Summary: Trend™ Research has identified an active campaign exploiting CVE-2025-3248 to deliver the Flodrix botnet. Attackers use the vulnerability to execute downloader scripts on compromised Lang...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2021-43584 n/a - n/a DOM-ba...

Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. The incident was discovered on Thursday evening a...

Security researchers from SafetyDetectives found the information on an online forum notorious for hosting database leaks and cracked software. The user who posted the information didn’t stop at si...

The high-severity vulnerabilities can allow privilege escalation, code execution and the overwriting of arbitrary files. The three flaws affect versions 10.8.4 and earlier of Nessus Agent, also kn...

Cyber-crime crew Scattered Spider has infected US insurance companies following a series of ransomware attacks against American and British retailers, according to Google, which urged this sector t...

New research by Infoblox Threat Intel exposes a hidden alliance between major cybercrime groups like VexTrio and seemingly legitimate AdTech firms such as Los Pollos, Partners House, BroPush, and R...

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in quest...

Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. Designed for cybersecurity professionals and ethical hackers...

MCP Overview Who cares about MCP? You do. Or at least you should. MCP is the simplest and most actively supported method for connecting tools to your LLMs (for example, letting “Claude Desktop” acc...

Executive Summary A fileless AsyncRAT joins the Clickfix party, with an obfuscated PowerShell-based campaign. The malware is delivered via a fake verification prompt that lures users into executin...

Key Takeaways: A newly identified threat actor, Water Curse, is using weaponized GitHub repositories to deliver multistage malware. At least 76 GitHub accounts are linked to the campaign, with mal...

EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This repor...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-28380 n/a - n/a A cros...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-43535 Qualcomm, Inc. - Snapd...

The identified data breach involves 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens for sale on the dark web. As the threat actors aim to sell the da...

Key Takeaways Anubis is an emerging Ransomware-as-a-Service (RaaS) operation that combines file encryption with file destruction — a rare dual-threat capability. The ransomware features a “wipe mod...

A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vul...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-2745 AVEVA - PI Web API ...

A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Co...