A critical vulnerability, CVE-2025-13607, has been identified in multiple India-based CCTV camera models from vendors D-Link, Sparsh Securitech, and Securus CCTV. Rated with a CVSS v4 score of 9.3 ...

A prominent cybercrime forum has become the platform for a threat actor claiming to have successfully breached Volkswagen Mandi, an official car dealership located in Himachal Pradesh, India. This ...

The FBI has issued a significant warning regarding a novel and disturbing virtual kidnapping scam. Threat actors are actively harvesting public Facebook photos to fabricate “proof-of-life” images i...

Polish authorities have apprehended three Ukrainian nationals on suspicion of attempting to compromise critical IT systems and acquire sensitive national defense data within the country. The men, a...

Securonix Threat Research has uncovered a sophisticated new malware campaign, dubbed JS#SMUGGLER, which is actively deploying the NetSupport Remote Access Trojan (RAT) through a multi-stage infecti...

The vulnerability, dubbed React2Shell and officially tracked as CVE-2025-55182, can be exploited using specially crafted HTTP requests for unauthenticated remote code execution. The flaw impacts sy...

A new trojan identified as ChrimeraWire is actively manipulating search engine rankings for both Google and Bing by simulating legitimate user activity through a hidden instance of the Google Chrom...

Cybersecurity researchers detailed two new Android malware families, FvncBot and SeedSnatcher, alongside an upgraded ClayRat version. Findings from Intel 471, CYFIRMA, and Zimperium highlight growi...

MAG Aerospace, military contractor for the US military in intelligence, surveillance and reconnaissance, suffered a breach exposing its employee data. According to MAG Aerospace, the company was al...

Portugal has significantly updated its cybercrime law, introducing a crucial legal safe harbor for security researchers operating in good faith. This modification aims to exempt specific actions fr...

LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site. According to researcher Rakesh Krish...

Barts Health NHS Trust has confirmed that the Russian-speaking Cl0p ransomware group stole files from one of its invoice databases after exploiting a vulnerability in Oracle E-Business Suite. The b...

A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts and scanning SonicWall SonicOS API endpoints. The activity came from over 7,000 IPs tied to German hosti...

Using tradecraft focused on stealth and OPSEC, WARP PANDA leverages TTPs that include log clearing and file timestomping, as well as creating malicious VMs — unregistered in the vCenter server — an...

The “Intellexa Leaks”, a new investigation published jointly by Inside Story, Haaretz and WAV Research Collective, presents troubling revelations about the surveillance company Intellexa and its si...

In this article, we’ll uncover an entire North Korean infiltration operation aimed at deploying remote IT workers across different companies in the American financial and crypto/Web3 sectors, with ...

A North Korean state-sponsored threat actor got infected by the same kind of malware typically used against others, exposing rare insights into their operations and direct ties to one of the larges...

State-sponsored hackers and other Windows attackers have long been delivering malware using bloated link (LNK) files, disguised as legitimate files, but containing malicious shell scripts or entire...

The University of Pennsylvania and the University of Phoenix confirmed on Tuesday that they are among the many victims of the recent cybercrime campaign targeting customers of Oracle’s E-Business S...

Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin ac...