Threat actors exploited CVE-2025-27915, a cross-site scripting (XSS) vulnerability in ZCS 9.0, 10.0, and 10.1, to deliver a JavaScript payload onto target systems. The vulnerability stems from insu...

Attackers can weaponize AWS X-Ray as a covert bidirectional C2 channel, abusing legitimate cloud tracing infrastructure for C2.\n\nAWS X-Ray was designed to help developers to understand applicatio...

Discord issued an official update on October 3, 2025, explaining that an attacker successfully compromised the systems of a third-party customer service provider (apparently Zendesk), gaining unaut...

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2021-42193 n/a - n/a nopCom...

Oracle said on Thursday that customers of its E-Business Suite of products “have received extortion emails,” confirming a warning first issued on Wednesday by Alphabet’s Google. In a blog post, the...

An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. Thi...

Phishing and vulnerability exploitation accounted for the vast majority of initial access in cyber-attacks against EU organizations over the past year, according to ENISA. Over the period, phishing...

Today, we begin exposing the Iranian APT affiliated with the Counterintelligence Division (Unit 1500) of the IRGC-IO, known as Charming Kitten. Heading this operation is Abbas Rahrovi (aka Abbas H...

Security researchers at Infoblox have uncovered a massive network of 30,000 unique website addresses across 584 top-level domains, such as .com. These websites contain no malware or scams themselve...

Recent enforcement actions include OFAC sanctions in August targeting a Russian national who facilitated payments to DPRK-based Chinyong Information Technology Cooperation Company (Chinyong), also ...

A newly patched high-severity VMware vulnerability has been exploited as a zero-day since October 2024 for code execution with elevated privileges, NVISO Labs reports. According to NVISO, which was...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10773 B-Link - BL-AC2100 ...

Broadcom has warned about severe zero-day vulnerabilities affecting VMware software, which is widely used to power virtual machines. China-linked hackers may have been exploiting the flaws for mont...

Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 re...

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential ...

Tenable dubbed its latest discovery the “Gemini Trifecta” because it consists of three ways that threat actors can manipulate the Google GenAI tool for indirect prompt injection and data exfiltrati...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-5200 Unknown - Postie ...

The attack, in a nutshell, involves leveraging a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regi...

The SVG Security Analysis Toolkit by HackingLZ offers a comprehensive [OPEN SOURCE] solution: a suite of four Python-based tools designed to reveal hidden scripts, decode obfuscated URLs, and verif...