Home
Products & Services
Technology
Medical
Security
Home
Products & Services
Technology
Medical
Security
Security
Updates
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows
11-11-2025 02:19
Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. "Attackers impersonat
11-11-2025 01:59
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. Fro
10-11-2025 18:21
New Browser Security Report Reveals Emerging Threats for Enterprises
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too
10-11-2025 17:28
Many Forbes AI 50 Companies Leak Secrets on GitHub
Wiz found the secrets and warned that they can expose training data, organizational structures, and private models. The post appeared first on .
10-11-2025 16:12
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. "The attacker's modus ope
10-11-2025 14:41
Runc Vulnerabilities Can Be Exploited to Escape Containers
The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched. The post appeared first on .
10-11-2025 14:29
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which
10-11-2025 14:21
Two New Web Application Risk Categories Added to OWASP Top 10
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post appeared first on .
10-11-2025 13:21
GlassWorm Malware Returns to Open VSX, Emerges on GitHub
Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well. The post appeared first on .
10-11-2025 12:46
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site
The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. The post appeared first on .
10-11-2025 11:46
QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland
Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post appeared first on .
10-11-2025 10:55
Australia Sanctions Hackers Supporting North Korea’s Weapons Program
Australia mirrored the US’s recent sanctions against bankers, financial institutions, and others allegedly involved in laundering funds for North Korea. The post appeared first on .
10-11-2025 10:37
Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protect
08-11-2025 19:59
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 (CV
07-11-2025 23:30
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues
07-11-2025 21:37
Crowdstrike: AI Accelerating Ransomware Attacks Across Europe
CrowdStrike’s 2025 report reveals how AI is accelerating ransomware attacks and reshaping Europe’s cyber threat landscape. The post appeared first on .
07-11-2025 21:01
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were
07-11-2025 17:25
In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests
Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech. The post appeared first on .
07-11-2025 16:20
Enterprise Credentials at Risk – Same Old, Same Old?
Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just m
07-11-2025 16:00
Landfall Android Spyware Targeted Samsung Phones via Zero-Day
Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East. The post appeared first on .
07-11-2025 15:29
Radical Empowerment From Your Leadership: Understood by Few, Essential for All
When leaders redefine power as trust instead of control, teams unlock their potential — and organizations find their edge. The post appeared first on .
07-11-2025 15:00
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. Th
07-11-2025 14:45
In memoriam: David Harley
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security
07-11-2025 13:46
Data Exposure Vulnerability Found in Deep Learning Tool Keras
The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. The post appeared first on .
07-11-2025 13:41
ClickFix Attacks Against macOS Users Evolving
ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing. The post appeared first on .
07-11-2025 13:22
The who, where, and how of APT attacks in Q2 2025–Q3 2025
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report
07-11-2025 12:34
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tu
07-11-2025 12:18
DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz
Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared. The post appeared first on .
07-11-2025 11:16
The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures
The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors. The post appeared first on .
07-11-2025 11:00
Chrome 142 Update Patches High-Severity Flaws
An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution. The post appeared first on .
07-11-2025 10:35
Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector
Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine. The post appeared first on .
07-11-2025 09:29
18 Arrested in Crackdown on Credit Card Fraud Rings
Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million). The post appeared first on .
07-11-2025 09:13
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the monik
06-11-2025 21:01
Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362
Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are
06-11-2025 20:28
From Tabletop to Turnkey: Building Cyber Resilience in Financial Services
Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relative
06-11-2025 17:29
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into a
06-11-2025 17:10
Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response
Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim t
06-11-2025 16:13
Researchers Hack ChatGPT Memories and Web Search Features
Tenable researchers discovered seven vulnerabilities, including ones affecting the latest GPT model. The post appeared first on .
06-11-2025 15:49
Truffle Security Raises $25 Million for Secret Scanning Engine
The investment will fuel the development of Truffle’s enterprise-grade secrets detection, verification, and remediation platform. The post appeared first on .
06-11-2025 14:00
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hype
06-11-2025 12:52
Follow Pragmatic Interventions to Keep Agentic AI in Check
Agentic AI speeds operations, but requires clear goals, least privilege, auditability, red‑teaming, and human oversight to manage opacity, misalignment, and misuse. The post appeared first on .
06-11-2025 12:45
DeFi Protocol Balancer Starts Recovering Funds Stolen in $128 Million Heist
Hackers drained more cryptocurrency from Balancer by exploiting a rounding function and performing batch swaps. The post appeared first on .
06-11-2025 12:11
Nevada Ransomware Attack Started Months Before It Was Discovered, Per Report
The ransomware attack discovered in August occurred as early as May when a state employee mistakenly downloaded malicious software. The post appeared first on .
06-11-2025 11:54
Automotive IT Firm Hyundai AutoEver Discloses Data Breach
Hyundai AutoEver America was hacked in February and the attackers managed to steal SSNs and other personal data. The post appeared first on .
06-11-2025 11:17
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor
06-11-2025 11:10
Cisco Patches Critical Vulnerabilities in Contact Center Appliance
The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system. The post appeared first on .
06-11-2025 10:20
State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack
The threat actor stole the firewall configuration files of all SonicWall customers who used the cloud backup service. The post appeared first on .
06-11-2025 09:51
ESET APT Activity Report Q2 2025–Q3 2025
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025
06-11-2025 09:45
Upgrade to Microsoft Windows 11 Home for Just $10
You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security. The post appeared first on .
