A Critical Zero-Click WhatsApp Flaw, CVE-2025-55177, Was Exploited in Zero-Day Attacks
Ddos August 29, 2025 Meta’s WhatsApp Security Team has patched a zero-day flaw (CVE-2025-55177) in WhatsApp for iOS (prior to…
WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users
A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific…
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The…
Citrix Netscaler 0-day RCE Vulnerability Patched – Vulnerable Instances Reduced from 28.2K to 12.4K
A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the…
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts…
Urgent CISA Alert on Citrix NetScaler
In August 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding multiple critical security…
Fake IT Support Attacks Hit Microsoft Teams
A new wave of phishing attacks abusing Microsoft Teams to deliver malware has been uncovered by security researchers. The campaigns, observed…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has…
FreePBX servers hacked via zero-day, emergency fix released
The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the…
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already…
Citrix Patches Three NetScaler Zero Days as One Sees Active Exploitation
Citrix has released patches for three zero-day vulnerabilities in NetScaler ADC and Gateway, one of which was already being exploited by…
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide.…
Emulating the Expedited Warlock Ransomware
Introduction Warlock is a ransomware strain operating under the Ransomware-as-a-Service (RaaS) model that emerged in June 2025, following an…
CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical…
Analysis of Apple’s ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities
Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day…
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as…
CISA Adds Citrix Vulnerabilities to KEV Catalog as New Flaws Emerge
The U.S. Cybersecurity and Information Security Agency (CISA) has added two Citrix vulnerabilities to its Known Exploited Vulnerabilities…
URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack
The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler ADC and…
NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775)
Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
MURKY PANDA: A Trusted-Relationship Threat in the Cloud
Since late 2024, CrowdStrike Counter Adversary Operations has observed significant activity conducted by MURKY PANDA, a China-nexus adversary…
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by…
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now.…
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month’s patches include fixes for one…
Weekly Cybersecurity News Recap : Apple 0-day, Chrome, Copilot Vulnerabilities and Cyber Attacks
This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront,…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…
Don’t Wait Too Long to Patch: How Organizations Can Stay Ahead of Zero-Day Exploits
Among the variety of cyber-attacks that we witness happening around us, Zero-day attacks are remarkably insidious in nature. Due to the fact…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
Why Enterprises Need Preemptive Cybersecurity to Combat Modern Phishing
Phishing isn’t what it used to be. It’s no longer fake emails with bad grammar and sketchy links. With AI, modern phishing attacks…
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are…
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active…
Why Your Security Culture is Critical to Mitigating Cyber Risk
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and…
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been…
Murky Panda hackers exploit cloud trust to hack downstream customers
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain…
Apple Releases Patch for Likely Exploited Zero-Day Vulnerability
In a series of updates for its iOS, iPadOS, and macOS operating systems, Apple released a patch for a previously unknown vulnerability that…