NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-68920 kermitproject - C-Kerm...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2021-47720 Orangescrum - orangesc...

For nearly two decades, an Iran-backed hacking group, known as Prince of Persia, has quietly operated since 2007, targeting governments, critical infrastructure, and dissidents of the Iranian regim...

With hackers already knocking at the gates, around 120,000 WatchGuard Firebox firewalls, which protect thousands of companies, remain unpatched and vulnerable to a critical flaw, according to the l...

A popular software tool used by website owners to check their server’s health is now being used by hackers to take complete control of computers. Researchers at the cybersecurity firm Ontinue have ...

BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. Remarkably, the phi...

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in U...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-25068 Mapro Collins - Magazi...

Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8 million devices and issued more than 1.7 billion DDoS attack commands, according to XLab. The Ki...

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability...

FE assesses that the pro-Russian group Z-Pentest, responsible for a destructive cyberattack against a Danish waterworks in 2024, has connections to the Russian state. They also assess that the grou...

The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. RansomH...

In a shocking betrayal of industry trust, two former cybersecurity professionals have pleaded guilty to federal charges for launching ransomware attacks against U.S. businesses. Ryan Clifford Goldb...

BRICKSTORM is a sophisticated backdoor malware attributed to People’s Republic of China (PRC) state-sponsored cyber actors, who have been using it to maintain long-term persistence on compromised s...

The exploitability of application data which is stored on the client side (e.g., in a “viewstate”) has been thoroughly documented since 2010 for ASP.NET. However, exploiting the ASP.NET viewstate r...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed, with multiple threat clusters using the technique to gain unauthorized access to Microsoft ...

A newly observed variant of the BeaverTail malware has been tied to hackers associated with North Korea. The findings come from Darktrace’s latest The State of Cybersecurity report, which links Bea...

North Korea’s yearly cryptocurrency thefts have accelerated, with Kim’s state-backed cybercriminals plundering just over $2 billion worth of tokens in 2025. That’s according to research from blockc...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2014-3146 n/a - n/a Incompl...

The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. The fir...