Tag: Cyber Security News

With a record-breaking 20.5 million Distributed Denial of Service (DDoS) attacks prevented in the first quarter alone, a 358% rise over the same period last year, Cloudflare has reported a historic spike in cyberattacks to start 2025. This explosive growth nearly equals…

Read more →

A sophisticated malware framework dubbed “Tsunami” has emerged as an active threat, targeting users through a multi-stage infection chain and deploying an extensive arsenal of credential stealing and cryptomining capabilities. Security researchers have linked this malware to the ongoing “Contagious…

Read more →

In a major cybersecurity breakthrough, law enforcement agencies from the UK and Netherlands have dismantled the notorious JokerOTP platform, a sophisticated phishing tool responsible for compromising financial accounts totaling £7.5 million across 13 countries. A 24-year-old man was arrested Tuesday…

Read more →

Microsoft has confirmed that its hotpatching feature for Windows Server 2025, which has been in preview since 2024, will transition to a paid subscription model starting July 1st, 2025.  The announcement, made by Janine Patrick, Windows Server Product Marketing Manager,…

Read more →

In the cold vastness of space, thousands of satellites orbit silently, providing critical infrastructure for global communications, navigation systems, and military operations. Yet these silent sentinels have increasingly become targets for sophisticated cyber attacks that threaten to plunge vital services…

Read more →

A significant vulnerability in the Linux kernel’s Virtual Socket (vsock) implementation, designated as CVE-2025-21756, has been identified that could allow local attackers to escalate privileges to root level.  Security researchers have confirmed that this flaw, which received a CVSS v3.1…

Read more →

A new sophisticated remote access trojan (RAT) has emerged as a significant threat to healthcare and pharmaceutical organizations worldwide. Dubbed ResolverRAT, this previously undocumented malware deploys advanced in-memory execution techniques and layered evasion methods to steal sensitive data while remaining…

Read more →

Cybersecurity researchers have uncovered a concerning cache of hacking tools, including SuperShell payloads and Cobalt Strike beacons, exposed in plain sight within open directories on the internet. This discovery highlights how threat actors sometimes inadvertently expose their arsenal while setting…

Read more →

The Apache Software Foundation disclosed a significant security vulnerability in Apache Tomcat that could allow attackers to bypass security rules and trigger denial-of-service conditions through manipulated HTTP priority headers.  Identified as CVE-2025-31650, this high-severity vulnerability affects multiple Tomcat versions, posing…

Read more →

Kali Linux users worldwide are facing an imminent disruption as the security-focused distribution has announced that the update process will fail for virtually all users in the coming days. The issue arises from a change in the repository signing key,…

Read more →

Senior members of the World Uyghur Congress (WUC) living in exile became targets of a sophisticated spearphishing campaign delivering Windows-based surveillance malware. The attack utilized a trojanized version of UyghurEditPP, a legitimate open-source word processing tool developed to support the…

Read more →

The cybersecurity landscape is witnessing a significant shift as threat actors increasingly leverage Ransomware as a Service (RaaS) platforms enhanced by sophisticated Endpoint Detection and Response (EDR) killers. Despite successful law enforcement operations against established ransomware gangs like LockBit, new…

Read more →

In a significant shift observed during the first quarter of 2025, cybersecurity experts have documented a dramatic surge in phishing attacks, with threat actors increasingly using this vector to gain access to valid user accounts. According to recent incident response…

Read more →

A new Ransomware-as-a-Service (RaaS) group called RansomHub emerged in the cybercriminal ecosystem, specializing in targeting high-profile organizations through sophisticated attack vectors. The group advertises its criminal services on the Russian Anonymous Market Place (RAMP), a notorious Dark Web forum known…

Read more →

China claims that the United States conducted a targeted cyberattack against one of its leading commercial encryption providers.  A newly released report from China’s National Computer Network Emergency Response Technical Team (CNCERT) alleges that U.S. intelligence agencies used advanced hacking…

Read more →

A significant surge in sophisticated cyber threats has emerged across Asia, with NSFOCUS Fuying Laboratory identifying 19 distinct Advanced Persistent Threat (APT) attack activities in March 2025. These coordinated campaigns primarily targeted organizations in South Asia and East Asia, with…

Read more →

A critical security vulnerability in SEIKO EPSON printer drivers for Windows has been identified, allowing malicious actors to execute arbitrary code with SYSTEM-level privileges.  The vulnerability, tracked as CVE-2025-42598, was published by JPCERT/CC on April 28, 2025, and affects a…

