CISA warns of a critical vulnerability affecting the popular GitHub Action “tj-actions/changed-files” to its Known Exploited Vulnerabilities Catalog. The supply chain attack, tracked as CVE-2025-30066 […]
Hackers Leveraging Azure App Proxy Pre-authentication to Access Orgs Private Network Resources
Recent security findings reveal that threat actors are actively exploiting misconfigured Azure application proxies to gain unauthorized access to organizations’ internal resources. When Azure app […]
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus […]
.webp)
Sophisticated Attack Via Booking Websites Installs LummaStealer Malware
Cybercriminals have launched a new sophisticated attack campaign targeting travelers through fake booking websites. The campaign, discovered in early 2025, tricks users into installing LummaStealer […]
Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code
A severe vulnerability in Synology’s DiskStation Manager (DSM) allows remote attackers to execute arbitrary code with no user interaction. The flaw, disclosed during PWN2OWN 2024, […]
.webp)
Beware of Fake Coinbase Migration Messages Aimed to Steal Your Wallet Credentials
A sophisticated phishing campaign is targeting cryptocurrency investors with fraudulent emails claiming a mandatory Coinbase wallet migration requirement. These deceptive messages, bearing the subject line […]
.webp)
Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT
A sophisticated phishing campaign is leveraging virtual hard disk (.vhd) files to distribute the dangerous VenomRAT malware. The attack begins with purchase order-themed emails containing […]
Hackers Allegedly Selling Firewall Access to Canon Inc on Hacking Forums
Threat actors are allegedly offering root access to Canon Inc.’s internal firewall systems on underground hacking forums. According to security monitoring firm ThreatMon, the advertisement […]
Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing – PoC Released
A critical vulnerability in Windows File Explorer, identified as CVE-2025-24071, enables attackers to steal NTLM hashed passwords without any user interaction beyond simply extracting a […]
CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat […]