Cybersecurity firm Aim Labs has uncovered a serious new security problem, named EchoLeak, affecting Microsoft 365 (M365) Copilot, a popular AI assistant. This flaw is a zero-click vulnerability, me...

Throughout May 2025, eSentire’s Threat Response Unit (TRU) detected several attempts by threat actors to download and execute HijackLoader. Many of these attempts involved the attempted deployment ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-44000 n/a - n/a An iss...

DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We ...

A cybersecurity researcher has uncovered five zero-day vulnerabilities and over 20 configuration risks in Salesforce’s cloud components. On June 10, Aaron Costello, Chief of SaaS Security Research...

Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113, just days after the patch was released, targeting over 80,000 servers. Roundcube is a p...

NTLM reflection is dead, long live NTLM reflection! Source: Synacktiv Date Published: June 11, 2025 Excerpt: “Introduction NTLM reflection is a special case of NTLM authentication relay in which ...

Introduction In recent years, organisations have increasingly encountered massive and more sophisticated phishing attacks that primarily target Microsoft 365 and Google accounts using Adversary-in-...

Key Takeaways Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target ...

MISSION2025 is a Chinese state-sponsored advanced persistent threat (APT) group linked to APT41. Active since at least 2012, the group has conducted cyberespionage and financially motivated campaig...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2018-8373 Microsoft - Internet Ex...

Executive Summary A cluster of 16 open directories containing heavily obfuscated Visual Basic Script (VBS) files was discovered, all of which included a filename of “sostener.vbs”. These VBS file...

Executive Summary Unit 42 researchers have identified a growing threat to cloud security: Linux Executable and Linkage Format (ELF) files that threat actors are developing to target cloud infrastr...

The Telegram messaging app may have ties to Russia’s Federal Security Service (FSB), according to an investigation. Independent Russian investigative outlet IStories said it has uncovered evidence...

The eMagicOne Store Manager for WooCommerce plugin is used in WordPress to simplify and improve store management by providing functionality not found in the normal WooCommerce admin interface. Two...

Google has stepped in to address a security flaw that could have made it possible to brute-force an account’s recovery phone number, potentially exposing them to privacy and security risks. The is...

Security researchers managed to access live feeds of 40,000 internet-connected cameras worldwide, highlighting significant security concerns. Supporting the bulletin issued by the Department of Ho...

While security teams scan for complex malware and zero-day exploits, cybercriminals are building targeted phishing attacks with the same tools sitting in your developers’ GitHub repositories. Our t...

Tracked as CVE-2025-42989 (CVSS score of 9.6), the critical bug is described as a missing authorization check in the NetWeaver application server for ABAP. According to software security firm Onap...

GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags — Tomcat Manager Brute Force Attempt and Tomcat M...