The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers to intercept network traffic and install…
Gogs 0-Day Actively Exploited to Compromise Over 700 Servers
Security researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, no…
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
If you don’t look inside your environment, you can’t know its true state – and attackers count on that This article has been indexed from WeLiveSecurity Read the original article: Locks, SOCs and a cat in a box: What Schrödinger…
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims This article has been indexed from WeLiveSecurity Read the original article: Black Hat Europe 2025: Reputation matters – even…
Half of exposed React servers remain unpatched amid active exploitation
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters…
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer flaw, tracked as CVE-2025-58360 (CVSS Score of 8.2), to its Known Exploited Vulnerabilities…
Turn me on, turn me off: Zigbee assessment in industrial environments
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off. This article has been indexed from Securelist Read the original article: Turn me on, turn me off:…
Following the digital trail: what happens to data stolen in a phishing attack
Kaspersky experts detail the journey of the victims’ data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels. This article has been indexed from Securelist Read the original article: Following…
From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
The Trust Crisis No One’s Talking About Every breach, leak, or phishing attack doesn’t just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips away at public trust. As a result, businesses are no longer…
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion and server…
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security…
MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025
MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records this year. These prevalent flaws, which are often simple to detect and…
Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware
A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the dangerous Agent Tesla malware. What appears to be…
New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA
A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information and bypass multi-factor authentication using advanced Man-in-the-Browser techniques. The tool is…
How private is your VPN?
After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here’s what I wish everyone knew. This article has been indexed from Malwarebytes Read the original article: How private is your VPN?
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking
Notepad++ found a vulnerability in the way the software updater authenticates update files. The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Notepad++…
Microsoft Bug Bounty Program Expanded to Third-Party Code
All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services. The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Hong Kong’s New Critical Infrastructure Ordinance will be effective by 1 January 2026 – What CIOs Need to Know
As the clock ticks down to the full enforcement of Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law…
How Root Cause Analysis Improves Incident Response and Reduces Downtime?
Security incidents don’t fail because of a lack of tools; they fail because of a lack of insight. In an environment where every minute of downtime equals revenue loss, customer impact, and regulatory risk, root cause analysis has become a…
AI Threat Detection: How Machines Spot What Humans Miss
Discover how AI strengthens cybersecurity by detecting anomalies, stopping zero-day and fileless attacks, and enhancing human analysts through automation. The post AI Threat Detection: How Machines Spot What Humans Miss appeared first on Security Boulevard. This article has been indexed…
FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings
The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The…
Ransomware keeps widening its reach
Ransomware keeps shifting into new territory, pulling in victims from sectors and regions that once saw fewer attacks. The latest Global Threat Briefing for H2 2025 from CyberCube shows incidents spreading in ways that make it harder for security leaders…
LLM privacy policies keep getting longer, denser, and nearly impossible to decode
People expect privacy policies to explain what happens to their data. What users get instead is a growing wall of text that feels harder to read each year. In a new study, researchers reviewed privacy policies for LLMs and traced…