A high-severity vulnerability in the Pluggable Authentication Modules (PAM) framework was assigned the identifier CVE-2025-8941. This vulnerability stems from the heart of Linux operating systems, ...

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes rang...

The main purpose of a data broker is to make money, as they sell all kinds of data to various individuals and organizations worldwide. This includes selling to political organizations to target vot...

China on Sunday accused the U.S. National Security Agency of carrying out cyberattacks on its national time center following an investigation, saying any damage to related facilities could have dis...

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. ...

The Everest ransomware group is claiming responsibility for the September breach of Collins Aerospace and its MUSE check-in software – in an attack that impacted multiple major airports across Euro...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10699 Lenovo - LeCloud Clien...

The U.S. government has seized more than 4 billion in bitcoin and charged the founder of a Cambodian conglomerate in a massive cryptocurrency scam, accusing him and unnamed co-conspirators of explo...

The vulnerabilities, identified as CVE-2025-20333 and CVE-2025-20362, affect Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, enabling unauthenticated remote co...

A threat actor with ties to North Korea has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hackin...

A major data exposure linked to NetcoreCloud, an India-based global email marketing and automation company, has drawn attention after cybersecurity researcher Jeremiah Fowler found a publicly acces...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2017-20204 DBL Technology (DBLTek...

What makes Whisper 2FA stand out is its use of AJAX, a web technology that allows real-time communication between browser and server without page reloads. This enables the phishing kit to repeatedl...

The two Windows zero-days that have come under active exploitation are as follows: CVE-2025-24990 (CVSS score: 7.8) - Windows Agere Modem Driver (“ltmdm64.sys”) Elevation of Privilege Vulnerabi...

Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. The company disclosed today that state hackers breached its s...

An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions. A misconfigured Elasticsearch server...

A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast A...

The paper introduces SpyChain, a framework for studying supply chain threats in small satellite systems. Unlike prior work focused on direct software attacks, SpyChain examines risks from third-par...

The UK’s National Cyber Security Centre (NCSC) reported 204 “nationally significant” cyber incidents between September 2024 and August 2025, according to the agency’s latest Annual Review 2025, pub...

Hackers claim to have breached Texas electric power cooperatives, exposing sensitive financial documents. Qilin, the cybercriminal gang behind the alleged ransomware attacks, has listed two Texas e...