ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a …
Windows 10 KB5065429 update includes 14 changes and fixes
Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including…
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed…
Windows 11 KB5065426 & KB5065431 cumulative updates released
September 9, 2025 01:37 PM Microsoft has released Windows 11 KB5065426 and KB5065431 cumulative updates for versions 24H2…
Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace
Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. Kosovar…
Microsoft September 2025 Patch Tuesday – 81 Vulnerabilities Fixed Including 22 RCE
Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite.…
Plex tells users to change passwords due to data breach, pushes server owners to upgrade
Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor…
US charges admin of LockerGoga, MegaCortex, Nefilim ransomware
The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the…
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call…
FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands
Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute…
Exploring Key Technology Trends for 2024
Fast forward to today, and the importance of staying current with the latest tech trends can’t be overstated – it’s the…
Threat Actor Accidentally Exposes AI-Powered Operations
A threat actor has unintentionally revealed their methods and day-to-day activities after installing Huntress security software on their own…
Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code
Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow…
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly…
How External Attack Surface Management helps enterprises manage cyber risk
Every day, businesses spin up new digital services (websites, APIs, and cloud instances) and it can be for security teams to keep track.…
Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS
Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows…
Microsoft: Anti-spam bug blocks links in Exchange Online, Teams
Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams…
Salty2FA Phishing Kit Unveils New Level of Sophistication
A phishing campaign leveraging the Salty2FA kit has been uncovered by cybersecurity researchers, revealing advanced techniques that highlight…
SAP fixes maximum severity NetWeaver command execution flaw
SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the…
Software Supply Chain Attacks
In today’s rapidly evolving business landscape, software supply chain attacks are becoming increasingly common—and more…
Open Source Community Thwarts Massive npm Supply Chain Attack
A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8,…
Axios User Agent Helps Automate Phishing on “Unprecedented Scale”
Security experts have warned of a huge uptick in automated phishing activity abusing the Axios user agent and Microsoft’s Direct Send…
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication (NFC) relay attacks to a…
SAP Security Patch Day September 2025 – 21 Vulnerabilities and 4 Critical One’s Patched
As part of its scheduled security maintenance, SAP released its September 2025 Patch Day notes, addressing a total of 21 new vulnerabilities…
Microsoft testing new AI features in Windows 11 File Explorer
Microsoft is testing new File Explorer AI-powered features that will enable Windows 11 users to work with images and documents without needing…
Magento and Adobe SessionReaper Vulnerability Exposes Thousands Of Online Stores to Attacks
Adobe has issued an emergency security patch for a critical vulnerability in its Magento and Adobe Commerce platforms, dubbed…
SAP Patch Tuesday: Key Vulnerabilities in September 2025
The September 2025 SAP Patch Tuesday brings a critical batch of security updates addressing a diverse portfolio of vulnerabilities across…
Chinese Cyber Espionage Campaign Impersonates US Congressman
US lawmakers have accused the Chinese government of being behind a cyber espionage campaign that impersonated a prominent Congressman. The…
Vulnerability in SMSEagle devices
CVE ID CVE-2025-10095 Publication date 09 September 2025 Vendor Proximus sp. z o.o. Product SMSEagle Vulnerable versions All before 6.11…
Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure
Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate…
[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them
⚠️ One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A business unit…
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan…
How Leading CISOs are Getting Budget Approval
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader,…
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks…
CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6
Ddos September 9, 2025 Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet…
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account,…
New Technique Uncovered To Exploit Linux Kernel Use-After-Free Vulnerability
A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a…
Plex tells users to reset passwords after new data breach
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal…
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked…
Innovator Spotlight: Seraphic
Reinventing Browser Security for the Enterprise The Browser: Enterprise’s Biggest Blind Spot On any given day, the humble web browser is…
Innovator Spotlight: Darwinium
The Digital Battlefield: How AI is Reshaping Cybersecurity and Fraud Prevention Crocodiles aren’t the only predators lurking in the…
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned…