Security vendors have been leaving deliberately insecure training applications on the public Internet, and attackers have been taking advantage of them to breach their cloud environments. In a newl...

Recently, our team came across an infection attempt that stood out—not for its sophistication, but for how determined the attacker was to take a “living off the land” approach to the extreme. The e...

Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this era, as a truly advanced malware framework authored a...

Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If su...

The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with a record 73 entries. W...

A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and t...

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan...

A critical vulnerability in TP-Link VIGI network cameras could have allowed attackers to remotely take over the devices and the entire surveillance system. The flaw, tracked as CVE-2023-48861 and r...

Law enforcement agencies from Ukraine and Germany have raided the house of two suspected members of the Black Basta ransomware group, seizing evidence of their involvement in cybercriminal activiti...

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codena...

Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. The attackers employed socia...

Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees. The distributor’s filing with the attorney general’s office in Maine confi...

Analysis of the Evelyn Stealer campaign targeting software developers shows that threat actors are weaponizing the Visual Studio Code (VSC) extension ecosystem to deploy a multistage, information-s...

A seemingly simple phone call became the gateway to a sophisticated attack that diverted employee paychecks without any malware or network breach. An organization discovered this fraud when workers...

Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol. For...

Hacktivists hijacked Iran’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi. Anti-regime activists briefly took control of Iran’s Badr satellite, hijacking state TV ...

A Tennessee man pleaded guilty on Friday to hacking the U.S. Supreme Court’s filing system more than two dozen times, court records show. In 2023, Moore used stolen credentials to hack into the Sup...

A remote code execution vulnerability, identified as CVE-2025-10327, has been discovered in RPi-Jukebox-RFID version 2.8.0. The exploit, authored by Beatriz Fresno Naumova, was dated 2025-09-25. T...

Hundreds of millions of wireless earbuds, headphones, and speakers are vulnerable to silent hijacking due to a flaw in Google’s Fast Pair system that allows attackers to seize control without the o...

Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious D...