Tracked as CVE-2025-10035, this security flaw impacts Fortra’s web-based secure transfer GoAnywhere MFT tool, caused by a deserialization of untrusted data weakness in the License Servlet. This vul...

A new report from Booz Allen Hamilton identified that the People’s Republic of China (PRC) has developed a sophisticated and persistent cyber acceleration strategy that enables it to conduct global...

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and ste...

Threat actors exploited CVE-2025-27915, a cross-site scripting (XSS) vulnerability in ZCS 9.0, 10.0, and 10.1, to deliver a JavaScript payload onto target systems. The vulnerability stems from insu...

Attackers can weaponize AWS X-Ray as a covert bidirectional C2 channel, abusing legitimate cloud tracing infrastructure for C2.\n\nAWS X-Ray was designed to help developers to understand applicatio...

Discord issued an official update on October 3, 2025, explaining that an attacker successfully compromised the systems of a third-party customer service provider (apparently Zendesk), gaining unaut...

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2021-42193 n/a - n/a nopCom...

Oracle said on Thursday that customers of its E-Business Suite of products “have received extortion emails,” confirming a warning first issued on Wednesday by Alphabet’s Google. In a blog post, the...

An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. Thi...

Phishing and vulnerability exploitation accounted for the vast majority of initial access in cyber-attacks against EU organizations over the past year, according to ENISA. Over the period, phishing...

Today, we begin exposing the Iranian APT affiliated with the Counterintelligence Division (Unit 1500) of the IRGC-IO, known as Charming Kitten. Heading this operation is Abbas Rahrovi (aka Abbas H...

Security researchers at Infoblox have uncovered a massive network of 30,000 unique website addresses across 584 top-level domains, such as .com. These websites contain no malware or scams themselve...

Recent enforcement actions include OFAC sanctions in August targeting a Russian national who facilitated payments to DPRK-based Chinyong Information Technology Cooperation Company (Chinyong), also ...

A newly patched high-severity VMware vulnerability has been exploited as a zero-day since October 2024 for code execution with elevated privileges, NVISO Labs reports. According to NVISO, which was...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10773 B-Link - BL-AC2100 ...

Broadcom has warned about severe zero-day vulnerabilities affecting VMware software, which is widely used to power virtual machines. China-linked hackers may have been exploiting the flaws for mont...

Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 re...

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential ...

Tenable dubbed its latest discovery the “Gemini Trifecta” because it consists of three ways that threat actors can manipulate the Google GenAI tool for indirect prompt injection and data exfiltrati...