We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack...

Microsoft is investigating an ongoing DNS outage affecting customers worldwide, preventing them from accessing Microsoft Azure and Microsoft 365 services. [...]

Emails confirm payroll and bank details lifted in cyberattack on US subsidiary Global marketing giant Dentsu is writing to current and former staff after a cyberattack on a subsidiary led to bank,...

A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk. Identified as CVE-2025-12080, the flaw allows any...

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. [...]

Cyble Tracks New Vulnerabilities " data-image-caption="" data-medium-file="https://cyble.com/wp-content/uploads/2025/10/Cyble-Tracks-New-Vulnerabilities-2-300x150.webp"...

ICO fined Bharat Singh Chand £200,000 after receiving 19,138 complaints Britain's data watchdog has fined a sole trader £200,000 for nearly a million spam texts targeting people in debt – almost...

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather...

Attackers are gaining access using a custom, Sandworm-linked webshell and are making heavy use of Living-off-the-Land tactics to maintain persistent access.

In the time it takes to read this paragraph—less than a minute—thousands of cyberattacks will have struck systems across the world. Financial institutions remain among the most targeted, facing...

Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. [...]

A path traversal vulnerability discovered in Docker Compose allows attackers to write arbitrary files to host systems through specially crafted OCI artifacts. Tracked as CVE-2025-62725, the flaw...

Hidden visibility gaps can turn unpatched systems into open doors. Action1 gives IT teams unified visibility and automated control to detect, prioritize, and remediate vulnerabilities before...

This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts.

Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams

Dangles £100K for someone to fix £23B tech mess The UK government is on the hunt for a new CTO after incumbent David Knott announced his departure, citing family reasons.…

What happened? We detected unusual activity on servers in Merkle’s network. We immediately implemented our incident response protocols, took steps to contain the activity, and launched an...

Cybersecurity agency urges organizations to upgrade or risk total network compromise Germany's infosec office (BSI) is sounding the alarm after finding that 92 percent of the nation's Exchange...

A critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as...

The Apache Software Foundation has disclosed two new security vulnerabilities affecting multiple versions of Apache Tomcat, warning system administrators to take immediate action. The flaws,...

The author noticed a file called WSRequestXSSproxy_ajaxprocessor.jsp that hadn't changed much sense 2008. It's unused but a leftover artifact of the product. The whole purpose of this was SSRF as...

A sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access,...

The application defines route permissions via using path regular expressions. The permissions aren't part of the path! Immediately, the author thought there is no way this is being done correctly....

Infernal Twin is an automated wireless hacking suite written in Python which automates many of the repetitive tasks involved in security testing for wifi networks. Originally created to automate...

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover...

Fluxion is an automated EvilAP attack tool for carrying out MiTM attacks on WPA Wireless networks written in a mix of Bash and Python. Fluxion is heavily based off Linset the Evil Twin Attack Bash...

We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject...

Reaver download below, this tool has been designed to be a robust and practical tool to hack WPS Pin WiFi Networks using WiFi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2...

coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys. If you are auditing WPA-PSK networks, you can use this tool to identify weak...

Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app. It offers a simple and easy UI to use these tools...