Tag: Cyber Security News

Security researchers have published detailed proof-of-concept (PoC) analysis for a critical zero-day vulnerability affecting multiple Fortinet products, as threat actors continue to exploit the flaw in real-world attacks actively. The vulnerability, tracked as CVE-2025-32756, represents a significant security risk with…

Read more →

The Gujarat Anti-Terrorism Squad (ATS) has arrested an 18-year-old and a minor for orchestrating over 50 coordinated cyberattacks on Indian government websites during the recent military ‘Operation Sindoor’.  The main accused, Jasim Shahnawaz Ansari from Nadiad in Gujarat’s Kheda district,…

Read more →

Security researchers have unveiled significant vulnerabilities in .NET desktop applications that utilize CefSharp, a popular framework for embedding Chromium browsers within desktop applications, exposing millions of enterprise applications to potential remote code execution attacks. CefSharp, a lightweight .NET wrapper around…

Read more →

In a sophisticated cybersecurity attack uncovered this week, Russian threat actors have been observed exploiting multiple cloud service providers to deliver the notorious Lumma Stealer malware. The campaign utilizes legitimate cloud infrastructure—including Oracle Cloud Infrastructure (OCI), Scaleway Object Storage, and…

Read more →

Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities.  The flaws include authentication bypass vulnerabilities that can be chained to achieve remote code execution and complete system compromise.  Despite…

Read more →

GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service (DoS) attacks.  The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps…

Read more →

A sophisticated cyber threat group designated as UAT-6382 has been actively exploiting a critical zero-day vulnerability in Cityworks, a popular asset management system used by local governments across the United States. The vulnerability, tracked as CVE-2025-0994, allows remote code execution…

Read more →

Cisco disclosed a security vulnerability (CVE-2025-20255) affecting its Webex Meetings service that could allow remote attackers to manipulate cached HTTP responses.  The vulnerability, assigned a CVSS score of 4.3 (Medium severity), stems from improper handling of malicious HTTP requests in…

Read more →

A critical security vulnerability has been discovered in Netwrix Password Secure, an enterprise password management solution, allowing authenticated attackers to execute arbitrary code on victim machines. The vulnerability, identified as CVE-2025-26817, affects all versions of Netwrix Password Secure up to…

Read more →

In a troubling development for the JavaScript ecosystem, security researchers have discovered a sophisticated campaign targeting popular frameworks through weaponized npm packages. These malicious packages, which have accumulated over 6,200 downloads, masquerade as legitimate plugins and utilities while secretly containing…

Read more →

Cybersecurity researchers have identified a new infostealer malware called “ZeroCrumb” that was recently distributed through GitHub repositories. This sophisticated malware specifically targets browser cookies from popular browsers including Chrome, Brave, and Edge, enabling attackers to steal sensitive user authentication data…

Read more →

A zero-day vulnerability in the Linux kernel was discovered, utilizing OpenAI’s o3 model. This finding, assigned CVE-2025-37899, marks a significant advancement in AI-assisted vulnerability research. The vulnerability, officially confirmed on May 20, 2025, affects the ksmbd component of the Linux…

Read more →

In a concerning development that highlights the evolving tactics of threat actors, cybercriminals have begun exploiting the popularity of TikTok to distribute sophisticated information-stealing malware. This new campaign specifically delivers Vidar and StealC infostealers by tricking users into executing malicious…

Read more →

Google has released an urgent security update for Chrome after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code remotely on users’ systems.  The most critical flaw, a “Use after free” vulnerability in the browser’s Compositing system,…

Read more →

Microsoft is currently investigating an issue affecting Exchange Online, where some users in Australia are experiencing significant delays in sending and receiving emails. The problem, first acknowledged on May 22, 2025, has led to disruptions for businesses and individuals relying…

Read more →

A novel process injection technique that effectively bypasses leading Endpoint Detection and Response (EDR) solutions by focusing solely on execution primitives, eliminating the need for memory allocation or writing operations that typically trigger security alerts.  Dubbed “CONTEXT-Only Attack Surface,” this…