Read more →

BreachForums, a notorious cybercrime marketplace and successor to RaidForums, has confirmed that its platform was the target of a sophisticated law enforcement operation exploiting a previously unknown vulnerability, commonly referred to as a “0-day”, in the MyBB forum software.  The…

Read more →

SAP released an emergency out-of-band patch addressing CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer with the highest possible CVSS score of 10.0.  This vulnerability stems from a missing authorization check in the Metadata Uploader component, allowing unauthenticated…

Read more →

As Microsoft continues to refine Windows 11, new leaks and technical insights indicate that the upcoming 25H2 update, slated for release in September or October 2025, will likely be a minor iteration.  Unlike the more substantial updates seen in previous…

Read more →

A sophisticated new red team tool called RedExt has recently been released, combining a Manifest V3 Chrome extension with a Flask-based Command and Control (C2) server to create a powerful framework for authorized security operations.  This innovative tool enables comprehensive…

Read more →

A massive power outage struck the Iberian Peninsula on April 28, 2025, plunging millions of people into darkness as electricity supplies were suddenly cut across Spain and Portugal. Sources from the electric sector suggest a cyberattack is the most likely…

Read more →

The dark web has rapidly become a central hub for cybercriminal activity, where stolen data, compromised credentials, and malicious tools are traded with alarming frequency. For Chief Information Security Officers (CISOs), this shadowy underworld poses a persistent and evolving threat…

Read more →

ESET, a global leader in cybersecurity solutions, has announced a significant enhancement to its ESET Endpoint Management Platform (ESET PROTECT), unveiling a seamless integration with Splunk, one of the world’s leading security information and event management (SIEM) platforms. This move…

Read more →

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has revealed unprecedented financial damages from cyber threats in 2024. According to the FBI’s annual report, victims reported a staggering $16.6 billion (approximately ₹1.38 lakh crore) in losses, marking a…

Read more →

In an era where cyber threats are growing in sophistication and frequency, Chief Information Security Officers (CISOs) face immense pressure to select cybersecurity vendors that address immediate technical needs and align with broader business objectives. The rapid evolution of threats,…

Read more →

Significant security flaws have been discovered in React Router, a widely-used routing library for React applications, potentially allowing attackers to corrupt content, poison caches, and manipulate pre-rendered data.  The vulnerabilities, which impact applications running in Framework mode with server-side rendering…

Read more →

A critical vulnerability in the FastCGI library could allow attackers to execute arbitrary code on embedded devices.  The flaw, tracked as CVE-2025-23016 with a CVSS score of 9.3, affects all FastCGI fcgi2 (aka fcgi) versions 2.x through 2.4.4 and poses…

Read more →

Third-party vendors are indispensable to modern enterprises, offering specialized services, cost efficiencies, and scalability. However, they also introduce significant cybersecurity risks that can compromise sensitive data, disrupt operations, and damage organizational reputation. For Chief Information Security Officers (CISOs), effectively assessing…

Read more →

A sophisticated threat actor group, tracked as Storm-1977, has successfully compromised more than 200 containers and repurposed them for cryptocurrency mining operations, using a custom Command Line Interface (CLI) tool known as AzureChecker. The attacks primarily targeted cloud tenants in…

Read more →

A new threat actor is offering an enhanced version of HiddenMiner, a sophisticated cryptomining malware targeting Monero (XMR) cryptocurrency.  This customized tool, being sold on underground forums, combines advanced evasion techniques with an accessible user interface, potentially lowering the barrier…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow attackers to gain administrative control over affected devices without authentication.  The advisory details five vulnerabilities…

Read more →

The Internet of Things (IoT) has fundamentally transformed organizations’ operations, unlocking unprecedented efficiencies, insights, and innovation across industries. From healthcare to manufacturing, logistics to smart cities, billions of connected devices now collect, process, and transmit vast amounts of data in…

Read more →

Cybersecurity analysts have uncovered an open directory linked to the Fog ransomware group, revealing a comprehensive toolkit used by threat actors to compromise corporate networks. The directory, discovered in December 2024 and hosted at IP address 194.48.154.79:80, contains an arsenal…

Read more →

The cybersecurity insurance landscape is evolving rapidly, with premiums increasing as threats become more sophisticated and breaches more costly. Navigating this changing environment presents both challenges and opportunities for CISOs and security leaders. Recent industry data indicates that organizations implementing…

