Tag: Cyber Security News

India’s Central Bureau of Investigation successfully dismantled a sophisticated transnational cybercriminal network that impersonated Microsoft technical support services, targeting vulnerable older adults primarily in Japan. The coordinated operation on May 28, 2025, involved raids across 19 locations throughout India, resulting…

Read more →

Kubernetes has become the de facto standard for container orchestration, but its complex architecture introduces numerous security challenges that organizations must address proactively. Securing a Kubernetes cluster requires a multi-layered approach encompassing control plane protection, robust authentication mechanisms, network segmentation,…

Read more →

Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is currently being actively exploited, as well as another vulnerability that has…

Read more →

A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, which exploited a previously unknown zero-day vulnerability to target a major Turkish defense company and execute malware remotely. The attack leveraged CVE-2025-33053, a remote code execution vulnerability that…

Read more →

Modern phishing attacks have evolved far beyond simple deceptive emails, now incorporating AI-generated content, deepfake impersonation, and sophisticated social engineering techniques that bypass traditional security measures. Organizations face an unprecedented challenge as cybercriminals leverage artificial intelligence to create compelling phishing…

Read more →

Fortinet has disclosed a new security vulnerability affecting its FortiOS SSL-VPN web-mode that allows authenticated users to gain unauthorized access to complete SSL-VPN configuration settings through specially crafted URLs. The vulnerability, designated as CVE-2025-25250, was published today and affects multiple…

Read more →

Salesforce’s cloud platform Heroku is currently experiencing a widespread service disruption that has affected thousands of businesses around the globe. The outage, which began earlier today, has crippled critical platform services including authentication systems and deployment pipelines, leaving developers unable…

Read more →

In today’s dynamic threat landscape, Threat Intelligence (TI) feeds have become a must-have for Security Operations Centers (SOCs). Whether free or paid, they offer vital insights helping teams identify threats, develop detection rules, enrich alerts, and accelerate incident response.   Threat intelligence feeds…

Read more →

A sophisticated new wave of phishing attacks is exploiting Microsoft SharePoint’s trusted platform to bypass traditional security measures, representing a significant evolution in cyberthreat tactics. These attacks leverage SharePoint’s inherent legitimacy within corporate environments to deceive users into believing they…

Read more →

SQL injection represents one of the most persistent and dangerous web application vulnerabilities, consistently ranking among the top security threats in the OWASP Top 10.  This comprehensive technical guide explores the mechanics of SQL injection attacks, demonstrates practical exploitation techniques,…

Read more →

Qpoint has released Qtap, an open-source eBPF agent for monitoring network traffic in Linux systems. It hooks into TLS/SSL functions to capture data before and after encryption, showing unencrypted traffic with details like process, container, host, user, and protocol. Qtap…

Read more →

Linux servers power much of our digital infrastructure, from corporate intranets to cloud services. Their security is paramount in today’s threat landscape. This comprehensive hardening guide provides concrete steps to secure your Linux servers against various attack vectors, complete with…

Read more →

A critical security vulnerability has been discovered in SAP NetWeaver Application Server for ABAP that allows authenticated attackers to bypass standard authorization checks and escalate their privileges within enterprise systems.  The vulnerability, tracked as CVE-2025-42989 and assigned a CVSS score…

Read more →

Fortinet, a leading provider of cybersecurity solutions, has recently addressed a significant security vulnerability, CVE-2023-42788, classified as an OS command injection issue under CWE-78. This vulnerability affects multiple products earlier including FortiManager, FortiAnalyzer, and today Fortinet confirmed that the vulnerability…

Read more →

Ivanti has issued urgent security updates for its Workspace Control platform after discovering three high-severity vulnerabilities that could allow attackers to decrypt stored SQL credentials. The company released patches addressing these security flaws, which affect versions 10.19.0.0 and earlier of…

