A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-...

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities in...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-31511 n/a - n/a An iss...

Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight. Big Brother Watch says the UK government has...

The U.S. Federal Judiciary has officially confirmed that its electronic case management systems (CM/ECF and PACER) were targeted by a “sophisticated and persistent” cyberattack. This statement came...

Key Findings SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients....

“Ukraine’s Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky....

Mobile infostealers have rapidly evolved into a critical threat vector for both individuals and enterprises. These malicious apps are designed to harvest credentials, intercept communications, and ...

In today’s multi-stage attacks, neutralizing endpoint security solutions is a critical step in the process, allowing threat actors to operate undetected. Since 2022, we’ve seen an increase in the s...

Assessing software risk is a crucial task for security operations (SecOps) teams, who are bombarded by more than 4,000 alerts a day. A key tool historically for this is the Common Vulnerability Sco...

KLM Airlines (aka KLM Royal Dutch Airlines), a French-Dutch multinational airline, has notified customers about a recent data breach that exposed certain personal details after a third-party system...

Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group. In June, Google warned that a threat act...

The security vulnerability In version 3.2.2 and below, Everest Forms is vulnerable to PHP object injection in certain WordPress environments when an Administrator user views form submissions. The ...

SonicWall is investigating a potential new zero-day after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN enabled. The company is working to determine if the incidents ste...

Executive Summary SentinelLABS has uncovered a series of cryptocurrency scams in which threat actors distribute a malicious smart contract disguised as a trading bot in order to drain user wallets ...

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that they are calling “ReVault”. 100+ models of Dell laptops are aff...

Excerpt: This post explains a recent incident response engagement handled by NCC Group’s Digital Forensics and Incident Response (DFIR) team, involving a social engineering attack followed by the q...

AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by dis...

Key Takeaways Threat actors are leveraging generative AI tools like DeepSite AI and BlackBox AI to produce phishing templates that closely mimic official government websites, like the Brazilian St...

In June 2025, during the 12-day conflict between Israel and Iran, a network of Iran-linked hackers launched a flurry of cyber-operations aligned with the war. As air strikes crossed borders, a vast...