We’ve identified infrastructure used to distribute BeaverTail and InvisibleFerret malware variants since at least May 2025. BeaverTail and InvisibleFerret are malware families operated by North Kor...

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. ShinyHunters told BleepingComputer tha...

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group behind a phishing-as-a-service (...

A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allo...

The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer records nearly 689,000 names, Social Security numbers, and other personal identifiers via direct ...

Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. The r...

Fitzpatrick was now resentenced to three years in prison for his role in operating BreachForums and for possessing child sexual abuse material. Launched in March 2022 and also known as Breached, B...

In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is a zero-day out-of-bounds write issue that resides in the ImageIO frame...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-12367 Vegagrup Software - Ve...

Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China economic-themed lures. In th...

Trend Micro reports that EvilAI operators are leveraging AI-generated code and social engineering in a rapidly expanding campaign. The group disguises malware as legitimate applications to bypass s...

The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republish...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10405 itsourcecode - Baptism...

Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. At its core, Yurei leverages Go’s concur...

Arkham blockchain analysis revealed that both Lockbit and Conti/Trickbot ransom gangs transacted with VPN.SN in early 2025. Lockbit conducted two transactions in January 2025, while Conti/Trickbot ...

A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without autho...

Hackers stole private data of millions of Gucci, Balenciaga, and Alexander McQueen customers, including names, contacts, addresses, and spending details.\n\nAttackers stole millions of customers’ p...

The campaign began with phishing emails using a newly registered domain, vaproum.biz, impersonating legitimate persons and businesses present in Iran, including a Swiss-based engineering company. T...

The actors, tracked under the malware family name BaoLoader, have utilized at least 26 code-signing certificates obtained through fraudulent business registrations, primarily targeting users seekin...

A North Korean threat actor has leveraged AI to create fake South Korean military agency ID card images used in a spear-phishing campaign, according to cybersecurity firm Genians. However, prompt ...