Read more →

In a significant cybersecurity incident that could potentially affect millions of consumers, two notorious hacking groups have claimed responsibility for separate breaches of Coca-Cola systems. According to posts on dark web forums, the Everest ransomware group has reportedly compromised internal…

Read more →

Cisco disclosed a high-severity vulnerability affecting its Identity Services Engine (ISE) that could allow unauthenticated remote attackers to cause a denial of service condition.  The vulnerability, identified as CVE-2025-20152, received a CVSS score of 8.6, reflecting its serious potential impact…

Read more →

A sophisticated campaign targeting Solidity developers has emerged, utilizing Visual Studio Code’s popularity and extension ecosystem as an attack vector. Threat actors have deployed trojanized extensions that masquerade as developer utilities while secretly exfiltrating cryptocurrency wallet credentials and other sensitive…

Read more →

A critical vulnerability in Windows Server 2025 that enables attackers to compromise any user in Active Directory, including highly privileged accounts. Dubbed “BadSuccessor,” this attack exploits a feature called delegated Managed Service Accounts (dMSA) and works by default in environments…

Read more →

In a coordinated global operation announced on May 21, 2025, law enforcement and cybersecurity partners have successfully disrupted the infrastructure behind Lumma Stealer, one of the most prolific information-stealing malware operations targeting users worldwide. The Justice Department, in conjunction with…

Read more →

A massive wave of targeted social engineering attacks has been hitting Coinbase users since early 2025, with scammers exploiting insider access to obtain sensitive customer data. Unlike traditional technical breaches, these attacks leverage psychological manipulation to trick users into voluntarily…

Read more →

A high-severity vulnerability in the BIND DNS server software was recently disclosed that allows attackers to crash DNS servers by sending just a single malicious packet.  The Internet Systems Consortium (ISC) released BIND versions 9.18.37, 9.20.9, and 9.21.8 on May…

Read more →

A high-severity cross-site scripting (XSS) vulnerability in Grafana could allow attackers to redirect users to malicious websites.  The vulnerability, tracked as CVE-2025-4123 received a CVSS score of 7.6 (HIGH), allows attackers to exploit client path traversal and open redirect to…

Read more →

ThreatBook, a global leader cyber threat and response solutions backed by threat intelligence and AI, has been recognized as a notable vendor in Forrester’s Network Analysis And Visibility Solutions Landscape, Q2 2025 report. This marks a major milestone in ThreatBook’s…

Read more →

Cybersecurity experts have identified a sophisticated new malware strain that combines a Monero cryptocurrency miner with an advanced backdoor component, presenting a significant threat to organizational security. The malware leverages PyBitmessage, an implementation of the Bitmessage protocol designed for peer-to-peer…

Read more →

A sophisticated malware campaign has emerged targeting mobile device users through Progressive Web Applications (PWAs), representing an alarming shift in attack methodology. Security researchers have identified a coordinated effort originating from China that exploits third-party JavaScript injections to redirect unsuspecting…

Read more →

A sophisticated search engine optimization (SEO) poisoning attack has emerged, targeting employees through their mobile devices with fake login pages that mimic legitimate corporate portals. The attack, which has already affected organizations in the manufacturing sector, enables hackers to steal…

Read more →

A sophisticated self-replicating malware strain targeting Docker environments has been discovered propagating across insecurely published Docker APIs. This “zombie” malware, observed in May 2025, autonomously infects Docker containers and transforms them into cryptomining nodes while simultaneously scanning for new victims…

Read more →

A groundbreaking study has uncovered approximately 150,000 industrial control systems (ICS) exposed to the public internet across the globe, raising significant cybersecurity concerns for critical infrastructure worldwide. This extensive research, published in 2024, reveals that these vulnerable systems span 175…

Read more →

A sophisticated network of 71 fraudulent websites impersonating a major German discount retailer has been uncovered, revealing an elaborate scheme designed to steal payment information and personal data from unsuspecting consumers. These sites employ typosquatting techniques, using domain names that…

