Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal. The stolen data, linked to a November breach claimed by the Everest ransomware gang, in...
Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Threat actors automate firewall changes, add users, enable...
Title: EVMAPA Source: ICS-CERT Advisories Date Published: January 22, 2026 Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized rem...
We discovered an interesting CTF-inspired vulnerability, CVE-2026-22200, in osTicket, a popular open source helpdesk system. This flaw allows anonymous attackers to read arbitrary files from the se...
A new ransomware family called Osiris was used in an attack targeting a major food service franchisee operator in Southeast Asia in November 2025. Investigation by the Symantec and Carbon Black Thr...
Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting org...
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS. The vulnerabilit...
Title: Delta Electronics DIAView Source: ICS-CERT Advisories Date Published: January 22, 2026 Excerpt: “Successful exploitation of this vulnerability could enable an attacker to execute arbitrary c...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-55130 nodejs - node A ...
A new assessment of cyber risks facing the Milano-Cortina 2026 Winter Games has highlighted phishing and spoofed websites as the most common initial access points for attackers targeting global spo...
A large-scale loan phishing operation in Peru has been uncovered, showing how cybercriminals are abusing fake loan applications to steal valid card numbers and PIN codes from unsuspecting users. Ac...
PcComponentes, a major technology retailer in Spain, has denied claims of a data breach impacting 16 million customers but confirmed it suffered a credential stuffing attack. A threat actor named ‘...
A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped. The attacks abuse truesig...
LastPass has warned customers about phishing emails claiming that action is required ahead of scheduled maintenance and told them not to fall for the scam. According to LastPass, the latest phishin...
Security vendors have been leaving deliberately insecure training applications on the public Internet, and attackers have been taking advantage of them to breach their cloud environments. In a newl...
Recently, our team came across an infection attempt that stood out—not for its sophistication, but for how determined the attacker was to take a “living off the land” approach to the extreme. The e...
Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this era, as a truly advanced malware framework authored a...
Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If su...
The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with a record 73 entries. W...
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and t...