Read more →

Active Directory (AD) serves as the backbone of enterprise authentication and authorization, making it a prime target for cybercriminals. According to Microsoft’s Digital Defense Report 2022, 98% of organizations hit by cyberattacks had no privilege isolation in Active Directory via…

Read more →

A significant data breach involving personal information from hundreds of Canva Creators program participants, exposed through an unsecured AI chatbot database operated by a Russian company.  The incident highlights emerging security vulnerabilities in the rapidly expanding artificial intelligence supply chain.…

Read more →

A critical security vulnerability has been discovered in ISPConfig version 3.2 build 12p1 that allows authenticated remote users to escalate their privileges to superadmin status and subsequently execute arbitrary PHP code on affected systems.  The vulnerability, identified by an independent…

Read more →

The cybersecurity landscape continues to face persistent threats from sophisticated Advanced Persistent Threat (APT) groups, with one particularly active campaign drawing significant attention from security researchers. The Librarian Ghouls APT group, also operating under the aliases “Rare Werewolf” and “Rezet,”…

Read more →

A severe security vulnerability, designated as CVE-2025-48757, has been discovered in Lovable’s implementation of Row Level Security (RLS) policies, allowing attackers to bypass authentication controls and inject malicious data into applications built on the platform.  The vulnerability, first identified on…

Read more →

A critical memory leak vulnerability in the DanaBot malware’s command and control infrastructure has exposed sensitive operational data belonging to cybercriminals, revealing threat actor identities, cryptographic keys, and victim information spanning nearly three years of malicious operations. The vulnerability, dubbed…

Read more →

A critical security vulnerability affecting Roundcube webmail installations has exposed over 84,000 systems worldwide to remote code execution attacks. The vulnerability, tracked as CVE-2025-49113, allows authenticated users to execute arbitrary code remotely, presenting a significant security risk to organizations relying…

Read more →

A severe security vulnerability has been identified in ManageEngine Exchange Reporter Plus that could allow attackers to execute arbitrary commands on target servers.  Designated as CVE-2025-3835, this critical remote code execution vulnerability affects all Exchange Reporter Plus installations with build…

Read more →

CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild.  The vulnerability, tracked as CVE-2025-32433, enables attackers to achieve unauthenticated remote code execution on affected systems, prompting its…

Read more →

SAP released its monthly Security Patch Day update addressing 14 critical vulnerabilities across multiple enterprise products.  The comprehensive security update includes patches addressing critical authorization bypass issues and cross-site scripting vulnerabilities, with CVSS scores ranging from 3.0 to 9.6.  Organizations…

Read more →

A critical security vulnerability in Google’s account recovery system allowed malicious actors to obtain the phone numbers of any Google user through a sophisticated brute-force attack, according to a disclosure by a BruteCat security researcher published this week. The vulnerability,…

Read more →

Sensata Technologies, Inc., a prominent industrial technology company based in Attleboro, Massachusetts, has disclosed a significant cybersecurity incident that compromised the personal information of hundreds of individuals.  The external system breach, classified as a hacking incident, occurred on March 28,…

Read more →

A critical security vulnerability in Google’s account recovery system allowed malicious actors to obtain the phone numbers of any Google user through a sophisticated brute-force attack, according to a disclosure by a BruteCat security researcher published this week. The vulnerability,…

Read more →

Ransomware operators have increasingly turned to a sophisticated new malware tool called Skitnet, also known as “Bossnet,” to enhance their post-exploitation capabilities and evade traditional security measures. First emerging on underground cybercrime forums in April 2024, this multi-stage malware has…

Read more →

A comprehensive analysis of the Bitter espionage group has revealed eight years of sustained cyber operations employing increasingly sophisticated custom-developed malware tools designed to evade detection while conducting intelligence gathering activities. The threat actor, also known as TA397, has demonstrated…

Read more →

Chinese state-sponsored hackers launched sophisticated reconnaissance operations against cybersecurity giant SentinelOne’s infrastructure in October 2024, representing part of a broader campaign targeting over 70 organizations worldwide. The previously undisclosed attacks, detailed in a comprehensive report released by SentinelLabs on June…

