The vulnerability, tracked as CVE-2025-59287, involves deserialization of untrusted data and could allow intruders to execute code without authorization. Researchers at Huntress said they have seen...
If you’ve wondered how advanced adversaries (red teams or real threat actors) try to blend into a target system or deceive CTI/IR analysts, this post shows how COFF timestomping (overwriting a PE’s...
Threat actors predominately exploited public-facing applications for initial access this quarter, with this tactic appearing in over 60 percent of Cisco Talos Incident Response (Talos IR) engagemen...
Google’s Threat Analysis Group (TAG) has released an in-depth report titled “Buying Spying,” detailing the inner workings of the commercial surveillance vendor (CSV) industry and its significant th...
The Iranian APT group Nimbus Manticore is expanding its espionage activities into Western Europe, targeting defense, aerospace, and telecommunications organizations. Researchers have observed the g...
Trend Research has identified a sophisticated Agenda ransomware attack, also known as Qilin, deploying a Linux-based ransomware binary on Windows systems, bypassing traditional Windows-centric secu...
Tracked as CVE-2025-62518 (CVSS score of 8.1) and dubbed TARmageddon, the security defect is described as a desynchronization issue that occurs during the processing of nested TAR files with a spec...
This advanced threat, also known as FakeUpdates, is not just a single piece of malicious code; SocGholish operates as a sophisticated Malware-as-a-Service (MaaS) platform. This service allows affil...
The hack of Jaguar Land Rover, owned by India’s Tata Motors, cost the British economy an estimated 1.9 billion pounds ($2.55 billion) and affected over 5,000 organisations, an independent cybersecu...
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-11534 Raisecomm - RAX701-GC-...
According to an announcement from the developer this month, Vidar 2.0 has been rewritten in C, supports multi-threading data stealing, bypasses Chrome’s app-bound encryption, and features more adva...
This October, researchers uncovered its delivery through the npm package registry—a supply chain attack targeting developers and organizations reliant on Node.js modules for critical infrastructure...
TP-Link is warning of two command injection vulnerabilities in Omada gateway devices that could be exploited to execute arbitrary OS commands. Although the two security issues lead to the same resu...
Instead, Coldriver seemed to have shifted to a new set of malware families tracked by Google as NoRobot, YesRobot and MaybeRobot. The attack starts with a ‘ClickFix-style’ phishing lure, a fake CAP...
The average ransomware payment has increased to $3.6m this year, up from $2.5m in 2024 – a 44% surge despite a decline in the overall number of attacks. While the number of attacks dropped, the da...
On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected 22,500 in cash awards. The highlight of the day was Bongeun Koo and Evangelos Daravigkas ...
The intrusion likely began with exploitation of a Citrix NetScaler Gateway appliance in the first week of July 2025. From there, the actor pivoted to Citrix Virtual Delivery Agent (VDA) hosts in th...
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. BleepingComputer previous...
A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimat...