A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such...
A vulnerability has been discovered FortiWeb, which could allow for SQL injection. FortiWeb is a web application firewall (WAF) developed by Fortinet. It's designed to protect web applications and...
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools
CitrixBleed 2 exploitation started mid-June — how to spot itCitrixBleed 2 — CVE-2025–5777 — has been under active exploitation to hijack Netscaler sessions, bypassing MFA, globally for a month.I...
The retail giant's chair confirmed the breach was caused by ransomware.
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the...
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky,...
Smarter TV operating systems bring added convenience, but they also raise fresh privacy concerns - especially when it comes to automatic content recognition (ACR).
12Critical115Important1Moderate0LowMicrosoft addresses 128 CVEs, including one zero-day vulnerability that was publicly disclosed.Microsoft addresses 128 CVEs in its July 2025 Patch Tuesday...
Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. [...]
Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets.
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level...
Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. [...]
Thousands of companies rely on Microsoft Entra ID for identity and access management (IAM), including more than half of the Fortune 500 companies. From user authentication to access control for...
Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting
On June 26, 2025, the Federal Energy Regulatory Commission (FERC or the Commission) issued Order No. 907 1 formally approving...
Identity-based cyberattacks soar 156%, driven by cheap Phishing-as-a-Service & infostealer malware. Learn how criminals bypass MFA to steal credentials, access bank accounts, and compromise...
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in...
Exposed RDP ports are an open door for attackers. TruGrid SecureRDP enforces Zero Trust and MFA, blocks lateral movement, and secures remote access—no open firewall ports required. Learn more and...
An IAB campaign exploited leaked ASP.NET Machine Keys. We dissect the attacker's infrastructure, campaign and offer takeaways for blue teams. The post GoldMelody’s Hidden Chords: Initial Access...
We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.
Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. [...]
Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase
The company behind AV/EDR evasion tool Shellter has confirmed the product is being used by threat actors
France’s cybersecurity agency ANSSI uncovered last September a campaign exploiting multiple zero-day flaws in Ivanti Cloud Service Appliance... The post China-linked Houken attacker hit France’s...
Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma.
China’s Hikvision vows legal battle after Canada bans its operations, citing national security concerns
Trend Micro has observed the Bert ransomware group in operation since April 2025, with confirmed victims in sectors including healthcare, technology and event services