Read more →

A sophisticated information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to Windows users, with initial detections dating back to April 2025. This .NET-based malware specifically targets stored credentials in web browsers and authentication tokens from popular messaging applications,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners, released a joint advisory today warning that Russian military intelligence hackers are targeting Western logistics companies and technology…

Read more →

PowerDNS has released a critical update to address a high-severity vulnerability in its DNS proxy and load balancer, DNSdist, that could allow unauthenticated attackers to cause service disruptions through specially crafted TCP connections.  The vulnerability, tracked as CVE-2025-30193 with a…

Read more →

Microsoft’s upcoming Administrator protection feature for Windows 11 represents a significant architectural overhaul of Windows security, designed to combat the growing threat of privilege escalation attacks.  This new security layer addresses the vulnerabilities associated with traditional administrator accounts by implementing…

Read more →

In a concerning revelation from the latest IBM X-Force 2025 Threat Intelligence Index, approximately one-third of cyber attacks now involve highly sophisticated techniques aimed at stealing login credentials rather than employing traditional brute-force hacking methods. The report highlights that 30%…

Read more →

After nearly a week of disrupted services, Wisconsin-based telecommunications provider Cellcom has officially confirmed that a cyberattack is responsible for the ongoing service outage affecting thousands of customers across its network.  The incident, which began on Wednesday, May 14, has…

Read more →

A significant development in the cybercriminal landscape occurred on May 20, 2025, when the VanHelsing ransomware-as-a-service (RaaS) operation publicly released its source code after an alleged former developer attempted to sell it on the RAMP cybercrime forum.  Security researchers have…

Read more →

Managed Security Service Providers (MSSPs) face constant pressure to deliver accurate detection, fast response, and efficient training without overloading their teams. With cyberattacks becoming more complex and evasive, the right tools can make all the difference. Let’s explore how fully…

Read more →

In a sophisticated campaign targeting high-level government institutions across South Asia, the SideWinder Advanced Persistent Threat (APT) group has been leveraging years-old Microsoft Office vulnerabilities to deliver malware while evading detection. The threat actors are specifically targeting organizations in Sri…

Read more →

In May 2025, the cybersecurity community was granted an unprecedented glimpse into the operations of one of the world’s most notorious ransomware groups when LockBit themselves fell victim to a data breach. The leaked information, made available via a Tor…

Read more →

Microsoft Deployment Toolkit (MDT) shares, an often-overlooked infrastructure component, can be a goldmine of credentials for attackers. A new report published by TrustedSec highlights how red teams can easily extract domain administrator credentials from misconfigured MDT deployments, potentially leading to…

Read more →

Atlassian has released its May 2025 Security Bulletin, disclosing eight high-severity vulnerabilities affecting multiple Data Center and Server products.  The security flaws, discovered through the company’s Bug Bounty program, penetration testing, and third-party library scans, could expose enterprise systems to…

Read more →

A sophisticated campaign involving more than 100 malicious Chrome browser extensions has been discovered targeting users worldwide since February 2024. These malicious extensions employ a deceptive dual-functionality approach, appearing to work as advertised while secretly connecting to attacker-controlled servers to…

Read more →

A 19-year-old Massachusetts college student has agreed to plead guilty to a series of federal charges stemming from a sophisticated cyberattack and extortion scheme targeting PowerSchool, the leading student information system provider for K-12 schools in North America.  The breach,…

Read more →

Kettering Health, a major hospital network operating 14 medical centers across Ohio, confirmed Tuesday it has fallen victim to a ransomware attack that triggered a comprehensive technology failure across its facilities.  The cyberattack, which occurred on May 20, 2025, has…

Read more →

Security researchers have uncovered a sophisticated attack vector that allows threat actors to exploit serverless computing services offered by Google Cloud Platform (GCP) to execute malicious commands. The vulnerability, dubbed “function confusion,” enables attackers to leverage package installation scripts within…

