ArcaneDoor Threat Actor Resurfaces in Continued Attacks Against Cisco Firewalls
A newly identified cyber-attack campaign has exploited Cisco Adaptive Security Appliance (ASA) devices in a sophisticated operation linked to…
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting…
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA)…
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have…
Cisco warns of ASA firewall zero-days exploited in attacks
Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company's…
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary…
Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!
Cisco has issued a security advisory warning of a critical flaw in its IOS and IOS XE Software, tracked as CVE-2025-20352 with a CVSS score of…
Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively…
Cisco warns of IOS zero-day vulnerability exploited in attacks
Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being…
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning…
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
Researchers at Cisco Talos have uncovered a long-running espionage campaign active since 2022, targeting the telecommunications and…
22 Vulnerabilities Under Attack – And Another That Could Be
Cyble researchers detailed 22 vulnerabilities under active attack in a blog post today – and nine of them aren’t in CISA’s…
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway…
Automaker giant Stellantis confirms data breach after Salesforce hack
Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access…
Strengthening Cybersecurity in Healthcare: Protecting Patient Data and Ensuring Regulatory Compliance in a Digital Age
Cybersecurity in Healthcare As healthcare increasingly relies on digital technologies, the urgency for robust cybersecurity measures has never…
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…
FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’…
CISA Launches Roadmap for the CVE Program
In a new document, the US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed its support for the Common Vulnerabilities and…
Vulnerability Management – common understanding and language enable teamwork
Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Part 1…
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly…
This Patch Tuesday, SAP is the worst offender and Microsoft users can kinda chill
September’s Patch Tuesday won’t require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to…
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed…
Software Supply Chain Attacks
In today’s rapidly evolving business landscape, software supply chain attacks are becoming increasingly common—and more…
CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6
Ddos September 9, 2025 Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet…
Remote Access Abuse Biggest Pre-Ransomware Indicator
Abuses of remote access software and services are the most common ‘pre-ransomware’ indicators, according to new research from…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to…
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update,…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Cisco Nexus 3000 and 9000 Series Vulnerability Let Attackers Trigger DoS Attack
Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate…
Cisco IMC Virtual Keyboard Video Monitor Let Attacker Direct User to Malicious Website
Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated…
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world,…
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoon targeted organizations in the Netherlands. In a joint…
UK and US Blame Three Chinese Tech Firms for Global Cyberattacks
A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked three…
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
The UK, US and partners from across the globe have released a new report on the notorious Chinese APT group Salt Typhoon, claiming it has…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has…
Cisco Warns of High-Severity DoS Flaw (CVE-2025-20241) in Nexus Switches
Ddos August 28, 2025 Cisco Systems has published a security advisory detailing a high-severity denial-of-service (DoS) vulnerability affecting…
Chinese State Hackers Target Global Critical Infrastructure, NSA Warns
A coalition of cybersecurity and intelligence agencies from across the globe, including the United States National Security Agency (NSA), has…
ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia…
Global Salt Typhoon hacking campaigns linked to Chinese tech firms
The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have…
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Update: Story updated with further information. Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from…