Read more →

A critical vulnerability in iOS could allow malicious applications to disable iPhones with just a single line of code permanently. The vulnerability, assigned CVE-2025-24091, leverages the operating system’s Darwin notifications system to trigger an endless reboot cycle, effectively “bricking” devices…

Read more →

Jeffrey Bowie, CEO of cybersecurity firm Veritaco, was arrested on April 14, 2025, facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly installing malware on computers at St. Anthony Hospital in Oklahoma City. The incident, which occurred on…

Read more →

Shadow Servers have identified 454 SAP NetWeaver systems vulnerable to a critical zero-day vulnerability that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-31324, allows unauthenticated attackers to upload malicious files to affected systems, potentially leading to…

Read more →

In today’s hyper-connected world, cyber threats are evolving at breakneck speed, making it more crucial than ever to stay informed and vigilant. Each week, our newsletter delivers a curated roundup of the most pressing news, expert insights, and actionable strategies…

Read more →

A recent security assessment by Shelltrail has uncovered three critical vulnerabilities in the IXON VPN client, potentially allowing attackers to escalate privileges on both Windows and Linux systems. Identified as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, these flaws expose users to local…

Read more →

In the ever-changing world of cybersecurity, organizations are constantly challenged to choose the right security operations model that best supports their penetration testing teams. The decision often comes down to selecting between traditional security operations and the more advanced Managed…

Read more →

In an era where digital identities have become the primary attack vector, CISOs face unprecedented pressure to secure access across increasingly complex ecosystems. Identity and Access Management (IAM) is no longer a siloed IT function but the cornerstone of organizational…

Read more →

Digital forensics and incident response (DFIR) have become fundamental pillars of modern cybersecurity. As cyber threats escalate in complexity and frequency, security leaders are increasingly aware that a reactive approach is no longer sufficient. Instead, organizations must integrate digital forensics…

Read more →

The role of the Chief Information Security Officer (CISO) has never been more critical. As organizations face a rapidly evolving threat landscape, CISOs must defend against cyberattacks and ensure compliance with a growing patchwork of regulations and standards. Cybersecurity frameworks…

Read more →

In an era of digital transformation and rising cyber threats, Building Trust Through Transparency has become a critical mission for the Chief Information Security Officer (CISO), who has evolved from a technical expert to a strategic leader responsible for protecting…

Read more →

A sophisticated phishing campaign dubbed “Power Parasites” has been actively targeting global energy giants and major brands since 2024, according to a comprehensive threat report released this week. The ongoing campaign primarily exploits the names and branding of prominent energy…

Read more →

Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue demonstrating remarkable adaptability in 2025. Two noteworthy ransomware operations, DragonForce and Anubis, have introduced innovative affiliate models designed to expand their reach and increase profitability…

Read more →

Social engineering has become the dominant attack vector in the modern cybersecurity landscape. As technical defenses evolve and strengthen, attackers have shifted their focus to the human element, exploiting psychological vulnerabilities to bypass even the most robust security systems. Studies…

Read more →

As the world becomes increasingly reliant on digital infrastructure, data centers have evolved into the backbone of business operations, cloud services, and critical government functions. With projections showing global data center capacity rising sharply over the next decade, the security…

Read more →

Extended Detection and Response (XDR) has emerged as a transformative security technology that unifies visibility across multiple security layers. When applied to penetration testing methodologies, XDR offers unprecedented capabilities for identifying vulnerabilities that might otherwise remain hidden. This article explores…

Read more →

As we navigate 2025, Chief Information Security Officers (CISOs) must prepare for the Top 5 Cybersecurity Risks emerging from a rapidly evolving threat landscape driven by technological advancements, geopolitical tensions, and increasingly sophisticated attacker tactics.” The role of CISOs has…

Read more →

According to security researchers at CERT Orange Cyberdefense, a critical remote code execution (RCE) vulnerability in Craft CMS is actively being exploited to breach servers and steal data. The vulnerability, tracked as CVE-2025-32432 and assigned a maximum CVSS score of…

Read more →

ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability, identified as CVE-2025-3935 and tracked under CWE-287 (Improper Authentication),…

Read more →

In a significant escalation of digital deception tactics, threat actors have registered over 26,000 domains in March 2025 alone, designed to impersonate legitimate brands and government services. These malicious domains serve as landing pages for sophisticated smishing (SMS phishing) campaigns,…

