Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in […]
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now entered active exploit risk after researchers published a proof-of-concept (PoC) this […]
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized parties to fraudulently obtain TLS certificates for high-profile domains, including Alibaba Cloud’s aliyun.com, researchers revealed this […]
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day. Dubbed “Scallywag,” this scheme […]
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent shockwaves through the cybersecurity community after researchers revealed it could enable […]
MITRE Unveils D3FEND CAD Tool to Model Advanced Cybersecurity Scenarios
MITRE has officially launched D3FEND CAD, an innovative tool designed to revolutionize how organizations model, analyze, and defend against sophisticated cyber threats. D3FEND CAD is […]
HPE Performance Cluster Manager Vulnerability Enables Unauthorized Access
Hewlett Packard Enterprise (HPE) has disclosed a severe security flaw in its Performance Cluster Manager (HPCM) software that could allow attackers to bypass authentication and […]
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country […]
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive […]
‘Fog’ Hackers Troll Victims With DOGE Ransom Notes
Since January, threat actors distributing the malware have notched up more than 100 victims. The original article found on darkreading Read More