We discovered a handful of security issues in Solarwinds Web Help Desk. These issues include an unauthenticated remote-code execution vulnerability via deserialization, static credentials that allo...
Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a maker of electronics cables located in Ja...
Meta on Tuesday announced it’s adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lo...
A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a single malicious spreadsheet formula. The issue was uncovered by Cyera Res...
Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They vary in technique and platform, but most follow the same high-level roadmap: initial contact...
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-sou...
Hackers have claimed responsibility for a cyberattack against Panera Bread, a major American restaurant chain, that allegedly resulted in the leak of millions of customer and employee records. The ...
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling indus...
In January 2026, an app called Freecash shot up to the number two spot on Apple’s free iOS chart in the US, helped along by TikTok ads that resemble job offers from TikTok itself. The ads promised ...
In September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian g...
Cellebrite’s products have been used by the Jordanian authorities to extract data from the phones of activists and civil society members without their consent. During our forensic investigation of ...
Part 2 flips to the defender’s point of view. We deploy AD Tripwires inside the same GOAD lab and show how a small set of purpose-built tripwire accounts produces deterministic alerts the moment an...
Our security research has uncovered several malicious Chrome extensions that compromise user security. These extensions, with a combined user base exceeding 100,000 users, employ tactics ranging fr...
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with th...
A recent legal case has revealed a surprising gap in computer privacy that many people likely didn’t know existed. It turns out Microsoft can unlock personal computers for the government, and they ...
In late 2025, Poland’s energy system faced what has been described as the “largest cyberattack” targeting the country in years. ESET Research has now found that the attack was the work of the notor...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2021-47888 The Textpattern Develo...
Nike, the American apparel behemoth, may have suffered a data breach. A prominent cybercriminal gang claims it has hacked the company and is threatening to release stolen data to the public. The Wo...
Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal. The stolen data, linked to a November breach claimed by the Everest ransomware gang, in...
Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Threat actors automate firewall changes, add users, enable...