Read more →

In a sophisticated cyberattack campaign uncovered in early 2025, threat actors created counterfeit versions of popular AI image generation platform Kling AI to deliver malware to unsuspecting users. Kling AI, which has amassed over 6 million users since its June…

Read more →

A critical security vulnerability has been identified in numerous Lexmark printer models that could allow attackers to execute arbitrary code remotely.  Designated as CVE-2025-1127, this critical flaw affects the embedded web server in various Lexmark devices and poses significant risks…

Read more →

Palo Alto Networks has disclosed a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-0133, affecting the GlobalProtect gateway and portal features of its PAN-OS software.  The flaw enables execution of malicious JavaScript in authenticated Captive Portal user browsers when victims…

Read more →

A sophisticated phishing campaign targeting Microsoft Office 365 users has emerged, combining several advanced techniques to evade detection and harvest credentials. The attack, identified in early April 2025, leverages encrypted HTML files, content delivery networks (CDNs), and malicious npm packages…

Read more →

Multiple vulnerabilities in Foscam X5 IP cameras allow remote attackers to execute arbitrary code without authentication.  The flaws, disclosed on May 21, 2025, affect the UDTMediaServer component in Foscam X5 version 2.40 and prior firmware releases.  Despite repeated attempts to…

Read more →

Security researchers have identified a sophisticated threat actor named “Hazy Hawk” that’s hijacking abandoned cloud resources from high-profile organizations worldwide to distribute scams and malware. Active since at least December 2023, the group exploits DNS misconfigurations to take control of…

Read more →

The More_Eggs malware, a sophisticated JavaScript backdoor operated by the financially motivated Venom Spider (also known as Golden Chickens) threat group, has emerged as a significant threat to corporate environments. This backdoor is particularly concerning as it’s distributed through a…

Read more →

A sophisticated campaign by the Kimsuky Advanced Persistent Threat (APT) group has been identified, utilizing elaborate PowerShell payloads to deliver the dangerous XWorm Remote Access Trojan (RAT). This North Korean-linked threat actor has evolved its tactics, leveraging heavily obfuscated PowerShell…

Read more →

A new sophisticated Linux cryptojacking campaign called RedisRaider has emerged, targeting vulnerable Redis servers across the internet. This aggressive malware exploits misconfigured Redis instances to deploy cryptocurrency mining software, effectively turning compromised systems into digital mining farms for the attackers.…

Read more →

As iPhones become the central hub for personal and professional life, Apple’s iCloud service has grown indispensable for millions of users. iCloud seamlessly syncs photos, contacts, documents, and backups across devices, but this convenience also makes it a prime target…

Read more →

Cybersecurity experts have identified a new attack vector where threat actors are deploying malicious Python packages that exploit social media platforms’ internal APIs to validate stolen credentials. These packages, published on the Python Package Index (PyPI), specifically target TikTok and…

Read more →

As Android continues to dominate the global smartphone market, the platform’s open nature and vast app ecosystem remain both a strength and a vulnerability. In 2025, app-based threats on Android devices are more sophisticated than ever, targeting users through malware,…

Read more →

Apple’s Lockdown Mode offers an extreme security level for users who may be targeted by sophisticated cyberattacks. While most iPhone users will never need this feature, knowing how to activate it could be crucial for those at higher risk of…

Read more →

Microsoft is set to roll out a new OneDrive feature that will prompt users to sync their personal Microsoft accounts with their corporate OneDrive accounts on Windows devices. While designed to streamline file access, this update has raised significant security…

Read more →

As Android continues to dominate the global mobile operating system market with a 71.65% share, its security landscape has evolved to address escalating cyber threats. In 2025, enterprises and individual users face sophisticated challenges, from ransomware targeting corporate fleets to…

Read more →

A sophisticated malware campaign targeting Russian businesses has intensified significantly in 2025, with attackers leveraging weaponized RAR archives to deliver the dangerous PureRAT backdoor and PureLogs stealer. These attacks, which began in March 2023, have seen a fourfold increase in…

