A sophisticated new ransomware operation dubbed VanHelsing has emerged as a rapidly expanding threat in the cybercriminal landscape. First observed on March 7, 2025, this […]
Devolutions Server Flaw Allows Attackers to Impersonate Users via Pre-MFA Cookie
Devolutions Server has been found vulnerable to a critical security flaw that allows low-privileged authenticated users to impersonate other accounts by replaying pre-MFA cookies. The […]
Your passwordless future may never fully arrive
Enterprise CISOs have been trying to move beyond passwords for more than a decade, but have run into technical roadblocks, as many legacy systems were […]
Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins
A sophisticated phishing campaign is currently targeting email users with deceptive security alert notifications that appear to originate from their own organization’s domain. The phishing […]
65% of Top AI Firms Found Exposing Verified API Keys and Tokens on GitHub
A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication […]
Researchers Expose Deep Connections Between Maverick and Coyote Banking Malware
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp. The […]
Lazarus Group Deploys Weaponized Documents Against Aerospace & Defense
Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant […]
Danabot Malware Reemerges with Version 669 After Operation Endgame
The notorious Danabot banking malware has made a comeback with the release of version 669, marking a significant return after nearly six months of silence […]
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) […]
OWASP Top 10 2025 Released: Major Revisions and Two New Security Classes Added
The Open Web Application Security Project (OWASP) has officially unveiled the eighth edition of its influential Top 10 security risks list for 2025, introducing significant […]