NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-10906 Magnetism Studios - En...

Our previous post about Salt Typhoon provided an initial commentary on the Joint Cybersecurity Advisory on Salt Typhoon issued on August 27, 2025. The advisory identified three Chinese companies - ...

The UK’s National Crime Agency has arrested a man as part of an investigation into a ransomware attack that disrupted airports around the world last weekend. The attack targeting Collins Aerospace...

Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout time—the period from initial access to lateral movement—has plummeted to a ...

In a significant update on a previous malicious campaign exposed last year, Cisco has said the same threat actor has exploited new vulnerabilities in Cisco Adaptive Security Appliance (ASA) 5500-X ...

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services ...

At a court hearing last week, U.K. prosecutors laid out a litany of charges against Jubair and 18-year-old Owen Flowers, accusing the teens of involvement in an August 2024 cyberattack that cripple...

Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. Tracked as CVE-2025-20352, the ...

In September 2025, Zscaler ThreatLabz discovered a new multi-stage ClickFix campaign potentially targeting members of Russian civil society. Based on multiple overlapping tactics, techniques and pr...

CISA has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S. federal civilian executive branch agency’s network by exploiting CVE-2024-36401,...

Akvorado 2.0 was released today! 🚀 Akvorado collects network flows with IPFIX and sFlow. It enriches flows and stores them in a ClickHouse database. Users can browse the data through a web console....

The U.S. Secret Service uncovered a covert communications network near the U.N. in New York, seizing 100,000 SIM cards and 300 servers. The operation, capable of sending 30 million texts per minute...

SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on su...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the defau...

Microsoft has addressed a critical security vulnerability in Azure Entra ID, tracked as CVE-2025-55241. Initially described as a low-impact privilege escalation bug, security research later reveale...

The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for the scale of cyber threat...

A team of security researchers from Cloud Security Solutions provider, Radware, found a way to trick a popular AI tool into giving up a user’s private information. The team, including lead research...

SentinelLABS researchers discovered MalTerminal, the earliest known LLM-enabled malware, which generates malicious logic at runtime, making the detection more complex. Researchers identified it via...

Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs runnin...

Check Point Research is tracking a long-running campaign by the Iranian threat actor Nimbus Manticore, which overlaps with UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operations. The ongo...