Read more →

A recent campaign by Chinese state-sponsored threat actor APT41 has unveiled a novel exploitation of Google Calendar for malware command-and-control (C2) operations, marking a significant escalation in cyberespionage tactics. The group, tracked under aliases including BARIUM and Brass Typhoon, targeted…

Read more →

Google’s latest comprehensive survey reveals a concerning surge in cybercriminal activities targeting American users, with over 60% of U.S. consumers reporting a noticeable increase in scam attempts over the past year. The technology giant’s collaboration with Morning Consult has unveiled…

Read more →

Cybersecurity researchers have identified a sophisticated new remote access trojan called DuplexSpy RAT that enables attackers to establish comprehensive surveillance and control over Windows systems. This multifunctional malware represents a growing trend in modular, GUI-driven threats that significantly lower the…

Read more →

A sophisticated new malware campaign has emerged targeting Windows systems through an elaborate social engineering scheme involving backdoored gaming software. The Blitz malware, first identified in late 2024 and evolving through 2025, represents a concerning trend of cybercriminals exploiting gaming…

Read more →

A sophisticated supply chain attack has compromised 16 popular React Native packages with over one million combined weekly downloads, marking a significant escalation in ongoing NPM ecosystem threats. The attack, which began on June 6th, 2025, systematically backdoored packages within…

Read more →

Real-time threat monitoring through Security Information and Event Management (SIEM) tools has become crucial for organizations seeking to defend against sophisticated cyberattacks. Real-time threat detection refers to the ability to identify and respond to cyber threats as they occur, minimizing…

Read more →

Security researchers have uncovered a disturbing new threat in the npm ecosystem where malicious packages masquerade as legitimate utilities while harboring destructive backdoors capable of wiping entire production environments. These packages represent a significant escalation from traditional credential theft or…

Read more →

If you’re shopping around for cybersecurity solutions in 2025, you’re probably feeling a little overwhelmed and not sure where to turn. Not only are there more attacks than ever before (and more sophisticated), but there are a wide range of…

Read more →

Security researchers at Akamai have discovered active exploitation of a critical remote code execution vulnerability in Wazuh servers, marking the first reported in-the-wild attacks against the open-source security platform since the flaw’s disclosure earlier this year. The vulnerability, tracked as…

Read more →

Major grocery distributor takes systems offline following security breach, disrupting supply chain operations. United Natural Foods, Inc. (UNFI), one of North America’s largest wholesale food distributors, is grappling with a significant cyberattack that has forced the company to halt critical…

Read more →

OpenAI has disrupted a sophisticated network of state-sponsored threat actors from Russia, Iran, and China who were exploiting ChatGPT to conduct cyber operations, influence campaigns, and malware development.  The artificial intelligence company’s latest threat intelligence report, released in June 2025,…

Read more →

A sophisticated tracking method employed by Meta (Facebook) and Yandex that potentially affected billions of Android users through covert web-to-app communications via localhost sockets.  The technique allowed native Android apps, including Facebook and Instagram, to silently receive browser metadata, cookies,…

Read more →

Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,Browser total is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing,…

Read more →

A sophisticated scam operation dubbed “GhostVendors” that exploits over 4,000 fraudulent domains to impersonate dozens of major brands and defraud consumers through fake online marketplaces. Silent Push Threat Analysts revealed this massive campaign targets social networks, major brands, advertising companies,…

Read more →

North Korean state-sponsored hackers from the notorious Kimsuky group have launched a sophisticated multi-platform campaign targeting users across Facebook, email, and Telegram platforms between March and April 2025. The Advanced Persistent Threat (APT) operation, dubbed the “Triple Combo” attack, represents…

Read more →

Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,Browser total is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing,…

