NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-12367 Vegagrup Software - Ve...

Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. In th...

Trend Micro reports that EvilAI operators are leveraging AI-generated code and social engineering in a rapidly expanding campaign. The group disguises malware as legitimate applications to bypass s...

The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republish...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10405 itsourcecode - Baptism...

Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. At its core, Yurei leverages Go’s concur...

Arkham blockchain analysis revealed that both Lockbit and Conti/Trickbot ransom gangs transacted with VPN.SN in early 2025. Lockbit conducted two transactions in January 2025, while Conti/Trickbot ...

A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without autho...

Hackers stole private data of millions of Gucci, Balenciaga, and Alexander McQueen customers, including names, contacts, addresses, and spending details.\n\nAttackers stole millions of customers’ p...

The campaign began with phishing emails using a newly registered domain, vaproum.biz, impersonating legitimate persons and businesses present in Iran, including a Swiss-based engineering company. T...

The actors, tracked under the malware family name BaoLoader, have utilized at least 26 code-signing certificates obtained through fraudulent business registrations, primarily targeting users seekin...

A North Korean threat actor has leveraged AI to create fake South Korean military agency ID card images used in a spear-phishing campaign, according to cybersecurity firm Genians. However, prompt ...

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. UNC6040...

Tracked as CVE-2025-21043, this critical security flaw affects Samsung devices running Android 13 or later and was reported by the security teams of Meta and WhatsApp on August 13. As Samsung expl...

Unlike its predecessors, this new threat—dubbed HybridPetya by ESET analysts—exhibited capabilities that extended beyond conventional userland execution, directly targeting UEFI firmware on vulnera...

Security outfit Huntress has been forced onto the defensive after its latest research – described by senior staff as “hilarious” – split opinion across the cybersecurity community. Defenders, for ...

Apple recently issued a spyware campaign alert, according to the French Computer Emergency Response Team (CERT-FR). The national incident response organization, operated by the French national cyb...

Developed by French company Dassault Systèmes, DELMIA Apriso is a manufacturing operations management (MOM) and manufacturing execution system (MES) software designed for managing every detail of t...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10255 Ascensio System SIA - ...

The incident involves Vietnam’s National Credit Information Center (CIC), a unit managed by the State Bank of Vietnam, which stores sensitive information such as general personal details, credit pa...