The U.S. government has seized more than 4 billion in bitcoin and charged the founder of a Cambodian conglomerate in a massive cryptocurrency scam, accusing him and unnamed co-conspirators of explo...
The vulnerabilities, identified as CVE-2025-20333 and CVE-2025-20362, affect Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, enabling unauthenticated remote co...
A threat actor with ties to North Korea has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hackin...
A major data exposure linked to NetcoreCloud, an India-based global email marketing and automation company, has drawn attention after cybersecurity researcher Jeremiah Fowler found a publicly acces...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2017-20204 DBL Technology (DBLTek...
What makes Whisper 2FA stand out is its use of AJAX, a web technology that allows real-time communication between browser and server without page reloads. This enables the phishing kit to repeatedl...
The two Windows zero-days that have come under active exploitation are as follows: CVE-2025-24990 (CVSS score: 7.8) - Windows Agere Modem Driver (“ltmdm64.sys”) Elevation of Privilege Vulnerabi...
Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. The company disclosed today that state hackers breached its s...
An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions. A misconfigured Elasticsearch server...
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast A...
The paper introduces SpyChain, a framework for studying supply chain threats in small satellite systems. Unlike prior work focused on direct software attacks, SpyChain examines risks from third-par...
The UK’s National Cyber Security Centre (NCSC) reported 204 “nationally significant” cyber incidents between September 2024 and August 2025, according to the agency’s latest Annual Review 2025, pub...
Hackers claim to have breached Texas electric power cooperatives, exposing sensitive financial documents. Qilin, the cybercriminal gang behind the alleged ransomware attacks, has listed two Texas e...
The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD’s incomplete protections that make it possible to perform a single memory write to the Reverse Map Paging (R...
A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites and reconstructing...
A newly identified cybercriminal group, TA585, has been uncovered by cybersecurity researchers for running one of the most autonomous and technically advanced operations in today’s threat landscape...
New research from Check Point reveals that while global cyber attack volumes stabilized slightly during September, ransomware and generative AI (GenAI)-related risks surged, with ransomware rising ...
Industrial cybersecurity company Dragos identified that distributed energy resources (DERs) and microgrids are transforming how power is generated and consumed across industries. Electric utilities...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-11622 Ivanti - Endpoint Mana...
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. RondoDox’s expanded arsenal of exploits inclu...