Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbed SessionReaper, enables remote code […]
Stealthy Malware Leveraging Variable Functions and Cookies for Evasion
Cybersecurity researchers at Wordfence Threat Intelligence and their Care and Response teams have observed a persistent trend in new malware that leverages heavy obfuscation techniques […]
Cybercriminals Impersonate Aid Agencies to Lure Victims with Fake Financial Offers
Scammers have intensified their efforts to defraud vulnerable populations through sophisticated impersonation schemes and fraudulent financial aid offers, according to recent intelligence monitoring and law […]
Why Organizations Are Abandoning Static Secrets for Managed Identities
As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For […]
Jingle Thief Hackers Exploit the Festive Season with Weaponized Gift Card Scams
Cybersecurity researchers have uncovered a sophisticated campaign targeting global retail and consumer services organizations through credential theft and gift card fraud. Dubbed “Jingle Thief,” this […]
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed […]
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to […]
OpenAI Faces DHS Request to Disclose User’s ChatGPT Prompts in Investigation
Over the past year, federal agents struggled to uncover who operated a notorious child exploitation site on the dark web. Their search took an unexpected […]
Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign
Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The […]
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft application […]