack to disrupt their systems, recover stolen data or send a…
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal…
Harvard investigating breach linked to Oracle zero-day exploit
Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged…
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30…
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that…
Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top award for ethical hacking discoveries to $2m, although security researchers could earn even more if they’re…
FBI and French Police Shutter BreachForums Domain Again
The FBI and French investigators have seized at least one domain for a popular cybercrime forum being used as a leak site in connection with…
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone…
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct…
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow…
Is CMMC 3.0 on the Horizon? How Defense Contractors Can Prepare Now
The Department of Defense recently sent defense contractors a clear signal: an update to the recently finalized CMMC 2.0 is likely coming and…
Fake 'Inflation Refund' texts target New Yorkers in new scam
An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer…
Critical Vulnerability CVE-2025-61884 Found in Oracle E-Business Suite
Oracle E-Business Suite (EBS) — a cornerstone ERP platform for countless enterprises across the globe — faces a critical security…
In Defense of Good Bots: Good Bots Exist, But Only When We Build Them That Way
The word “bot” doesn’t have the best reputation right now. You hear it and think of election manipulation, fake social media…
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884). About…
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from…
Spain dismantles “GXC Team” cybercrime syndicate, arrests leader
Spanish Guardia Civil have dismantled the “GXC Team” cybercrime operation and arrested its alleged leader, a 25-year-old…