Industrial cybersecurity company Dragos identified that distributed energy resources (DERs) and microgrids are transforming how power is generated and consumed across industries. Electric utilities...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-11622 Ivanti - Endpoint Mana...

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. RondoDox’s expanded arsenal of exploits inclu...

The FBI and our partners have seized domains associated with BreachForums, a major criminal marketplace used by ShinyHunters, Baphomet, and IntelBroker to traffic stolen data and facilitate extorti...

Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthoriz...

Summary: SIM swap fraud, where a criminal takes control of your mobile number, is a rapidly growing threat. In the UK, unauthorized SIM swap fraud cases rose by 1,055%, from 289 in 2023 to nearly 3...

A new technique enables attackers to exploit antivirus software by injecting harmful code directly into the antivirus processes. This approach makes it easier for them to evade detection and compro...

Spain’s Guardia Civil dismantled the “GXC Team” cybercrime group, arresting its 25-year-old Brazilian leader “GoogleXcoder.” The gang sold AI-powered phishing kits, Android malware, and voice-scam ...

Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. “As of October 10, Hunt...

Threat actors stole firewall configuration backups from SonicWall’s cloud service, impacting all users of its MySonicWall cloud backup platform. The company told affected customers to import new p...

As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltra...

Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called...

Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. In the first stage of the attack, the th...

Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Commu...

The quarter marked a pivotal moment with the emergence of Scattered Spider’s inaugural ransomware-as-a-service offering, ShinySp1d3r RaaS, representing the first major English-led ransomware operat...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-11418 Tenda - CH22 A s...

North Korean threat actors are estimated to have stolen more than $2 billion in cryptocurrency during the first nine months of 2025, according to blockchain analysis firm Elliptic. This marks an an...

Microsoft has warned about hackers taking advantage of its collaboration platform, Teams. Attackers use Teams to gather information, trick users into sharing sensitive data, impersonate trusted sou...

A sophisticated new breed of ransomware attacks is leveraging legitimate database commands to compromise organizations worldwide, bypassing traditional security measures through “malware-less” oper...

Foreign adversaries are now building AI into their existing workflows – from crafting phishing campaigns, tweaking malware, and generating propaganda, to researching ways to automate their cyber ki...