Critical WordPress Plugin Flaw Exposes Sites to File Upload Attacks
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without au
Cybersecurity
253 articles
International Police Operation Dismantles 53 DDoS-for-Hire Domains
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS)
Trigona Ransomware Gang Deploys Custom Tool for Rapid Data Theft
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...
NIST Restructures CVE Database After Vulnerability Submissions Skyrocket
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed
Bitwarden CLI Package Compromised in npm Supply Chain Attack
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of
Apache ActiveMQ Flaw Exploited in Wild, Added to CISA Watch List
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and
Checkmarx KICS Tool Compromised in Supply Chain Attack
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environment
New PowMix Botnet Actively Targeting Czech Workers
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet
UK Cyber Officials Alert: Chinese Hackers Using Device Networks
The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale prox
Cloud Breaches Tied to Orphaned Credentials: 2024 Data
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human
Password Reset Requests: A Gateway for Attackers
Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly
Critical Security Threats Surge: Defender Flaw, Excel Exploit
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in way
State-Backed Hackers Weaponize Outlook, Slack for Covert Attacks
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, S
New RAT Malware Targets Finance Sector via Obsidian
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a
Rituals Cosmetics Confirms Customer Data Breach
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals"
Banking Sessions Hijacked: Taboola's Hidden Redirect to Temu
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s know
Microsoft Edge Update Blocks Teams Meeting Access for Windows
Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining Teams meetings. [...]
Cisco Patches Critical Flaws in Identity and Webex Services
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution
CISA Orders Federal Agencies to Patch Critical Microsoft Defender Flaw
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks.
n8n Automation Platform Weaponized for Phishing Since October
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phi
Apple Patches iOS Notification Storage Bug Across Devices
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deleti
Critical nginx-ui Flaw Under Active Attack
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the
Mirai Botnet Targets Obsolete D-Link Routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to
April Patch Tuesday Addresses Critical Flaws Across Enterprise Software
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday rele
Kyber Ransomware Gang Adopts Post-Quantum Encryption
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum
AI Adoption Accelerates: Security Leaders Embrace New Technologies
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader poten
Spain Shuts Down Major Manga Piracy Hub, Arrests Four
The Spanish police have dismantled the largest Spanish-language manga piracy platform, operating since 2014, with millions of monthly users from around the glob
Microsoft Patches 169 Vulnerabilities in Major Security Update
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has b
Self-Spreading npm Attack Targets Developer Credentials
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages publish
OpenAI Launches GPT-5.4-Cyber for Security Teams
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity u
Fraud Networks Now Run Like Call Centers With Training
Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-S
Critical Composer Flaws Allow Arbitrary Code Execution
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could res
Microsoft Teams Efficiency Mode Targets Resource-Strapped PCs
Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. [.
Google Fortifies Pixel 10 with Rust-Based DNS Security Layer
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the secur
GoGra Linux Malware Exploits Microsoft Graph API for Covert Attacks
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]
AI-Generated Scam Campaign Floods Google Discover Feed
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intellig
Microsoft Graph API Change Breaks Universal Print Sharing
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change.
Mirax Android RAT Hijacks 220K Devices via Meta Ads
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,
1,300+ Microsoft SharePoint Servers at Risk From Spoofing Flaw
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abu
Critical Security Risks Jump 400% as AI Dev Tools Outpace Detection
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume gre
Microsoft Issues Emergency Patches for Critical ASP.NET Core Flaw
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]
108 Malicious Chrome Extensions Target 20K Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-
French Government Agency Confirms Data Breach
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the a
Critical ShowDoc Flaw Under Active Attack
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation i
New Lotus Malware Targets Venezuelan Energy Sector
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]
CISA Flags 6 Critical Vulnerabilities Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalo
UK Regulator Launches Probe Into Telegram Over CSAM Concerns
Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to sh
JanelaRAT Malware Launches 14,739 Attacks on Brazilian Banks
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modi
Seamless Fraud Defense: Protecting Users Without Slowing Them Down
Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding fric
Critical PDF Zero-Day and State Infrastructure Threats Emerge
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in