The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products. These advisories, […]
Cookie-Bite Attack Enables MFA Bypass and Persistent Cloud Server Access
Researchers have exposed a sophisticated cyberattack technique dubbed the “Cookie-Bite…
Synology Network File System Vulnerability Allows Unauthorized File Access
A critical security vulnerability in Synology’s Network File System (NFS)…
Super-Smart AI Could Launch Attacks Sooner Than We Think
In a development for cybersecurity, large language models (LLMs) are…
Hackers Deploy New Malware Disguised as Networking Software Updates
A sophisticated backdoor has been uncovered targeting major organizations across…
CrowdStrike Launches Falcon® Privileged Access with Advanced Identity Protection
CrowdStrike today announced the general availability of Falcon® Privileged Access,…
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan The original article found on The Hacker News Read More
Synology Network File System Vulnerability Allows Unauthorized File Access
A critical security vulnerability in Synology’s Network File System (NFS)…
Cookie-Bite Attack Enables MFA Bypass and Persistent Cloud Server Access
Researchers have exposed a sophisticated cyberattack technique dubbed the “Cookie-Bite…
Hackers Deploy New Malware Disguised as Networking Software Updates
A sophisticated backdoor has been uncovered targeting major organizations across…
Super-Smart AI Could Launch Attacks Sooner Than We Think
In a development for cybersecurity, large language models (LLMs) are…
Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been…
Autonomous, GenAI-Driven Attacker Platform Enters the Chat
"Xanthorox AI" provides a modular GenAI platform for offensive cyberattacks,…
Windows CLFS Zero-Day Vulnerability Actively Exploited by Ransomware Group
A critical zero-day vulnerability in the Windows Common Log File…
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Cybersecurity researchers have discovered a new Android banking malware called…
If Boards Don’t Fix OT Security, Regulators Will
Around the world, governments are setting higher-bar regulations with clear…
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
Threat intelligence firm GreyNoise is warning of a "coordinated surge"…
Malicious Macros Return in Sophisticated Phishing Campaigns
The cybersecurity landscape of 2025 is witnessing a troubling resurgence of malicious macros in phishing campaigns. Despite years of advancements in security measures and Microsoft’s […]
“Living-off-the-Land Techniques” How Malware Families Evade Detection
Living-off-the-Land (LOTL) attacks have become a cornerstone of modern cyber threats, allowing malware to evade detection by leveraging legitimate system tools and processes. Rather than […]
Chinese UNC5174 Group Expands Arsenal with New Open Source Tool and C2 Infrastructure
The Sysdig Threat Research Team (TRT) has revealed a significant evolution in the offensive capabilities of the Chinese state-sponsored threat actor, UNC5174. In late January […]
SOC Alert Fatigue Hits Peak Levels As Teams Battle Notification Overload
Security Operations Centers (SOCs) are facing a mounting crisis: alert fatigue. As cyber threats multiply and security tools proliferate, SOC teams are inundated with thousands […]
Oracle Issues Patch for 378 Vulnerabilities in Major Security Rollout
Oracle Corporation has released a sweeping Critical Patch Update (CPU) for April 2025, addressing a staggering 378 security vulnerabilities across a wide array of its […]
Hackers Exploit Node.js to Spread Malware and Exfiltrate Data
Threat actors are increasingly targeting Node.js—a staple tool for modern web developers—to launch sophisticated malware campaigns aimed at data theft and system compromise. Microsoft Defender […]
U.S. Govt. Funding for MITRE’s CVE Ends April 16, Cybersecurity Community on Alert
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented […]
Authorities Shut Down Four Encrypted Platforms Used by Cybercriminals
Law enforcement authorities across Europe and Türkiye have dealt a major blow to four criminal networks alleged to be at the heart of drug trafficking […]
Critical Chrome Vulnerability Exposes Users to Data Theft and Unauthorized Access
A critical security vulnerability has been discovered in Google Chrome, prompting an urgent update as millions of users worldwide face potential threats of data theft […]