Read more →

In 2025, Android users will face an increasingly sophisticated malware landscape, with evolving threats that leverage artificial intelligence, advanced evasion techniques, and new attack vectors. Despite efforts to bolster security, research indicates that malware continues to pose significant risks to…

Read more →

Serviceaide, Inc. announced a significant data security breach affecting approximately 480,000 Catholic Health patients.  The incident, which occurred due to an improperly secured Elasticsearch database, exposed sensitive patient information for nearly seven weeks between September and November 2024.  Though no…

Read more →

When it comes to cyber threats, data alone isn’t enough. Security Operations Center (SOC) teams are flooded with indicators of compromise (IOCs), but without context, these signals often fall short of driving meaningful action.   Data only makes a difference when…

Read more →

CISA has recently expanded its Known Exploited Vulnerabilities (KEV) Catalog to include a significant security flaw affecting the MDaemon Email Server, tracked as CVE-2024-11182.  This vulnerability, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation, commonly known as…

Read more →

Broadcom’s VMware division has disclosed critical security vulnerabilities in its virtualization products, including a high-severity flaw that could allow authenticated users to execute arbitrary commands on affected systems. Today’s security advisory addresses four distinct vulnerabilities affecting multiple VMware products with…

Read more →

In an age where smartphones contain our most sensitive information, phishing attacks targeting iPhone users have surged dramatically. According to recent reports, phishing messages have increased by 202% in the second half of 2024, with credential-based phishing attacks skyrocketing by…

Read more →

Microsoft is introducing artificial intelligence capabilities directly into Windows 11’s File Explorer, allowing users to manipulate files without opening dedicated applications.  Announced in Windows 11 Insider Preview Build 26200.5603 (KB5058488) released to the Dev Channel on May 19, 2025, this…

Read more →

A critical security vulnerability discovered in the popular Motors WordPress theme has exposed approximately 22,000 websites to significant risk.  Security researchers have identified a privilege escalation vulnerability that allows unauthenticated attackers to take over administrative accounts, potentially compromising the entire…

Read more →

A sophisticated employment scam network linked to the Democratic People’s Republic of Korea (DPRK) has been identified targeting remote technology positions in Western companies. These threat actors are posing as Polish and US nationals to secure employment in engineering and…

Read more →

The phishing attack landscape continues to evolve in 2025, with cybercriminals using more sophisticated techniques to bypass security measures, emphasizing the need for phishing attack prevention. Phishing remains one of the most prevalent and damaging cyber threats facing organizations worldwide.…

Read more →

Adidas Korea has announced a security breach affecting customer data, marking the second major incident in the fashion industry targeting Korean consumers this month. The sportswear giant revealed that unauthorized access was gained through a third-party customer service provider, compromising…

Read more →

A sophisticated malware campaign leveraging search engine optimization (SEO) poisoning on Microsoft Bing has emerged, delivering the notorious Bumblebee malware to unsuspecting users. The campaign, identified in May 2025, specifically targets users searching for specialized software tools, demonstrating a concerning…

Read more →

The Tor Project has announced the release of Tor Browser 14.5.2, available since May 18, 2025. This latest version delivers important security updates to Firefox and addresses several bugs, continuing the organization’s commitment to providing robust privacy protection for users…

Read more →

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting Koishi chatbot users through a malicious npm package. The package, identified as “koishi-plugin-pinhaofa,” appears innocuous but contains a hidden data exfiltration mechanism that monitors all messages processed by the chatbot.…

Read more →

A severe privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation has allowed any caller to track the physical location of O2 customers without their knowledge or consent.  The flaw leaked detailed location metadata and device identifiers during normal…

Read more →

Major telecommunications networks across Spain have gone down early on Tuesday, May 20, 2025, following a network update by Spanish telecommunications giant Telefónica. The outage has affected fixed-line infrastructure and mobile services nationwide, with particularly severe disruptions reported in Madrid,…

