A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels.\n\nThe vulnerability undermi...
The issue is related to how older 7-Zip versions handle symbolic links inside ZIP files (a symbolic link is a shortcut to another file or folder). As explained by Trend Micro’s Zero Day Initiative ...
Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting.\n\nThe researchers from th...
Leading cybersecurity firm CrowdStrike recently confirmed it fired an employee for sharing confidential internal details with a major hacking group. This incident, which became public on Friday, sh...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-0504 Black Duck - Black Duck...
Two American citizens and two Chinese nationals now face 50 years behind bars each for illegally exporting at least four shipments of Nvidia’s cutting-edge GPU chips and their AI technology to the ...
The ShinyHunters cybercrime group has claimed responsibility for the Gainsight breach, asserting they leveraged access gained during the earlier Salesloft Drift hack to pilfer data from hundreds of...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-65025 esm-dev - esm.sh ...
Sturnus is a new Android banking trojan with full device-takeover abilities. It bypasses encrypted messaging by capturing on-screen content and can steal banking credentials, remotely control the d...
A new wave of ransomware attacks is targeting cloud storage environments, specifically focusing on Amazon Simple Storage Service (S3) buckets that contain critical business data. The Server-Side E...
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods.\n\nStart...
A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive net...
A new information stealer targeting macOS users, dubbed DigitStealer, has been identified. This malware employs advanced detection-evasion techniques and a multi-stage attack chain, presenting new ...
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in q...
Microsoft has issued a warning about its experimental AI agent, Copilot Actions, integrated into Windows, stating that it can potentially infect devices and compromise sensitive user data. This ann...
A new phishing technique called Browser-in-the-Browser (BitB) is gaining traction, leveraging fake browser pop-up windows to steal credentials. This attack method presents a convincing fake login w...
Tenable Research has uncovered an Active Directory anomaly affecting older intra-forest trusts. Trusts created under Windows 2000 lack the TRUST_ATTRIBUTE_WITHIN_FOREST flag, even after domain and ...
A self-replicating botnet, dubbed ShadowRay 2.0, is actively targeting internet-facing Ray clusters to mine cryptocurrency, steal data, and launch DDoS attacks. This campaign, ongoing since at leas...
A U.S. real-estate company was targeted in a cyberattack in mid-October 2025, with the attackers employing the emerging Tuoni command-and-control (C2) framework. Cybersecurity researchers at Morphi...
Meta is expanding its WhatsApp security research efforts with a new proxy tool for bug bounty hunters and over $4 million in bounties awarded this year alone. The WhatsApp Research Proxy aims to fa...