Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The lis…
URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack
The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler ADC and…
Citrix patches trio of NetScaler bugs – after attackers beat them to it
Citrix has pushed out fixes for three fresh NetScaler holes – and yes, they’ve already been used in the wild before the vendor got…
Citrix NetScaler ADC and Gateway 0-Day RCE Vulnerability Actively Exploited in Attacks
Cloud Software Group has disclosed multiple high-severity vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway…
CISA Adds Citrix Vulnerabilities to KEV Catalog as New Flaws Emerge
The U.S. Cybersecurity and Information Security Agency (CISA) has added two Citrix vulnerabilities to its Known Exploited Vulnerabilities…
Citrix NetScaler Patch Release: Act Now to Prevent Exploitation
On August 26, 2025, Citrix announced a pivotal security update for NetScaler ADC and NetScaler Gateway appliances. This urgent patch addresses…
Securden Unified PAM Vulnerability Let Attackers Bypass Authentication
Cybersecurity researchers have uncovered a critical security flaw in Securden Unified PAM that allows attackers to completely bypass…
Digital Nomads and Cybersecurity: Navigating the New Frontier of Work
We live in an era where your next big idea could come from an employee working out of a cafe in Tokyo or on the beach in Bali. The digital…
Cybersecurity Wake-Up Call: Why All Businesses Must Prepare for the Inevitable Attack
Cybersecurity has emerged as a critical and ongoing battle against a dynamic and pervasive global threat. The landscape is evolving rapidly,…
Is the Cyber Resilience Act the Biggest Thing to Hit Compliance Since GDPR?
There’s a lot of noise around compliance. New regulations seem to pop up every year, each promising to fix the ever-growing list of…
Black Hat Ignites Under Vegas Lights
Driving through the quiet, endless beauty of the Nevada desert, I let the raspy voice of Jim Morrison carry me forward. “The End”…
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn’t be more wrong.Bitdefender Labs warns…
Auchan retailer data breach impacts hundreds of thousands of customers
French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was…
Farmers Insurance data breach impacts 1.1M people after Salesforce attack
U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the…
New AI attack hides data-theft prompts in downscaled images
Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before…
Surge in coordinated scans targets Microsoft RDP auth servers
Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP…
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware…
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially…
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities…
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and…
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
NVIDIA’s New Ethernet Tech Turns Distributed Data Centers Into a Single AI “Superfactory”
Ddos August 25, 2025 At the HOT Chips conference, NVIDIA unveiled its Spectrum-XGS Ethernet, a technology extending the Spectrum-X…
Onderzoeker: ransomware-aanval op telecombedrijf Colt via SharePoint-server
De ransomware-aanval op het Britse telecombedrijf Colt heeft plaatsgevonden via een gecompromitteerde SharePoint-server, zo stelt…
Microst Restricts MAPP with China
The summer of 2025 brought a seismic shift in the way Microsoft engages with the global cybersecurity community. At the heart of the story: a…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging…
Tech Manufacturer Data I/O Hit by Ransomware
A leading data and security programming specialist is scrambling to restore operations after a ransomware incident, a new regulatory filing…
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern…
FTC warns tech giants not to bow to foreign pressure on encryption
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data…
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to…
Defending against malware persistence techniques with Wazuh
Malware persistence techniques enable attackers to maintain access to compromised endpoints despite system reboots, credential changes, or…
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if…
Malicious Android apps with 19M installs removed from Google Play
Seventy-seven malicious Android apps with more than 19 million installs were delivering multiple malware families to Google Play users.…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
MURKY PANDA: A Trusted-Relationship Threat in the Cloud
Since late 2024, CrowdStrike Counter Adversary Operations has observed significant activity conducted by MURKY PANDA, a China-nexus adversary…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete…
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now.…
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by…
Apple Sues Ex-Engineer, Alleging He Stole Apple Watch Secrets for Rival Oppo
Ddos August 24, 2025 Apple has recently accused a former member of its Apple Watch development team of misappropriating trade secrets related…
25W Wireless Charging Arrives: Qi 2.2 Ushers in a New Era of Fast Power
Ddos August 24, 2025 The Wireless Power Consortium (WPC) has officially introduced the Qi 2.2 wireless charging standard, offering devices…
Weekly Cybersecurity News Recap : Apple 0-day, Chrome, Copilot Vulnerabilities and Cyber Attacks
This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront,…
Shellshock: The Bash Bug That Shook the Internet
Shellshock refers to a series of vulnerabilities in the GNU Bash (Bourne Again SHell), a command-line shell widely used in Unix-like systems,…
PoC Exploit & Vulnerability Analysis Released for Apple 0-Day RCE Vulnerability
A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click…