The malware consists of a dropper DLL and an obfuscated, password protected VbaProject.OTM file, which houses macros written for Microsoft Outlook. The malicious macros add backdoor functionality t...

The House Select Committee on China has formally issued an advisory warning of an “ongoing” series of highly targeted cyber espionage campaigns linked to the People’s Republic of China (PRC) amid c...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-22956 n/a - n/a OPSI b...

The Gentlemen ransomware group launched a campaign involving advanced, highly tailored tools specifically designed to bypass enterprise endpoint protections. The campaign leveraged a combination of...

The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. Ty...

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities ...

Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly efficient attack pipeline” in recent phishing campaigns, according to ne...

Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. The domains date ba...

A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The core of the exploit li...

A new report from Seqrite Labs APT-Team detailed a previously unknown threat actor, dubbed Noisy Bear, since April this year. The group targeted entities in Central Asia, with a particular focus on...

Our research team discovered a similar Chinese threat actor, UNC4841, known for exploiting a Barracuda vulnerability to gain unauthorized access to networks. UNC4841 shares overlapping technical in...

North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data, and fund the regime’s programs.\n\nIt is worth noting that the hackers trick job seek...

Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than 3000 secrets, according to GitGuardian. The security ven...

“The penetration of these technologies and devices into critical industries (such as transport, energy, healthcare, public administration and others) is growing and will continue to grow in the fut...

S2W published a comprehensive report on the same threat actor, detailing PubNub-based communication malware and the deployment of VCD ransomware. In this blog post, ThreatLabz expands on these find...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software, after a developer involved in m...

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to ...

Salesloft’s advisory detailing Mandiant’s findings published today shows that the attacker gained access to a Salesloft GitHub account between March and June 2025. During this period, they download...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-35657 Google - Android ...

Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring. One of them was rated as high severity, and it stands...