Read more →

A new wave of cyberattacks has emerged targeting critical infrastructure through the exploitation of Fortigate security appliance vulnerabilities, with threat actors successfully deploying the notorious Qilin ransomware across multiple organizations. This sophisticated campaign leverages specific Common Vulnerabilities and Exposures (CVEs)…

Read more →

Windows 11’s latest 24H2 update has inadvertently broken a widely-used malware evasion technique known as the Lloyd Labs self-delete method, forcing cybersecurity professionals and threat actors alike to adapt their tools and techniques for the new operating system environment. The…

Read more →

Digital forensics has become an indispensable component of modern cybersecurity operations, enabling investigators to extract, analyze, and preserve digital evidence during security incidents. The sophisticated landscape of cyber threats demands equally advanced forensic methodologies that can rapidly identify attack vectors,…

Read more →

A critical cross-site scripting (XSS) vulnerability in the popular Jenkins Gatling Plugin allows attackers to bypass Content-Security-Policy (CSP) protections.  The vulnerability, tracked as CVE-2025-5806, affects Gatling Plugin version 136.vb_9009b_3d33a_e and poses significant risks to Jenkins environments utilizing this performance testing…

Read more →

Arkana Security Group claims to have successfully gained access to Ticketmaster’s database infrastructure and exfiltrated massive volumes of sensitive customer data. The threat actors have reportedly announced their intentions to sell comprehensive datasets containing ticket sales records, payment methodologies, customer…

Read more →

A critical zero-day vulnerability discovered in Salesforce‘s default controller has exposed millions of user records across thousands of deployments worldwide.  The security flaw, found in the built-in aura://CsvDataImportResourceFamilyController/ACTION$getCsvAutoMap controller, allowed attackers to extract sensitive user information and document details through…

Read more →

A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems.  This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing…

Read more →

A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The vulnerability, tracked as CVE-2025-32756, carries a maximum CVSS score of 9.8 and enables unauthenticated remote…

Read more →

Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike. Kali GPT represents a significant breakthrough in the integration of…

Read more →

A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics,…

Read more →

Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional…

Read more →

A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools…

Read more →

A sophisticated cyber attack campaign has emerged targeting Ukraine’s critical infrastructure, utilizing a previously unknown destructive malware variant that researchers have designated “PathWiper.” This latest threat represents a significant escalation in the ongoing cyber warfare landscape, demonstrating advanced capabilities designed…

Read more →

Cybercriminals are exploiting the growing demand for artificial intelligence solutions by disguising ransomware within legitimate-looking AI business tools, according to recent security research. This emerging threat specifically targets small businesses and entrepreneurs seeking to integrate AI capabilities into their operations,…

Read more →

DragonForce, a sophisticated ransomware operation that emerged in fall 2023, has established itself as a formidable threat in the cybercriminal landscape by claiming over 120 victims across the past year. Unlike traditional ransomware-as-a-service models, this threat actor has evolved into…

Read more →

A sophisticated new social engineering attack campaign has emerged that exploits users’ familiarity with routine security checks to deliver malware through deceptive Cloudflare verification pages. The ClickFix attack technique represents a concerning evolution in phishing methodology, abandoning traditional file downloads…

Read more →

Korean cybersecurity researchers have uncovered a sophisticated malware campaign targeting cryptocurrency users worldwide, with ViperSoftX emerging as a persistent threat that continues to evolve its attack methodologies. First identified by Fortinet in 2020, this malware has demonstrated remarkable longevity and…

Read more →

A significant security vulnerability affecting millions of Chrome extension users has been discovered, revealing widespread exposure of sensitive API keys, secrets, and authentication tokens directly embedded in extension code. This critical flaw stems from developers hardcoding credentials into their JavaScript…

Read more →

To combat malicious actors across Europe, Microsoft has introduced a comprehensive European Security Program designed to tackle sophisticated cybercriminal networks targeting European infrastructure. Announced in Berlin on June 4, 2025, the initiative specifically targets ransomware groups and state-sponsored threat actors…

