The ShinyHunters cybercrime group has claimed responsibility for the Gainsight breach, asserting they leveraged access gained during the earlier Salesloft Drift hack to pilfer data from hundreds of...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-65025 esm-dev - esm.sh ...

Sturnus is a new Android banking trojan with full device-takeover abilities. It bypasses encrypted messaging by capturing on-screen content and can steal banking credentials, remotely control the d...

A new wave of ransomware attacks is targeting cloud storage environments, specifically focusing on Amazon Simple Storage Service (S3) buckets that contain critical business data. The Server-Side E...

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods.\n\nStart...

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive net...

A new information stealer targeting macOS users, dubbed DigitStealer, has been identified. This malware employs advanced detection-evasion techniques and a multi-stage attack chain, presenting new ...

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in q...

Microsoft has issued a warning about its experimental AI agent, Copilot Actions, integrated into Windows, stating that it can potentially infect devices and compromise sensitive user data. This ann...

A new phishing technique called Browser-in-the-Browser (BitB) is gaining traction, leveraging fake browser pop-up windows to steal credentials. This attack method presents a convincing fake login w...

Tenable Research has uncovered an Active Directory anomaly affecting older intra-forest trusts. Trusts created under Windows 2000 lack the TRUST_ATTRIBUTE_WITHIN_FOREST flag, even after domain and ...

A self-replicating botnet, dubbed ShadowRay 2.0, is actively targeting internet-facing Ray clusters to mine cryptocurrency, steal data, and launch DDoS attacks. This campaign, ongoing since at leas...

A U.S. real-estate company was targeted in a cyberattack in mid-October 2025, with the attackers employing the emerging Tuoni command-and-control (C2) framework. Cybersecurity researchers at Morphi...

Meta is expanding its WhatsApp security research efforts with a new proxy tool for bug bounty hunters and over $4 million in bounties awarded this year alone. The WhatsApp Research Proxy aims to fa...

Sazmining CEO Kent Halliburton was recently targeted in a sophisticated Bitcoin heist that cost his company over $200,000. Halliburton traveled to Amsterdam to meet with individuals named Even and ...

Microsoft is expanding its agent portfolio, adding to the existing 37 Security Copilot agents with over 40 new Microsoft and partner-built agents. Twelve new Microsoft-built agents across Microsoft...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-13223 Google - Chrome ...

A modern cybersecurity stack requires a layered approach encompassing technologies, processes, and skilled personnel to effectively defend against contemporary threats like ransomware, phishing, an...

Israel National Digital Agency researchers have uncovered an ongoing, sophisticated espionage campaign, which we track as SpearSpecter, conducted by Iranian threat actors aligned with the Islamic R...

Cyber threats are global, but their characteristics are heavily influenced by regional factors like economics, regulations, and culture. A recent Anomali conference highlighted these regional nuanc...