In early January 2026, during routine vetting of a cryptocurrency project sourced via Upwork, Red Asgard’s threat research team discovered North Korean malware. The contractor—using a fake identity...

Since December 2015, a limited number of cyber operations have fundamentally altered how defenders assess risk to industrial control environments. Subsequent campaigns attributed to ELECTRUM and KA...

ANY.RUN’s team conducted an extensive malware analysis of CastleLoader, the first link in the chain of attacks impacting various industries, including government agencies and critical infrastructur...

Horizon3.ai identified a zero-day remote code execution vulnerability affecting Fortinet FortiSIEM and responsibly disclosed it to Fortinet in August 2025. The vulnerability allows unauthenticated ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-12379 averta - Shortcodes an...

A 21-year-old Swedish man accused of being a key organizer of violence-as-a-service linked to the Foxtrot criminal network, which police say has recruited and exploited minors, has been arrested in...

As we ramp up to the premier automotive and charging station hacking competition, Pwn2Own Automotive 2026 in Tokyo, the Trend Micro Zero Day Initiative (ZDI) is providing a preliminary look at one ...

The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. The man was arrested in 2021 a...

New research from Trellix detailed that CrazyHunter ransomware has emerged as a serious and escalating threat, underscoring the growing sophistication of modern cybercriminal operations. Trellix ha...

Horizon3.ai discovered a severe vulnerability affecting Enhancesoft osTicket, a popular open source help desk and ticketing system. This vulnerability, tracked as CVE-2026-22200, allows anonymous a...

On January 9, Malwarebytes announced it had tracked a data breach involving the Meta-owned platform Instagram, claiming hackers had leaked data from 17.5 million accounts online. The leaked informa...

Instagram has denied any breach amid claims that data from over 17 million accounts was scraped and leaked online. According to Bleeping Computer, a spokesperson from Meta stated, “We fixed an issu...

International law enforcement agencies have recently dealt a major blow to one of the world’s most dangerous criminal networks, known as Black Axe. In a coordinated effort led by the Spanish Nation...

Cybercriminals are leveraging the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware. The attack likely begins with a spear-phishing email containing...

Cybersecurity researchers have discovered a new variant of the MacSync malware targeting macOS users. Unlike previous versions that relied on complex ClickFix techniques, this iteration masquerades...

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a ...

Cisco addressed a medium-severity vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public PoC explo...

Hitachi Energy is aware of a Jasper Report vulnerability that affects Asset Suite product versions 9.7 and prior. This vulnerability can be exploited to carry out a remote code execution (RCE) atta...

A member of our web research team pointed me to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that’s usually a good indicator of a new ca...

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. This activity cluster, active since at least...