Read more →

A pair of newly discovered jailbreak techniques has exposed a systemic vulnerability in the safety guardrails of today’s most popular generative AI services, including OpenAI’s ChatGPT, Google’s Gemini, Microsoft’s Copilot, DeepSeek, Anthropic’s Claude, X’s Grok, MetaAI, and MistralAI. These jailbreaks,…

Read more →

In a concerning development that marks a significant escalation in cyber warfare tactics, Russian hackers have been detected attempting to infiltrate and sabotage the digital control system of a critical Dutch public service. The attack, identified in 2024, represents the…

Read more →

In a sophisticated operation that blends social engineering with cutting-edge technology, North Korean operatives have been leveraging generative artificial intelligence tools to secure remote technical positions in companies worldwide. These individuals create compelling digital personas, complete with fabricated credentials and…

Read more →

Managed service providers (MSPs) are increasingly popular cyberattack targets. These entities often have numerous endpoints and distributed networks that create many opportunities for adversaries seeking weaknesses to exploit. Security awareness training is just one aspect of defense efforts, but it…

Read more →

A sophisticated cyberattack campaign targeting vulnerable Microsoft SQL servers has been discovered, aiming to deploy remote access tools and privilege escalation malware. Security researchers have identified that threat actors are specifically exploiting poorly secured MS-SQL instances to install Ammyy Admin,…

Read more →

Google Chrome has faced a series of high-profile security incidents involving Use-After-Free (UAF) vulnerabilities, several of which have been actively exploited in the wild.  These flaws, rooted in improper memory management, have become a persistent threat vector for attackers seeking…

Read more →

A sophisticated new phishing toolkit named “SessionShark” has been specifically designed to circumvent Microsoft Office 365’s multi-factor authentication (MFA) protections. SessionShark is being marketed on underground forums as a turnkey phishing-as-a-service (PhaaS) solution. It enables even low-skilled threat actors to…

Read more →

In the first quarter of 2025, cybersecurity researchers documented an alarming surge in vulnerability exploitation, with 159 Common Vulnerabilities and Exposures (CVEs) being exploited in the wild. This remarkable figure represents a concerning trend as malicious actors continue to rapidly…

Read more →

The Federal Bureau of Investigation announced today an unprecedented $10 million reward for actionable intelligence leading to the identification and capture of key operatives behind the infamous Salt Typhoon cyber campaign.  This significant cybersecurity effort targets a sophisticated hacking group…

Read more →

A hacking collective identifying itself as R00TK1T has claimed responsibility for a massive data breach affecting TikTok, allegedly exposing the credentials of more than 900,000 users.  According to the group’s statements, they have released a sample of 927,000 TikTok user…

Read more →

Cybercriminals have dramatically evolved their phishing tactics, leveraging generative AI to create highly personalized and convincing attacks, according to the newly released ThreatLabz 2025 Phishing Report. The days of mass phishing campaigns have given way to hyper-targeted scams designed to…

Read more →

A sophisticated North Korean advanced persistent threat (APT) group known as “Contagious Interview” has established elaborate fake cryptocurrency consulting companies to target job seekers with specialized malware. The group, a subunit of the infamous North Korean state-sponsored Lazarus Group, has…

Read more →

A recent Microsoft security update, intended to patch a critical privilege escalation vulnerability, has inadvertently introduced a new and significant flaw.  The fix now enables non-administrative users to effectively block all future Windows security updates, creating a denial-of-service condition.  This…

Read more →

North Korea’s cybercrime operations have significantly expanded beyond the limited 1,024 IP addresses assigned to their national network through an elaborate scheme involving Russian infrastructure. According to recent findings, five Russian IP ranges, primarily located in the border towns of…

Read more →

A serious vulnerability related to information exposure (CVE-2025-22234) impacts several versions of the spring-security-crypto package. The flaw enables attackers to determine valid usernames through timing attacks, undermining a key security feature designed to prevent user enumeration.  The vulnerability affects Spring…

Read more →

Verizon’s 2025 Data Breach Investigations Report (DBIR) has revealed a disturbing trend: small and medium-sized businesses (SMBs) have become disproportionately targeted by ransomware attacks. The comprehensive report, analyzing over 22,000 security incidents including 12,195 confirmed data breaches, found ransomware present…

Read more →

Thailand has emerged as a significant target for sophisticated ransomware attacks, with a dramatic 240% increase in cyber campaigns recorded in 2024 compared to the previous year. This surge reflects heightened geopolitical tensions and strategic interest in Thailand’s expanding digital…

