Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploit…
Surge in coordinated scans targets Microsoft RDP auth servers
Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP…
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware…
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially…
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities…
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and…
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
NVIDIA’s New Ethernet Tech Turns Distributed Data Centers Into a Single AI “Superfactory”
Ddos August 25, 2025 At the HOT Chips conference, NVIDIA unveiled its Spectrum-XGS Ethernet, a technology extending the Spectrum-X…
Onderzoeker: ransomware-aanval op telecombedrijf Colt via SharePoint-server
De ransomware-aanval op het Britse telecombedrijf Colt heeft plaatsgevonden via een gecompromitteerde SharePoint-server, zo stelt…
Microst Restricts MAPP with China
The summer of 2025 brought a seismic shift in the way Microsoft engages with the global cybersecurity community. At the heart of the story: a…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging…
Tech Manufacturer Data I/O Hit by Ransomware
A leading data and security programming specialist is scrambling to restore operations after a ransomware incident, a new regulatory filing…
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern…
FTC warns tech giants not to bow to foreign pressure on encryption
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data…
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to…
Defending against malware persistence techniques with Wazuh
Malware persistence techniques enable attackers to maintain access to compromised endpoints despite system reboots, credential changes, or…
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if…
Malicious Android apps with 19M installs removed from Google Play
Seventy-seven malicious Android apps with more than 19 million installs were delivering multiple malware families to Google Play users.…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
MURKY PANDA: A Trusted-Relationship Threat in the Cloud
Since late 2024, CrowdStrike Counter Adversary Operations has observed significant activity conducted by MURKY PANDA, a China-nexus adversary…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete…
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now.…
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by…
Apple Sues Ex-Engineer, Alleging He Stole Apple Watch Secrets for Rival Oppo
Ddos August 24, 2025 Apple has recently accused a former member of its Apple Watch development team of misappropriating trade secrets related…
25W Wireless Charging Arrives: Qi 2.2 Ushers in a New Era of Fast Power
Ddos August 24, 2025 The Wireless Power Consortium (WPC) has officially introduced the Qi 2.2 wireless charging standard, offering devices…
Weekly Cybersecurity News Recap : Apple 0-day, Chrome, Copilot Vulnerabilities and Cyber Attacks
This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront,…
Shellshock: The Bash Bug That Shook the Internet
Shellshock refers to a series of vulnerabilities in the GNU Bash (Bourne Again SHell), a command-line shell widely used in Unix-like systems,…
PoC Exploit & Vulnerability Analysis Released for Apple 0-Day RCE Vulnerability
A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click…
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month’s patches include fixes for one…
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign
A sophisticated malvertising campaign which sought to deploy a variant of Atomic macOS Stealer (AMOS) has targeted hundreds of…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…
Empowering The Soc: Stop Detecting Potential Threats, Start Signaling Real Attacks
The cybersecurity landscape is constantly evolving, and security operations centers (SOCs) are feeling the pressure to stay ahead of…
Don’t Wait Too Long to Patch: How Organizations Can Stay Ahead of Zero-Day Exploits
Among the variety of cyber-attacks that we witness happening around us, Zero-day attacks are remarkably insidious in nature. Due to the fact…
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Software running Palo Alto…
Cybercriminal Linked to Notorious Scattered Spider Gang Gets 10-Year Sentence
A young Florida-based man has been sentenced to 10 years in prison after pleading guilty to federal charges linked to cybercrime, including…
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Threat actors are abusing virtual private servers (VPS) to compromise software-as-a-service (SaaS) accounts, according to an investigation by…
Interpol-Led African Cybercrime Crackdown Leads to 1209 Arrests
A large-scale law enforcement operation coordinated by Interpol has taken down a 1000-person cybercriminal network and recovered $97.4m in…
CISA Seeks Biden Era's SBOM Minimum Requirements Guideline Change
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a request for comment on an updated version of a government…
Chinese Developer Jailed for Deploying Malicious Code at US Company
A Chinese software developer has been sentenced after being convicted of causing intentional damage to protected computers by deploying…
How Secure Is the Software Supply Chain? Less Secure Than You Might Think.
Software is the invisible infrastructure of our world, powering everything from critical systems to everyday devices. But its ubiquity makes…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
Why Enterprises Need Preemptive Cybersecurity to Combat Modern Phishing
Phishing isn’t what it used to be. It’s no longer fake emails with bad grammar and sketchy links. With AI, modern phishing attacks…