Read more →

The United States Department of State’s Rewards for Justice program has announced a substantial bounty of up to $10 million for information leading to the identification or location of individuals involved in malicious cyber activities against U.S. critical infrastructure. The…

Read more →

A sophisticated new variant of the BADBOX malware has successfully compromised over one million Android devices across multiple continents, representing one of the most significant mobile security breaches of 2025. This advanced persistent threat demonstrates enhanced evasion capabilities and has…

Read more →

Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse directories, and access sensitive information.  The vulnerabilities affect versions prior to 7.15.0.646 and pose significant risks to enterprise infrastructure management…

Read more →

A sophisticated Iranian cyberespionage group has maintained undetected access to government networks across Iraq and the Kurdistan Regional Government for nearly eight years, representing one of the longest-running advanced persistent threat campaigns in the Middle East. The group, designated as…

Read more →

A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was…

Read more →

A sophisticated malware campaign has emerged targeting macOS users through typo-squatted domains mimicking Spectrum, the major U.S. telecommunications provider. The attack employs a new variant of Atomic macOS Stealer (AMOS) disguised as a CAPTCHA verification system, demonstrating cybercriminals’ evolving tactics…

Read more →

CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome’s V8 JavaScript engine that is being actively exploited by cybercriminals to execute arbitrary code on victims’ systems. On June 5, 2025, CISA added CVE-2025-5419 to its…

Read more →

A sophisticated malware campaign targeting Latin American users has emerged as a significant threat to the region’s banking sector, with cybercriminals deploying the DCRat banking trojan through elaborate phishing schemes designed to steal financial credentials. The malicious operations, which have…

Read more →

A sophisticated cybercriminal group known as SCATTERED SPIDER has emerged as one of the most dangerous threats facing organizations today, demonstrating an alarming ability to bypass multi-factor authentication through cunning social engineering tactics targeting IT support teams. This threat actor,…

Read more →

Cybercriminals have successfully circumvented Google’s Android 13 security enhancements designed to prevent malicious applications from abusing accessibility services, according to recent threat intelligence findings. The tech giant implemented these restrictions specifically to block accessibility access for sideloaded applications, a measure…

Read more →

A significant vulnerability in Cisco’s Integrated Management Controller (IMC) that allows malicious actors to gain elevated privileges and access internal services without proper authorization.  This vulnerability poses substantial risks to enterprise networks relying on Cisco’s server management infrastructure, potentially enabling…

Read more →

The cybersecurity landscape faces a growing threat from sophisticated botnet operations targeting Internet of Things (IoT) devices, with recent developments highlighting the vulnerability of connected cameras and smart devices. While specific details about the Eleven11bot malware remain limited in publicly…

Read more →

Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code.  The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway…

Read more →

A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security.  Security researchers have identified a malicious plugin disguised as “wp-runtime-cache” that specifically targets users with administrative privileges,…

Read more →

In the high-stakes world of cybercrime, few tools have garnered as much attention as Lumma Infostealer. Emerging as a powerful malware-as-a-service (MaaS) offering, Lumma achieved notoriety for its wide-reaching impact on both individuals and enterprises. Its main function is to…

Read more →

Federal authorities have revealed that the notorious Play ransomware group has successfully breached approximately 900 organizations worldwide as of May 2025, marking a dramatic escalation in cybercriminal activity that has prompted an urgent security advisory from multiple government agencies. The…

Read more →

A recent analysis has identified ten advanced GPT models that are transforming the methodologies employed by hackers, penetration testers, and security analysts in 2025. These models are enhancing the precision and efficiency of security assessments, threat modeling, and vulnerability exploitation, thereby…

Read more →

A critical vulnerability in the popular network protocol analyzer Wireshark has been discovered, allowing attackers to trigger denial-of-service (DoS) attacks through packet injection or the use of malformed capture files. The security flaw, identified as CVE-2025-5601, affects millions of users…

