Source: Bleeping Computer Excerpt: Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of att...

Cisco Talos recently discovered a campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web Ma...

ShadyPanda has exploited trusted browser extensions to compromise millions of users, illustrating how legitimate software can unexpectedly become harmful. Between 2024 and 2025, one threat actor ex...

Between June 2024 and April 2025, Recorded Future’s Insikt Group identified a sustained credential-harvesting campaign targeting users of UKR.NET, a widely used Ukrainian webmail and news service. ...

Source: Cybernews Widely used Chrome browser extensions have been quietly wiping users’ conversations with AI chatbots and selling the sensitive data to third parties. However, after analyzing the...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-0836 Milestone Systems - XPr...

On December 5th, a Russian APT targeted Transnistria’s governing body with a credential phishing email attachment, spoofing the Pridnestrovian Moldavian Republic. The HTML loads the image in a DIV ...

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector. Amazon Threat Intelligence published a blog post detailing a mult...

Hackers tied to ShinyHunters extort PornHub after stealing search and viewing history of Premium users in a Mixpanel data breach. PornHub faces extortion after hackers linked to ShinyHunters alleg...

Google has announced that early next year they are discontinuing the dark web report, which was meant to monitor breach data that’s circulating on the dark web.\n\nThe news raised some eyebrows, bu...

Chinese espionage crew Ink Dragon has expanded its snooping activities into European government networks, using compromised servers to create illicit relay nodes for future operations. The campaign...

Japanese e-commerce and logistics company Askul has revealed that a recent data breach stemming from a ransomware attack has resulted in over 700,000 records being compromised. However, prior to t...

The xHunt advanced persistent threat group has firmly established itself as a sophisticated cyber-espionage actor, orchestrating targeted campaigns against organizations in Kuwait. Since its emerge...

Etay Mayor, the chief security strategist at Cato Networks and a professor at Boston College, offers a compelling narrative on the evolving landscape of cybersecurity, emphasizing the importance of...

A new malware-as-a-service (MaaS) known as SantaStealer is making waves in the cybersecurity community, advertised on platforms like Telegram and hacker forums. This information stealer is designed...

Atlassian has recently addressed a series of critical vulnerabilities affecting its suite of products, with a particular focus on a severe flaw in Apache Tika. The vulnerability, identified as CVE-...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-43437 Apple - iOS and iPadOS...

The increasing sophistication of vaping devices, now equipped with screens, Bluetooth connectivity, and applications, presents an emerging cybersecurity concern, according to the Cybernews research...

The React team has issued critical fixes addressing two new categories of vulnerabilities within React Server Components (RSC), which could lead to denial-of-service (DoS) or exposure of source cod...

In October 2025, security researchers uncovered NANOREMOTE, a sophisticated new Windows backdoor observed in telemetry. This fully-featured implant shares characteristics with malware detailed in R...