NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-12518 Bee Content Design - B...

The Beast Returns: Analysis of a Beast Ransomware Server According to open source reports, Beast is a Ransomware-as-a-Service (RaaS) that was first promoted on the underground forum RAMP in June 2...

Scans for Adminer: Understanding the Threat A very popular target of attackers scanning our honeypots is phpMyAdmin. phpMyAdmin is a script first released in the late 90s, before many security con...

🚨 Crypto Scam ‘ShieldGuard’ Dismantled After Malware Discovery A cryptocurrency scam known as ‘ShieldGuard’ has been dismantled after researchers identified it as a malicious browser extension des...

Transparent COM Instrumentation for Malware Analysis Published on: March 18, 2026 Source: Talos Blog COM automation is a core Windows technology that allows code to access external functionality ...

Researchers Found Font-Rendering Trick to Hide Malicious Commands 🚨 Researchers have published a proof-of-concept (PoC) that uses custom fonts to fool many popular Artificial Intelligence (AI) ass...

New Ubuntu Flaw Enables Local Attackers to Gain Root Access 🚨 A newly identified local privilege escalation (LPE) vulnerability has been discovered affecting default installations of Ubuntu Deskto...

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclo...

Warlock Ransomware Group Enhances Post-Exploitation Techniques 🚀 The Warlock ransomware group continues to exploit unpatched Microsoft SharePoint servers with a new focus on stealthier, more resil...

Schneider Electric SCADAPack and RemoteConnect Vulnerability Advisory 🚨 Source: CISA Date Published: March 17, 2026 Schneider Electric is aware of a vulnerability in its SCADAPack x70 RTU product...

Katana: A Mirai Variant Targeting Android TV Set-Top Boxes 🚨 Content Warning: This report quotes malware artifacts verbatim, including domain names, C2 strings, and build paths chosen by the threa...

How to Examine Polyglot Files with Spectra Analyze Polyglot files combine elements from multiple file formats, concealing executable code in overlooked sections such as metadata or comments within...

GitHub - Katana: A Next-Generation Crawling and Spidering Framework 🚀 Katana is a next-generation crawling and spidering framework designed for fast and fully configurable web crawling, supporting...

CODESYS Vulnerabilities in Festo Automation Suite 🚨 Attention all users! The following versions of CODESYS in Festo Automation Suite are affected: FESTO Software Festo Automation Suite (versio...

90% of People Don’t Trust AI with Their Data People are using AI, but they don’t trust it. In our latest privacy pulse survey, we gathered 1,200 responses from readers of the Malwarebytes newslett...

Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling i...

Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter 🚨 Cybersecurity researchers have identified a vulnerability in an Amazon Web Services (AWS) tool that could allow attackers to st...

🚨 Researchers Warn of Global Surge in Fake Shipment Tracking Scams Fake shipment tracking scams are rapidly scaling across the world, exploiting the 161 billion annual parcel volume that fuels glo...

GlassWorm Attack Overview 🚨 The GlassWorm attack is a significant threat targeting Python projects, including Django apps, machine learning research code, Streamlit dashboards, and PyPI packages. ...

Flaw in UK’s Corporate Registry Exposes Directors’ Data 🚨 Companies House was forced to pull down its record-filing platform for the entire weekend to rectify a security issue that exposed the per...