Read more →

A sophisticated phishing technique that exploits Microsoft Outlook‘s HTML rendering capabilities to hide malicious links from corporate security systems while maintaining their effectiveness against end users.  The attack leverages conditional HTML statements to display different content depending on whether the…

Read more →

A critical vulnerability affecting its Identity Services Engine (ISE) when deployed on major cloud platforms, warning that proof-of-concept exploit code is now publicly available.  The flaw, tracked as CVE-2025-20286 with a CVSS score of 9.9, enables unauthenticated remote attackers to…

Read more →

Federal authorities have successfully dismantled BidenCash, one of the largest criminal marketplaces operating on both the dark web and the traditional internet.  In a coordinated law enforcement operation, approximately 145 domains associated with the platform were seized. The BidenCash marketplace…

Read more →

A comprehensive cybersecurity investigation has revealed alarming vulnerabilities in the rapidly expanding solar energy infrastructure, with nearly 35,000 solar power devices found exposed to internet-based attacks across 42 vendors worldwide. The discovery underscores growing security concerns as renewable energy systems…

Read more →

The North Korea-linked APT37 threat group has launched a sophisticated spear phishing campaign targeting South Korean activists and researchers focused on North Korean affairs, employing deceptive academic forum invitations to distribute malicious shortcut files through cloud-based infrastructure. The campaign, which…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through malicious browser extensions designed to steal sensitive banking credentials and financial data. The operation, dubbed “Operation Phantom Enigma,” represents a significant escalation in banking trojans’ evolution, utilizing browser…

Read more →

A massive data breach involving AT&T, with hackers allegedly leaking personal information of 86 million customers. Hackers claimed to have successfully decrypted previously protected Social Security numbers and released the information on cybercrime forums. The breach, first posted on May…

Read more →

A sophisticated new Android banking Trojan named Crocodilus has emerged as a significant global threat, demonstrating advanced device-takeover capabilities that grant cybercriminals unprecedented control over infected smartphones. First discovered in March 2025, this malware has rapidly evolved from localized test…

Read more →

Business Email Compromise (BEC) attacks don’t need malware to do damage. All it takes is one convincing message; a fake login prompt, a cleverly disguised link, and an employee’s credentials are gone. From there, attackers can quietly access inboxes, exfiltrate…

Read more →

Anat Heilper is redefining what it means to be a technical leader in AI, not by following the path but by architecting it from the ground up. Having served in key boundary-pushing roles such as the Director of AI and…

Read more →

Google has announced plans to remove two Certificate Authorities (CAs) from Chrome’s Root Store due to ongoing security concerns.  The Chrome Root Program and Security Team revealed that Chunghwa Telecom and Netlock will no longer be trusted by default in…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign that weaponizes users’ trust in routine internet verification processes to deliver malicious payloads. The scheme exploits familiar “prove you are human” prompts, transforming seemingly innocent website interactions into vectors for malware distribution…

Read more →

Windows authentication coercion attacks continue to pose substantial risks to enterprise Active Directory environments in 2025, despite Microsoft’s ongoing efforts to implement protective measures.  These sophisticated attacks allow threat actors with minimal privileges to gain administrative access to Windows workstations…

Read more →

Multiple severe vulnerabilities in IBM QRadar Suite Software that could allow attackers to access sensitive configuration files and compromise enterprise security infrastructures.  The most severe vulnerability, tracked as CVE-2025-25022, carries a CVSS base score of 9.6 and enables unauthenticated users…

Read more →

Aembit, the workload identity and access management (IAM) company, today announced its inclusion in Rising in Cyber 2025, an independent list launched by Notable Capital to spotlight the 30 most promising cybersecurity startups shaping the future of security. Unlike traditional rankings,…

Read more →

A sophisticated new security feature has been released by Firefox designed to automatically identify and neutralize malicious browser extensions before they can compromise user data. The implementation comes as crypto wallet scams continue to surge globally, with the FBI reporting…

Read more →