A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential ...

Tenable dubbed its latest discovery the “Gemini Trifecta” because it consists of three ways that threat actors can manipulate the Google GenAI tool for indirect prompt injection and data exfiltrati...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-5200 Unknown - Postie ...

The attack, in a nutshell, involves leveraging a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regi...

The SVG Security Analysis Toolkit by HackingLZ offers a comprehensive [OPEN SOURCE] solution: a suite of four Python-based tools designed to reveal hidden scripts, decode obfuscated URLs, and verif...

The cybersecurity community is currently observing a surge in interest around Olymp Loader, a recently unveiled Malware-as-a-Service (MaaS) platform written entirely in Assembly. Its author, operat...

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payload...

The Medusa ransomware group is claiming responsibility for a ransomware attack on Comcast Corporation, a global media and technology company best known for its broadband, television, and film busin...

Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed “Operation Co...

The campaign has been codenamed EvilAI by Trend Micro, describing the attackers behind the operation as “highly capable” owing to their ability to blur the line between authentic and deceptive soft...

Cisco Talos uncovered an ongoing campaign, active since 2022, targeting telecommunications and manufacturing sectors in Central and South Asia. The activity is assessed with medium confidence to be...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03 in response to an advanced threat actor exploiting zero-day vulnerabilities in Cisco Adaptive Secur...

The technique hinges on the predictable behavior of data serialization and the internal workings of Apple’s objects, which are essentially hash tables. The attack’s goal is to leak the memory addre...

A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July 2025. Security researchers at Arctic Wolf Labs detected a s...

Ransomware crews have a clear favorite target in 2025: factories. New data shows manufacturing soaking up the lion’s share of industrial attacks this year, as criminals pivot between software flaws...

This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting software developers and cryptocurrency p...

Two Dutch teenage boys aged 17 were arrested by the Politie on Monday for allegedly using hacking devices to spy for Russia. According to De Telegraaf, the two used a WiFi sniffer device near Europ...

Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security research...

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability (CVE-2025-10035) in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent sy...

Between July 2024 and July 2025, the threat actor, tracked as RedNovember, was seen targeting high-profile organizations globally, across government, defense, aerospace, and other industries. For i...