Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged […]
5 Ways Identity-based Attacks Are Breaching Retail
From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five […]
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers […]
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to […]
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, […]
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been […]
⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted […]
Manufacturing Security: Why Default Passwords Must Go
If you didn’t hear about Iranian hackers breaching US water facilities, it’s because they only managed to control a single pressure station serving […]
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote […]
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security […]
Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised […]
Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused […]