Researchers uncovered active exploitation of an unauthenticated access vulnerability (CVE-2025-12480) in Gladinet’s Triofox remote access platform by the threat cluster UNC6485. The flaw, present...

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed...

The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers. [...]

Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.”

Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. [...]

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert...

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned...

This webinar brings together Citizen Lab researchers with policy advisors, Women, Peace and Security (WPS) experts, and human rights defenders to reflect on twenty-five years of the WPS agenda in...

Citizen Lab senior researcher John Scott-Railton speaks with TechCrunch about the proliferation of spyware use, and the effects it has on democracy. While it is ostensibly used to monitor...

Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service...

KONNI espionage crew covertly abused Google’s Find My Device feature to remotely factory-reset Android phones North Korean state-backed spies have found a new way to torch evidence of their own...

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the...

Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. [...]

This article originally appeared on the Stroz Freidberg, A LevelBlue Company, blog site.

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these...

Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver’s licenses. The breach, which occurred in February but is only now being disclosed,...

A surge in attacks exploiting iCalendar (.ics) files as a sophisticated threat vector that bypasses traditional email security defenses. These attacks leverage the trusted, plain-text nature of...

Lobbying efforts gain ground as proposals carve myriad holes into regulations Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation,...

A recent study by the renowned insurance firm Hiscox has revealed alarming trends in how cyberattacks are not only damaging businesses but are also taking a heavy toll on employees, leading to...

Meta projected last year that it would earn about 10 per cent of its overall annual revenue — $US16 billion ($24.6 billion) — from running advertising for scams and banned goods, internal company...

Microsoft has reminded customers today that systems running Home and Pro editions of Windows 11 23H2 have stopped receiving security updates. [...]

Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month. [...]

Introduction As Anti-Virus and EDR solutions improve in detection and response capabilities, the job of a red teamer can become quite arduous. Malware payloads and techniques that once dominated...

A UK government cybersecurity agency has advised companies relying on two of its popular external attack surface management (EASM) products to find alternatives by next year. The National Cyber...

The United States faces massive growth in electricity demand. If utilities’ projections are right, data centers will drive much of that growth. And if utilities try to meet that demand in...

The Federal Bureau of Investigation is trying to unmask the operator of Archive.is, also known as Archive.today, a website that saves snapshots of webpages and is commonly used to bypass news...

5Critical58Important0Moderate0LowMicrosoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.Microsoft patched 63 CVEs in its November 2025 Patch Tuesday...

Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. [...]

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe InDesign is a professional page layout and desktop...

A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems. The flaw, tracked as...