Qilin n'est pas un groupe de pirates informatiques, mais une "franchise" qui permet d'utiliser ses services contre rémunération. Apparue en 2022, elle reste nimbée de mystère. Des lycées du nord...
NEW YORK – New York Attorney General Letitia James today announced a settlement with a public accounting firm, Wojeski & Company (Wojeski), to strengthen its data security to protect consumers’...
A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the...
On October 15, 2025, Jewett-Cameron Trading Co. Ltd. (the "Company") learned that a threat actor had gained unauthorized access to portions of the Company's information technology ("IT")...
Think you know all there is to know about cybersecurity? Guess again. Shadow AI is challenging security leaders with many of the same issues raised by other “shadow” technologies. Only this time,...
Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts
ICO says probe unnecessary after reviewing ministry's handling of leak The UK's data protection regulator declined to launch an investigation into a leak at the Ministry of Defence that risked the...
Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities,...
Top 10 Takeaways from Predict 2025: Turning Intelligence Into Action
Initial access leverages IIS apps configured with reused/public machineKey (ValidationKey/DecryptionKey) values, enabling __VIEWSTATE deserialization to run arbitrary commands. Following foothold,...
Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it's introducing new warnings on WhatsApp when users...
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign...
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into...
The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. [...]
TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. [...]
Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates.BackgroundOn October 21, Oracle released its Critical Patch Update (CPU) for October...
Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns...
It’s dominating the economy and shaping the threats we face and how we defend against them
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. [...]
In a letter to Apple cited by the state news agency TASS, the Federal Antimonopoly Service (FAS) said Apple’s current setup gives preference to foreign search engines, putting local providers at a...
Why organizations need a new strategy to break down silos and usher in a new era of risk intelligence Partner Content As cyber risk continues to escalate, many organizations face a disconnect...
The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. [...]
Written by: Alden Wahlstrom, David Mainor Introduction Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives...
On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards. [...]
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the...
Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers. [...]
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per...
Choi A-ri reports: Kim Young-shub, KT’s representative, stated regarding the unauthorized micro-payment incident, “I will take responsibility once the situation is resolved,” effectively...
Jake Kanter reports: The cyber-attack on Prospect, the parent union of film and TV group Bectu, has sparked fears that it could have compromised information pertaining to the UK’s national...
CISA KEV Catalog " data-image-caption="" data-medium-file="https://cyble.com/wp-content/uploads/2025/10/CISA-KEV-Catalog-300x150.webp"...