06-11-2025 09:30
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved
05-11-2025 21:03
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without the
05-11-2025 19:34
Microsoft Teams Flaws Let Hackers Impersonate Executives
Researchers found Microsoft Teams bugs letting attackers spoof executives, alter messages, and erode trust in workplace communication. The post appeared first on .
05-11-2025 19:08
Securing the Open Android Ecosystem with Samsung Knox
Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns c
05-11-2025 17:25
Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions be
05-11-2025 16:50
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) work
05-11-2025 16:25
Why SOC Burnout Can Be Avoided: Practical Steps
Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have
05-11-2025 16:00
Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns
Google has released a report describing the novel ways in which malware has been using AI to adapt and evade detection. The post appeared first on .
05-11-2025 15:25
Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders
Get practical strategies to help minimize your risk exposure, including the need for identity threat detection and mitigation. The post appeared first on .
05-11-2025 14:07
Flare Raises $30 Million for Threat Exposure Management Platform
The company plans to advance its identity exposure management capabilities and pursue M&A opportunities. The post appeared first on .
05-11-2025 13:35
Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation
Armis recently surpassed $300 million in annual recurring revenue as it prepares for an IPO. The post appeared first on .
05-11-2025 13:23
Malanta Emerges from Stealth With $10 Million Seed Funding
Malanta collects and analyzes digital breadcrumbs that attackers leave behind and then forecasts how and when they will be weaponized. The post appeared first on .
05-11-2025 13:00
ConductorOne Raises $79 Million in Series B Funding
Leveraging AI, ConductorOne’s platform secures and manages millions of human, non-human, and AI identities. The post appeared first on .
05-11-2025 12:45
Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover
The critical vulnerability allows attackers to read arbitrary emails, including password reset messages. The post appeared first on .
05-11-2025 11:52
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
05-11-2025 11:42
Daylight Raises $33 Million for AI-Powered MDR Platform
The funding will fuel the development of Daylight’s security operations platform and the launch of new protection modules. The post appeared first on .
05-11-2025 11:32
Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack
The Japanese media giant says compromised Slack credentials were used to steal employee and business partner information. The post appeared first on .
05-11-2025 11:24
Portal26 Raises $9 Million for Gen-AI Adoption Platform
The gen-AI adoption management platform will invest the funds in accelerating growth and product innovations. The post appeared first on .
05-11-2025 10:58
Zscaler Acquires SPLX for AI Security Boost
The integration introduces something new inside a familiar perimeter, a dedicated AI protection layer within Zscaler’s Zero Trust Exchange platform. The post appeared first on .
05-11-2025 10:57
Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming
How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data
05-11-2025 10:00
A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and
04-11-2025 22:55
European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep
Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today,
04-11-2025 21:27
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allo
04-11-2025 19:54
Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed
Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, imperson
04-11-2025 19:30
Ransomware Defense Using the Wazuh Open Source Platform
Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and cri
04-11-2025 16:36
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deplo
04-11-2025 16:19
Chrome Expands Autofill to Passports, Licenses, and Vehicle Details
Google updates Chrome’s enhanced autofill to handle passports, driver’s licenses, and vehicle IDs like VINs, with opt-in confirmation and encryption. The post appeared first on .
04-11-2025 14:42
Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit
Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited,
04-11-2025 13:40
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed
04-11-2025 13:15
Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel
Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind
04-11-2025 11:28
How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)
Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead
04-11-2025 10:00
Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.
03-11-2025 23:38
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to b
03-11-2025 18:48
⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job
03-11-2025 18:26
The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations
Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat int
03-11-2025 17:26
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot
03-11-2025 16:44
Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case
Yuriy Igorevich Rybtsov, aka MrICQ, was arrested in Italy and lost his appeal to avoid extradition to the US. The post appeared first on .
03-11-2025 16:42
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the act
03-11-2025 16:12
How Software Development Teams Can Securely and Ethically Deploy AI Tools
To deploy AI tools securely and ethically, teams must balance innovation with accountability—establishing strong governance, upskilling developers, and enforcing rigorous code reviews. The post appeared first on .
03-11-2025 16:00
CISO Burnout – Epidemic, Endemic, or Simply Inevitable?
CISO burnout is increasing. Are we simply more aware of the condition? Or have demands on the CISO grown and burnout is now the inevitable result? The post appeared first on .
03-11-2025 15:00
Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases
Kolter leads a panel at OpenAI that has the authority to halt the ChatGPT maker’s release of new AI systems if it finds them unsafe. The post appeared first on .
03-11-2025 14:21
Claude AI APIs Can Be Abused for Data Exfiltration
An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account. The post appeared first on .
03-11-2025 13:28
Cybersecurity M&A Roundup: 45 Deals Announced in October 2025
Significant cybersecurity M&A deals announced by Jamf, LevelBlue, Ping Identity, Twilio, and Veeam Software. The post appeared first on .
03-11-2025 12:42
Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks
PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post appeared first on .
03-11-2025 10:27
Ground zero: 5 things to do after discovering a cyberattack
When every minute counts, preparation and precision can mean the difference between disruption and disaster
03-11-2025 10:00
Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post appeared first on .
03-11-2025 09:13
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involv
01-11-2025 19:13
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark, the artificial
31-10-2025 22:49
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands
31-10-2025 21:38
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targe
31-10-2025 19:27
source : hackernews, securityweek, techrepublicsecurity, welivesecurity