ClayRat Spyware Campaign Targets Android Users in Russia
A rapidly evolving Android spyware campaign known as “ClayRat” has been discovered targeting Russian users through Telegram…
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to…
SaaS Breaches Start with Tokens – What Security Teams Must Watch
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen…
From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine
Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025…
New FileFix attack uses cache smuggling to evade security software
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s…
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that…
Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code
Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and…
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol…
Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks
Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical…
Microsoft Signs 100 MW Solar PPA with Shizen Energy to Power AI in Japan
Microsoft continues to advance its renewable energy transition in Japan, having recently confirmed the signing of three new solar Power…
Evernote Relaunches as AI-First Note App with Semantic Search and OpenAI Assistant
Once the defining name in note-taking applications, Evernote had seen its presence wane in recent years. Yet under the stewardship of Italian…
Chrome 141 Stable Fixes Two High-Severity Flaws: Heap Overflow in Sync and UAF in Storage
Google has released a new Stable Channel update for Chrome 141.0.7390.65/.66 on Windows and macOS and 141.0.7390.65 for Linux, addressing…
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that…
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…
Google won’t fix new ASCII smuggling attack in Gemini
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…
BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job…
Google's new AI bug bounty program pays up to $30,000 for flaws
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's…
Security in AI Era: Protecting AI Workloads with Google Cloud
Network Infrastructure & Security are the foundation any day even in the AI era. The evolution of artificial intelligence, along with…
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall…
New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
A team of researchers from the University of California, Irvine, has discovered a security risk right on your desk. It turns out that your…
NCSC: Patch Critical Oracle EBS Bug Now
Oracle E-Business Suite (EBS) customers have been urged to patch a critical vulnerability in the product, after reports that the…
Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users
If you use messaging apps in the United Arab Emirates (UAE), cybersecurity researchers at ESET have identified two mobile spyware campaigns…
Ransomware Group “Trinity of Chaos” Launches Data Leak Site
A new data leak site hosted on the TOR network has been launched by the “Trinity of Chaos” – a ransomware collective…
5 Critical Questions For Adopting an AI Security Solution
In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security…
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…
Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used…
Addressing the CL0P Extortion Campaign Targeting Oracle E-Business Suite (EBS) Users
Cybereason is continuing to investigate. Check the Cybereason blog for additional updates. Overview and What Cybereason Knows So Far…
Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
A new leak site has gone live, operated by the notorious group calling itself “Scattered Lapsus$ Hunters,” (a coalition that…
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches,…
CommetJacking attack tricks Comet browser into stealing emails
A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow…
The Good, the Bad and the Ugly in Cybersecurity – Week 40
The Good | UK Convicts “Bitcoin Queen” in World’s Largest Cryptocurrency Seizure This week, a court in the UK convicted…
Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers
Cybersecurity experts are on high alert as a group claiming ties to the infamous Cl0p ransomware gang is bombarding companies with emails that…
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were…
Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads
Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated…
DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute…
Gmail business users can now send encrypted emails to anyone
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. To send an…
Hackers Target Unpatched Flaws in Oracle E-Business Suite
Oracle has advised customers that hackers may be exploiting vulnerabilities in unpatched instances of its E-Business Suite (EBS). This follows…
Red Hat Confirms Data Breach After Hackers Claim to Steal 570GB of Private GitHub Repositories
Red Hat, the world’s leading enterprise open-source software provider, has officially confirmed a significant security incident…