The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD’s incomplete protections that make it possible to perform a single memory write to the Reverse Map Paging (R...

A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites and reconstructing...

A newly identified cybercriminal group, TA585, has been uncovered by cybersecurity researchers for running one of the most autonomous and technically advanced operations in today’s threat landscape...

New research from Check Point reveals that while global cyber attack volumes stabilized slightly during September, ransomware and generative AI (GenAI)-related risks surged, with ransomware rising ...

Industrial cybersecurity company Dragos identified that distributed energy resources (DERs) and microgrids are transforming how power is generated and consumed across industries. Electric utilities...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-11622 Ivanti - Endpoint Mana...

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. RondoDox’s expanded arsenal of exploits inclu...

The FBI and our partners have seized domains associated with BreachForums, a major criminal marketplace used by ShinyHunters, Baphomet, and IntelBroker to traffic stolen data and facilitate extorti...

Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthoriz...

Summary: SIM swap fraud, where a criminal takes control of your mobile number, is a rapidly growing threat. In the UK, unauthorized SIM swap fraud cases rose by 1,055%, from 289 in 2023 to nearly 3...

A new technique enables attackers to exploit antivirus software by injecting harmful code directly into the antivirus processes. This approach makes it easier for them to evade detection and compro...

Spain’s Guardia Civil dismantled the “GXC Team” cybercrime group, arresting its 25-year-old Brazilian leader “GoogleXcoder.” The gang sold AI-powered phishing kits, Android malware, and voice-scam ...

Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. “As of October 10, Hunt...

Threat actors stole firewall configuration backups from SonicWall’s cloud service, impacting all users of its MySonicWall cloud backup platform. The company told affected customers to import new p...

As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltra...

Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called...

Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. In the first stage of the attack, the th...

Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Commu...

The quarter marked a pivotal moment with the emergence of Scattered Spider’s inaugural ransomware-as-a-service offering, ShinySp1d3r RaaS, representing the first major English-led ransomware operat...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-11418 Tenda - CH22 A s...