Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. The incident was discovered on Thursday evening a...
Security researchers from SafetyDetectives found the information on an online forum notorious for hosting database leaks and cracked software. The user who posted the information didn’t stop at si...
The high-severity vulnerabilities can allow privilege escalation, code execution and the overwriting of arbitrary files. The three flaws affect versions 10.8.4 and earlier of Nessus Agent, also kn...
Cyber-crime crew Scattered Spider has infected US insurance companies following a series of ransomware attacks against American and British retailers, according to Google, which urged this sector t...
New research by Infoblox Threat Intel exposes a hidden alliance between major cybercrime groups like VexTrio and seemingly legitimate AdTech firms such as Los Pollos, Partners House, BroPush, and R...
Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in quest...
Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. Designed for cybersecurity professionals and ethical hackers...
MCP Overview Who cares about MCP? You do. Or at least you should. MCP is the simplest and most actively supported method for connecting tools to your LLMs (for example, letting “Claude Desktop” acc...
Executive Summary A fileless AsyncRAT joins the Clickfix party, with an obfuscated PowerShell-based campaign. The malware is delivered via a fake verification prompt that lures users into executin...
Key Takeaways: A newly identified threat actor, Water Curse, is using weaponized GitHub repositories to deliver multistage malware. At least 76 GitHub accounts are linked to the campaign, with mal...
EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This repor...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-28380 n/a - n/a A cros...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2023-43535 Qualcomm, Inc. - Snapd...
The identified data breach involves 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens for sale on the dark web. As the threat actors aim to sell the da...
Key Takeaways Anubis is an emerging Ransomware-as-a-Service (RaaS) operation that combines file encryption with file destruction — a rare dual-threat capability. The ransomware features a “wipe mod...
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vul...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-2745 AVEVA - PI Web API ...
A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Co...
Summary Do you know which model is protecting each LLM you have in production? HiddenLayer’s security research team has discovered a novel way to bypass models built to detect malicious text input...
Swedish Prime Minister Ulf Kristersson says his country is under attack, after days of hard-hitting DDoS attacks against SVT, Sweden’s public TV broadcaster, government websites, and other key orga...