Beginning as early as Aug. 8, 2025 through at least Aug. 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party ...

A newly detected cyber campaign is exploiting trusted but vulnerable Windows drivers to bypass security protections and install a remote access tool. Although signed by Microsoft and not previousl...

A newly discovered vulnerability in AI systems could allow hackers to steal private information by hiding commands in ordinary images. This discovery came from cybersecurity researchers at Trail of...

A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely byp...

Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, now also distribute simpler ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-41471 n/a - n/a Cross ...

The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. Whi...

Credit rating giant TransUnion has suffered a data breach, which has impacted the personal information of nearly 4.5 million Americans. The firm revealed that unauthorized access was gained to a th...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-13986 Nagios - Nagios XI ...

By using our historical scan data, we can look at this attacker’s host on February 11, 2025 (around the time that Sekoia first observed attacker activity), and observe multiple services and certifi...

The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in Amsterdam that hosted the online operation. Several agencies from m...

The group leverages cloud-native capabilities to first exfiltrate massive volumes of sensitive data, then systematically destroys the original data and any backups within the victim’s cloud environ...

A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide. The flaw, designated CVE-2025-40779, allows remote atta...

An unusually broad coalition composed of the United States, its traditional English-speaking allies, and other nations, including Germany, Italy, and Japan, is calling out three Chinese companies o...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has released a comprehensive cybersecurity advisory detail...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-37777 n/a - n/a O2OA v...

In August 2025, Counter Threat Unit™ (CTU) researchers investigated an intrusion that involved deployment of the legitimate open-source Velociraptor digital forensics and incident response (DFIR) t...

The personal details of almost 200 survivors of abuse in the Church of England had been leaked in a data breach from a scheme that was set up to offer them compensation, a victims’ group and offici...

A novel phishing campaign attempts to trick victims into downloading ConnectWise ScreenConnect remote monitoring and management (RMM) software, enabling attackers to take complete control over end-...

BruteForceAI, an innovative penetration testing framework developed by Mor David, integrates large language models (LLMs) with browser automation to autonomously identify login forms and conduct so...