Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The lis…
Axios User Agent Helps Automate Phishing on “Unprecedented Scale”
Security experts have warned of a huge uptick in automated phishing activity abusing the Axios user agent and Microsoft’s Direct Send…
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication (NFC) relay attacks to a…
SAP Security Patch Day September 2025 – 21 Vulnerabilities and 4 Critical One’s Patched
As part of its scheduled security maintenance, SAP released its September 2025 Patch Day notes, addressing a total of 21 new vulnerabilities…
Microsoft testing new AI features in Windows 11 File Explorer
Microsoft is testing new File Explorer AI-powered features that will enable Windows 11 users to work with images and documents without needing…
Magento and Adobe SessionReaper Vulnerability Exposes Thousands Of Online Stores to Attacks
Adobe has issued an emergency security patch for a critical vulnerability in its Magento and Adobe Commerce platforms, dubbed…
SAP Patch Tuesday: Key Vulnerabilities in September 2025
The September 2025 SAP Patch Tuesday brings a critical batch of security updates addressing a diverse portfolio of vulnerabilities across…
Chinese Cyber Espionage Campaign Impersonates US Congressman
US lawmakers have accused the Chinese government of being behind a cyber espionage campaign that impersonated a prominent Congressman. The…
Vulnerability in SMSEagle devices
CVE ID CVE-2025-10095 Publication date 09 September 2025 Vendor Proximus sp. z o.o. Product SMSEagle Vulnerable versions All before 6.11…
Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure
Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate…
[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them
⚠️ One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A business unit…
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan…
How Leading CISOs are Getting Budget Approval
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader,…
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks…
CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6
Ddos September 9, 2025 Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet…
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account,…
New Technique Uncovered To Exploit Linux Kernel Use-After-Free Vulnerability
A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security…
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a…
Plex tells users to reset passwords after new data breach
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal…
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked…
Innovator Spotlight: Seraphic
Reinventing Browser Security for the Enterprise The Browser: Enterprise’s Biggest Blind Spot On any given day, the humble web browser is…
Innovator Spotlight: Darwinium
The Digital Battlefield: How AI is Reshaping Cybersecurity and Fraud Prevention Crocodiles aren’t the only predators lurking in the…
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned…
Wealthsimple Confirms Data Breach After Supply Chain Attack
Canadian fintech firm Wealthsimple has confirmed a data breach that exposed sensitive customer information. The incident, detected on August…
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver…
Quantum Computing is Coming: Enterprises Need to Prepare Now
Quantum computing is coming. When? No one knows for sure. Some experts say 10 years, others say 15 to 20 years. Many believe quantum computers…
MostereRAT Targets Windows Users With Stealth Tactics
A phishing campaign delivering a new strain of malware, MostereRAT, has been uncovered by cybersecurity researchers. The Remote Access Trojan…
Remote Access Abuse Biggest Pre-Ransomware Indicator
Abuses of remote access software and services are the most common ‘pre-ransomware’ indicators, according to new research from…
Finding Agility in Post Quantum Encryption (PQC)
In an era where data security is paramount, current encryption algorithms are sufficient to safeguard sensitive information. However, the…
Qualys, Tenable Latest Victims of Salesloft Drift Hack
Cybersecurity providers Tenable and Qualys are the latest in a growing list of companies affected by a significant supply chain attack…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
GhostAction Supply Chain Attack Compromises 3000+ Secrets
Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than…
You Didn’t Get Phished — You Onboarded the Attacker
When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an…
SAP S/4HANA Users Urged to Patch Critical Exploited Bug
Security experts have warned SAP S/4HANA cloud customers that a critical code injection vulnerability patched by the vendor in August is being…
Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity,…
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet…
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the…
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan…
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in…
Automation Is Redefining Pentest Delivery
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat…
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing…
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks…
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to…