NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-35657 Google - Android ...

The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infr...

The NotDoor backdoor is a sophisticated Visual Basic for Applications (VBA) based malware targeting Microsoft Outlook, designed to monitor incoming emails for specific trigger words and execute mal...

Bitsight analysts identified this activity as the work of a novel botnet they dubbed RapperBot, noting its unusually rapid kill chain and innovative use of legacy hardware constraints to evade dete...

An Iran-nexus group has been linked to a coordinated and multi-wave spear-phishing campaign targeting embassies and consulates in Europe and other regions across the world. The attack chains invol...

Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025. “We ...

A comprehensive new report by Sekoia.io’s Threat Detection & Research team reveals how these private companies have industrialized spyware deployment, transforming targeted surveillance from is...

A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. Stripe...

A sophisticated spear-phishing campaign orchestrated by Iranian-aligned operators has been identified targeting diplomatic missions worldwide through a compromised Ministry of Foreign Affairs of Om...

Resecurity’s HUNTER Team discovered that application credentials, specifically the ClientId and ClientSecret, were left exposed in a publicly accessible appsettings.json file. These credentials al...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-37358 Apache Software Founda...

Beginning as early as Aug. 8, 2025 through at least Aug. 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party ...

A newly detected cyber campaign is exploiting trusted but vulnerable Windows drivers to bypass security protections and install a remote access tool. Although signed by Microsoft and not previousl...

A newly discovered vulnerability in AI systems could allow hackers to steal private information by hiding commands in ordinary images. This discovery came from cybersecurity researchers at Trail of...

A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely byp...

Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, now also distribute simpler ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-41471 n/a - n/a Cross ...

The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. Whi...

Credit rating giant TransUnion has suffered a data breach, which has impacted the personal information of nearly 4.5 million Americans. The firm revealed that unauthorized access was gained to a th...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-13986 Nagios - Nagios XI ...