SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on su...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the defau...

Microsoft has addressed a critical security vulnerability in Azure Entra ID, tracked as CVE-2025-55241. Initially described as a low-impact privilege escalation bug, security research later reveale...

The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for the scale of cyber threat...

A team of security researchers from Cloud Security Solutions provider, Radware, found a way to trick a popular AI tool into giving up a user’s private information. The team, including lead research...

SentinelLABS researchers discovered MalTerminal, the earliest known LLM-enabled malware, which generates malicious logic at runtime, making the detection more complex. Researchers identified it via...

Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs runnin...

Check Point Research is tracking a long-running campaign by the Iranian threat actor Nimbus Manticore, which overlaps with UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operations. The ongo...

A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system. The technique...

Security researcher Dirk-jan Mollema, founder of offensive security Outsider Security, discovered a token validation flaw that gave him Global Admin privileges in every Entra ID tenant. This level...

Primary impacts hit Heathrow (London, UK), Brussels (Belgium), and Berlin (Germany). These three saw the most severe disruptions, with 29 total cancellations across them by September 20 midday. Th...

The automaker – which owns brands including Chrysler, Jeep, and Peugeot – confirmed the data leak to Reuters, saying an unnamed third-party provider that supports its North American customer servic...

Emerging in early 2023, TradeOgre operated entirely as a hidden service, leveraging the anonymity of the Tor network to avoid regulatory oversight and conceal the origin of illicit funds. Royal Ca...

Akira is known to have very comparable links to the old Conti cybercrime organisation, including code similarities with the ransomware payload and templated attacks that follow a playbook of proced...

In February 2025, via ESET telemetry, we detected four different Gamaredon-Turla co-compromises in Ukraine. On those machines, Gamaredon deployed a wide range of tools, including PteroLNK, PteroSte...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-49564 Nokia - CBIS,NCS ...

Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connec...

In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware. The threat actors are using Search Engine Optimizati...

The actively exploited vulnerability, CVE-2025-10585, is a Type Confusion flaw in the V8 JavaScript and WebAssembly engine. Type confusion bugs occur when a program allocates a resource or object ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10604 PHPGurukul - Online Di...