Researchers have discovered a new attack path in Active Directory (AD) environments that use Windows Server 2025 in default configuration. By exploiting the weakness, attackers […]
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam. […]
Unpatched Windows Server Flaw Threatens Active Directory Users
Attackers can exploit a vulnerability present in the delegated Managed Service Account (dMSA) feature that fumbles permission handling and is present by default. ​The original […]
71 Fake Websites Impersonating German Retailer to Steal Payment Information
Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains designed to impersonate a prominent German international discount retailer, with […]
PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram
A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports), has surfaced as a significant cyber threat, targeting sensitive data […]
_pichetw_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Hidden Cybersecurity Risks of M&A
Merger and acquisition due diligence typically focuses on financials, legal risks, and operational efficiencies. Cybersecurity is often an afterthought — and that’s a problem. ​The […]
NIST’s ‘LEV’ Equation to Determine Likelihood a Bug Was Exploited
A new equation introduced by the National Institute of Standards and Technology (NIST) aims to offer a mathematical likelihood that a vulnerability has been exploited […]
Windows 11 Introduces Enhanced Administrator Protection to Strengthen Security Against Elevated Privilege Attacks
Microsoft has unveiled Administrator Protection, a groundbreaking security feature for Windows 11 designed to safeguard systems against privilege escalation attacks. This new capability creates a […]
New Scan Uncovers 150K Industrial Systems Worldwide Vulnerable to Cyberattacks
A groundbreaking study leveraging advanced application-layer scanning has exposed approximately 150,000 industrial control systems (ICS) worldwide that are directly accessible on the public internet, posing […]
Critical flaw in OpenPGP.js raises alarms for encrypted email services
A newly discovered flaw in OpenPGP.js, a JavaScript cryptography library used by services like Proton Mail, could allow attackers to spoof messages that appear securely […]