CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk
DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in its Prompt module,…
22 Vulnerabilities Under Attack – And Another That Could Be
Cyble researchers detailed 22 vulnerabilities under active attack in a blog post today – and nine of them aren’t in CISA’s…
Iranian Hacking Group Nimbus Manticore Expands European Targeting
A long-running cyber-espionage campaign tied to Iran has intensified its operations in Europe. The group, known as Nimbus Manticore, has a…
Deepfake Attacks Hit Two-Thirds of Businesses
Nearly two-thirds (62%) of organizations have experienced a deepfake attack in the past 12 months, according to a new Gartner survey. These…
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent…
CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw affecting Lectora, a…
BlockBlasters: When a Steam Game Turns Into a Malware Delivery Vehicle
What began as a promising indie platformer has turned into one of the most alarming cases of malware-laced games on Steam in 2025. According…
Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs
A new report from Hunt Intelligence reveals how attackers are abusing ConnectWise ScreenConnect (formerly ConnectWise Control) to deliver…
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with…
Microsoft lifts Windows 11 update block after face detection fix
Microsoft has removed a compatibility hold that prevented devices with integrated cameras from installing Windows 11 24H2 due to a face…
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented…
Microsoft says recent updates cause DRM video playback issues
Microsoft has confirmed a known issue that prevents some apps from playing Digital Rights Management (DRM) protected video content or…
Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test
Three major providers of cybersecurity solutions have decided not to take part in the 2025 edition of MITRE’s annual endpoint detection and…
Chrome Type Confusion 0-Day Vulnerability Code Analysis Released
Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
Microsoft Entra ID Exposed: Actor Token Flaw Enables Stealthy Global Admin Takeove
A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed…
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any…
Microsoft Entra ID flaw allowed hijacking any company's tenant
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world.…
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
Top Zero-Day Vulnerabilities Exploited in the Wild in 2025
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors.…
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language…
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak…
WannaCry Ransomware: A DFIR & SOC Monitoring Lab Walkthrough
Hello fellow defenders, I hope you are having a great day. In this article, I’m going to show you how you can make a cybersecurity home…
Microsoft starts rolling out Gaming Copilot on Windows 11 PCs
Microsoft has begun rolling out the beta version of its AI-powered Gaming Copilot to Windows 11 systems for users aged 18 or older, excluding…
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies,…
Steam will stop running on Windows 32-bit in January 2026
Valve has announced that its Steam digital distribution service will drop support for 32-bit versions of Windows starting January 2026. Two…
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and…
GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware
The cyberthreat landscape has witnessed the emergence of another sophisticated ransomware operation as GOLD SALEM, a new threat actor group…
Notepad gets free AI features on Copilot+ PCs with Windows 11
Microsoft is adding free AI-powered text writing capabilities to Notepad for customers with Copilot+ PCs running Windows 11. Currently, this…
Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control
A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant…
Google Confirms Real-World Attacks on Chrome Vulnerability CVE-2025-10585
Google has issued an urgent security alert for all users of its Chrome browser, confirming that an active exploit targeting a critical…
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been…
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT…
How LLMs can be compromised in 2025 | Kaspersky official blog
Developers of LLM-powered public services and business applications are working hard to ensure the security of their products, but the…
Microsoft: Office 2016 and Office 2019 reach end of support next month
Microsoft reminded customers again this week that Office 2016 and Office 2019 will reach the end of…
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service
Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals…
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft has announced the disruption of RaccoonO365, a popular subscription-based phishing kit focused on the theft of Microsoft365…
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially…
Expert Spotlight: Koushik Anand on IAM and PAM Excellence at Enterprise Scale
By Gary Miliefsky, Publisher With more than 80% of breaches involving stolen or misused credentials, identity is the control point that…
Microsoft rolls out Copilot Chat to Microsoft 365 Office apps
Microsoft is rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers.…
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in…