ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact…
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100…
New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to…
⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen…
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX…
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse…
Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum,…
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for…
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its…
Over 23 Million Victims Hit by Data Breaches in Q3
The number of US corporate data breaches and downstream victims appeared to slow in the third quarter of the year, according to new data from…
F5 Reveals Nation State Breach and Urges Immediate Patching
The US government has urged federal agencies to take immediate action after security vendor F5 revealed it has been breached by a nation-state…
CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in…
Apple Planning $350 Smart Display (2026) and Robotic Desktop Device (2027), Manufactured in Vietnam
According to a report by Bloomberg News, Apple is actively expanding its smart home product line, with plans to launch a smart display…
F5 releases BIG-IP patches for stolen security vulnerabilities
Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. The…
Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by…
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security…
Samsung Sets Oct 21 Event to Unveil “Project Moohan,” Its Android XR Headset Rival to Vision Pro
Samsung data breach Samsung has announced that it will host a new product unveiling event titled “Worlds Wide Open” on October 21…
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four…
UEFI Shell Vulnerabilities Could Let Hackers Bypass Secure Boot on 200,000+ Laptops
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops.…
Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns
Senior executives must do better to prepare for almost inevitable future cyber-attacks and cannot rely on government alone for protection, the…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a…
Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)
The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain — CVE-2025-11577 — after researchers…
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as…
iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026
The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be officially announced, but numerous…
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal…
Critical Vulnerability CVE-2025-61884 Found in Oracle E-Business Suite
Oracle E-Business Suite (EBS) — a cornerstone ERP platform for countless enterprises across the globe — faces a critical security…
China Launches Antitrust Probe into Qualcomm Over Autotalks Acquisition Failure to File Declaration
China’s State Administration for Market Regulation (SAMR) recently announced the launch of an antitrust investigation into U.S.…
Zero-day in file-sharing software leads to RCE, and attacks are ongoing
Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available…
SaaS Breaches Start with Tokens – What Security Teams Must Watch
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen…
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the…
Cyber-Attack Contributes to Huge Sales Drop at JLR
Jaguar Land Rover (JLR) has revealed a 25% drop in volume sales in the three months up to September 30, largely as a result of the ongoing…
Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin
researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass in the Service Finder Bookings plugin…
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that…
Clop raid on Oracle E-Business Suite started months ago, researchers warn
Security boffins say the Clop cybercriminal gang has been rummaging through Oracle's E-Business Suite (EBS) for months – and now the…
Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances
Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua…
Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Renault Informs Customers of Supply Chain Data Breach
Carmaker Renault has been forced to notify an unspecified number of customers that their personal data may have been compromised by threat…
How Can IT Security Professionals Best Navigate the CMMC Maze?
For companies still treating the Cybersecurity Maturity Model Certification (CMMC) as an IT-only concern, the risks are growing. Developed by…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…