Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day vulnerabilities that were actively exploited in “extremely sophisticated” attacks aimed at […]
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH…
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft…
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked…
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress…
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized…
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan The original article found on The Hacker News Read More
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft…
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH…
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized…
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress…
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked…
Gain Legends International Suffers Security Breach – Customers Data Stolen
Gain Legends International, a prominent name in sports, entertainment, and…
FDA’s Critical Role in Keeping Medical Devices Secure
The FDA's regulations and guidance aim to strike a balance…
Zero-Day in CentreStack File Sharing Platform Under Attack
Gladinet's platform is widely used among managed service providers, and…
Earth Alux Hackers Employ VARGIET Malware to Attack Organizations
The cybersecurity landscape has been disrupted by Earth Alux, a…
New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch
A critical vulnerability affecting all Windows operating systems from Windows…
Ransomware gang ‘CrazyHunter’ Targets Critical Taiwanese Orgs
Trend Micro researchers detailed an emerging ransomware campaign by a new group known as “CrazyHunter” that is targeting critical sectors in Taiwan. The original article […]
Windows Task Scheduler Vulnerabilities Allow Attackers Gain Admin Account Control
New vulnerabilities in Windows Task Scheduler’s schtasks.exe let attackers bypass UAC, alter metadata, modify event logs, and evade detection. These actions map to MITRE ATT&CK […]
CISA Extend Funding to MITRE to Keep CVE Program Running
The Cybersecurity and Infrastructure Security Agency (CISA) has extended funding to the MITRE Corporation, ensuring the continued operation of the Common Vulnerabilities and Exposures (CVE) […]
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to […]
Server-Side Phishing Attacks Target Employee and Member Portals to Steal Login Credentials
Attackers have been deploying server-side phishing schemes to compromise employee and member login portals across various enterprises. This strategic shift to server-side operations is designed […]
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, […]
Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data
Cloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion. The original article found […]
Hackers Target Investors Through Fraud Networks to Steal Financial Data
Hackers have launched sophisticated schemes designed to defraud investors and steal their financial data. Utilizing digital platforms, encrypted messaging apps, and crypto transactions, these criminals […]
Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure
A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring […]