Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any…
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that…
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…
Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices
Samsung has released security updates to patch a critical zero-day vulnerability actively exploited against Android devices. Tracked as…
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable…
Samsung Fixes Image Parsing Vulnerability Exploited in Android Attacks
Samsung has patched a serious security vulnerability that hackers were already using in live attacks against its Android devices. The issue,…
Google Chrome Patches Critical Security Flaws in September 2025 Update
In early September 2025, Google released an important security update for its Chrome browser—version 140.0.7339.127—to patch two…
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow…
Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code
Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the…
France Warns Apple Users of New Spyware Campaign
Apple recently issued a spyware campaign alert, according to the French Computer Emergency Response Team (CERT-FR). The national incident…
Samsung patches actively exploited zero-day reported by WhatsApp
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android…
Apple Issues New Spyware Alerts for French Officials and Journalists
Ddos September 12, 2025 Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions…
Apple warns customers targeted in recent spyware attacks
Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French…
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to…
CISA Launches Roadmap for the CVE Program
In a new document, the US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed its support for the Common Vulnerabilities and…
Vulnerability Management – common understanding and language enable teamwork
Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Part 1…
Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks
Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day…
Can I have a new password, please? The $400M question.
Back in August 2023, attackers tied to the Scattered Spider group didn’t exploit a zero-day vulnerability to
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly…
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month’s patches address two publicly…
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday
On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is…
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft issued updates to fix 81 vulnerabilities in this month’s Patch Tuesday yesterday, including two classed as zero-days which…
Apple Watch Series 11: A New Era of Health and Connectivity
Ddos September 10, 2025 Apple has officially unveiled the Apple Watch Series 11, now equipped with a more scratch-resistant display glass, 5G…
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no…
Windows 10 KB5065429 update includes 14 changes and fixes
Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including…
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed…
Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code
Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow…
Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure
Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate…
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked…
Innovator Spotlight: Seraphic
Reinventing Browser Security for the Enterprise The Browser: Enterprise’s Biggest Blind Spot On any given day, the humble web browser is…
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the…
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three…
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update,…
CVE-2025-8067: Linux Privilege Escalation Flaw Found in UDisks Daemon, PoC Releases
Ddos September 1, 2025 A security researcher has disclosed a serious flaw in the UDisks daemon, a widely used component for managing disks and…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server…
Hackers Exploit CrushFTP Zero-Day to Take Over Servers
WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the web…
Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed
A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors…
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild…
WhatsApp’s Zero-Click Vulnerability and Targeted Spyware Attacks
A newly discovered critical vulnerability has put WhatsApp users across the globe on high alert. CVE-2025-55177, patched in August 2025, was a…
BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch
Ddos August 30, 2025 At DEF CON 2025, Akamai security researcher Yuval Gordon revealed the story of BadSuccessor (CVE-2025-53779), an Active…