Read more →

While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these…

Read more →

Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after…

Read more →

A sophisticated phishing campaign linked to Tycoon2FA is actively targeting Microsoft 365 users by employing an unusual URL manipulation technique. The attack leverages malformed URL prefixes with backslash characters (https:\$$ instead of the standard forward slashes (https://) to bypass security…

Read more →

A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose…

Read more →

Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution.  The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding…

Read more →

A secrete investigation by Progressive International, Expose Accenture, and the Movement Research Unit, dubbed the “Accenture Files,” has unveiled the pivotal role of Accenture, the world’s largest consultancy firm, in fueling a global surge toward surveillance, exclusion, and authoritarianism. The…

Read more →

A sophisticated phishing campaign exploiting the popularity of Zoom meetings has emerged, targeting corporate users with fake meeting invitations that appear to come from colleagues. The attack uses social engineering tactics to create a sense of urgency, prompting victims to…

Read more →

In 2025, cybercriminals are raising the stakes by deploying sophisticated malware that bypasses traditional security measures, using advanced malware evasion techniques. Recent data shows that over 2,500 ransomware attacks were reported in just the first half of 2024, averaging more…

Read more →

In a concerning development for cybersecurity professionals worldwide, a sophisticated Chinese advanced persistent threat (APT) group known as Mustang Panda has intensified its espionage campaigns across Europe, primarily targeting governmental institutions and maritime transportation companies. The group has been leveraging…

Read more →

A sophisticated new variant of information-stealing malware has been identified in the wild, representing an evolution of the previously documented Sharp Stealer. The Hannibal Stealer, as researchers have dubbed it, demonstrates advanced evasion capabilities and comprehensive data theft functionality, presenting…

Read more →

Recent cybersecurity reports reveal a significant rise in infostealer malware attacks, with these stealthy threats now accounting for nearly a quarter of all cyber incidents, highlighting the importance of protecting against infostealers. As organizations struggle to defend against this growing…

Read more →

A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented…

Read more →

In today’s digital landscape, cybercrime has undergone a dramatic transformation. No longer limited to skilled hackers, cyberattacks are now available to anyone with internet access and cryptocurrency, thanks to the rise of Cybercrime-as-a-Service (CaaS). This model has democratized cybercrime, creating…

Read more →

Security researchers have discovered a new technique to bypass Kernel Address Space Layout Randomization (KASLR) in Windows 11, potentially weakening a critical security feature designed to prevent attackers from reliably locating kernel components in memory. KASLR works by loading the…

Read more →

A newly identified phishing campaign deploys the Remcos Remote Access Trojan (RAT) using DBatLoader, leveraging a User Account Control (UAC) bypass technique involving mock trusted directories to evade security controls.  The attack chain employs obfuscated .cmd scripts, Windows Living Off…

Read more →

A sophisticated malware campaign utilizing multiple layers of AutoIT code has been discovered targeting Windows systems. The attack begins with a seemingly innocent executable file named “1. Project” that initiates a complex infection chain designed to deploy a Remote Access…

Read more →

Web Application Firewalls (WAFs) have been a critical defense mechanism protecting web applications from malicious traffic and attacks such as SQL Injection and Cross-Site Scripting (XSS).  Traditionally, WAFs relied heavily on pattern matching techniques using regular expressions (regex) or string…

Read more →

Eric Council Jr., a 26-year-old man from Huntsville, Alabama, was sentenced on May 16, 2025, to 14 months in federal prison followed by three years of supervised release for his role in the high-profile hacking of the U.S. Securities and…

Read more →

Ivanti has disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) solution. When chained together, these vulnerabilities allow attackers to execute unauthenticated remote code.  Security researchers have confirmed active exploitation in the wild, with the Shadowserver Foundation tracking nearly…

Read more →

Cyber attacks continue to plague organizations worldwide, with a staggering 67% of businesses reporting they faced at least one attack in the past year, according to the newly released Hiscox Cyber Readiness Report 2024. This marks the fourth consecutive annual…

Read more →