Hundreds of thousands of websites may be exposed to account takeover attacks due to a critical-severity vulnerability in the email delivery WordPress plugin Post SMTP, Defiant warns.\n\nPost SMTP v...

By enabling the Hyper-V role and deploying a minimalistic Alpine Linux-based virtual machine, the attackers created a hidden operational environment that hosts custom malware while evading traditio...

In another advisory, CISA identified that Radiometrics’ VizAir systems contained Missing Authentication for Critical Function and Insufficiently Protected Credentials vulnerabilities, impacting all...

Source: Infosecurity Magazine “Scattered LAPSUS$ Hunters (SLH), previously observed hinting at an extortion-as-a-service offering and testing “Sh1nySp1d3r” ransomware, has now been identified not ...

Russia’s Curly COMrades is abusing Microsoft’s Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine that bypasses endpoint security tools, giving...

Check Point Research uncovered four vulnerabilities in Microsoft Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video and au...

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~88 million...

Google is rolling out an enhanced autofill feature in Chrome that allows users to store and automatically fill in more sensitive data, including driver’s license numbers, passport numbers, and vehi...

Maintaining digital privacy requires constant attention due to the vast online footprint we create through internet-connected devices. Information, even after deletion, can resurface, impacting car...

A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US compan...

Seqrite Labs’ APT Team was the first to assign the nomenclature “Silent Lynx” to the threat group. Prior & later to this, multiple researchers had identified the initial campaigns and referred ...

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilizing the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks utilized a Chrome zero-...

Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal ...

In October 2025, threat researchers at Cyble Research and Intelligence Labs uncovered a sophisticated cyber attack leveraging weaponized military documents to distribute an advanced SSH-Tor backdoo...

Attackers can use indirect prompt injections to trick Anthropic’s Claude into exfiltrating data the AI model’s users have access to, a security researcher has discovered. The attack is relatively ...

Mafia boss Bai Suocheng and his son Bai Yingcang were among the five men sentenced to death by the Shenzhen Intermediate People’s Court. Yang Liqiang, Hu Xiaojiang, and Chen Guangyi were the other ...

A hacker has claimed responsibility for breaching the University of Pennsylvania’s systems and stealing 1.2 million donor records. The threat actor contacted BleepingComputer, alleging that the inc...

Aardvark functions through a sophisticated multi-stage pipeline that mimics the investigative process of a seasoned security researcher. It begins with a comprehensive analysis of an entire reposi...

Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in th...

Rebooting an infected device removes BADCANDY, the ASD says, but warns that “rebooting will not reverse additional actions taken by the threat actor and will not remedy the initial vulnerability ex...