Read more →

A wave of targeted cyberattacks has exposed a previously unknown vulnerability in SAP NetWeaver, allowing attackers to deploy malicious JSP webshells and gain unauthorized access to enterprise systems, even those running the latest patches.  In April 2025, security researchers at…

Read more →

The U.S. Secret Service Washington Field Office (WFO) has issued an advisory on identifying credit card skimming devices, calling this form of financial theft a “low-risk, high-reward crime that is on the rise across the country.”  Following the recent Operation…

Read more →

ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The security platform incorrectly flagged benign files as malicious, leading to their automatic submission to ANY.RUN’s public sandbox for analysis. As a result,…

Read more →

Cybersecurity experts have identified a sophisticated campaign by the North Korean state-sponsored Lazarus APT group targeting critical infrastructure and financial organizations worldwide. The threat actor has shifted tactics to exploit recently patched vulnerabilities—known as one-day vulnerabilities—before organizations can implement necessary…

Read more →

In a troubling development for cybersecurity professionals, threat actors are increasingly targeting unsecured Kubernetes clusters to deploy cryptocurrency mining operations, leveraging the computational resources of victim organizations without their knowledge. These attacks exploit vulnerabilities in containerized environments, particularly focusing on…

Read more →

A critical vulnerability exists in Linux’s security framework, revealing that many runtime security tools struggle to detect threats operating via the io_uring interface. This discovery exposes a critical gap in protection for Linux-based systems across cloud environments and data centers…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy due to funding shortages. CISA clarified that…

Read more →

Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverages an older Microsoft Office vulnerability (CVE-2017-0199) to ultimately deliver AsyncRAT, a remote access trojan capable…

Read more →

In 2023, cybersecurity experts uncovered an extensive compromise in critical infrastructure enterprises by a sophisticated threat actor group. This initial access broker, dubbed “ToyMaker,” systematically exploited vulnerable internet-facing systems before deploying custom backdoors to extract credentials from victim organizations. Their…

Read more →

A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication.  The flaw, discovered by a researcher “rainpwn” and officially disclosed on April 22, 2025, exposes…

Read more →

A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue.  The proof-of-concept exploit code has been released, enabling attackers to create administrator accounts by exploiting an internal…

Read more →

Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 2024, leveraged CVE-2025-0282 to deploy multiple malicious tools, including a custom malware called DslogdRAT and a…

Read more →

There are three high-severity vulnerabilities in the NVIDIA NeMo Framework that could allow attackers to execute remote code, potentially compromising AI systems and leading to data tampering.  The security flaws, identified as CVE-2025-23249, CVE-2025-23250, and CVE-2025-23251, each received a CVSS…

Read more →

Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows. Designated as CVE-2025-3248, this high-severity vulnerability carries a CVSS score of 9.8, placing it in…

Read more →

A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform.  The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. The…

Read more →

Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433).  The flaw, which carries a maximum CVSSv3.1 score of 10.0,…

Read more →

Cybersecurity defenders face increasingly sophisticated adversaries as threat actors continue evolving their methods to circumvent modern defense systems. According to the newly released M-Trends 2025 report, attackers are demonstrating enhanced capabilities to create custom malware ecosystems, identify and exploit zero-day…

Read more →

A high-severity vulnerability in Redis, the popular open-source in-memory data structure store, that could allow unauthenticated attackers to cause denial-of-service conditions by exhausting server memory.  Tracked as CVE-2025-21605 with a CVSS score of 7.5, this vulnerability affects all Redis versions…

Read more →

GitLab has released critical security patches addressing multiple high-severity vulnerabilities in its platform, highlighting robust security measures amid increasing cyber threats.  The company has issued patch versions 17.11.1, 17.10.5, and 17.9.7 for both Community Edition (CE) and Enterprise Edition (EE).…

Read more →

Blue Shield of California has disclosed a significant data breach affecting 4.7 million members, representing the majority of its nearly 6 million customers.  The health insurance provider revealed that protected health information (PHI) was inadvertently shared with Google’s advertising platforms…

Read more →

SonicWall has disclosed a critical security vulnerability in its SSLVPN service that allows unauthenticated remote attackers to crash affected firewall appliances, potentially causing significant disruptions to enterprise networks.  The vulnerability, tracked as CVE-2025-32818, received a high severity CVSS score of…

Read more →

Phishing campaigns have evolved significantly in 2025, with threat actors increasingly leveraging unconventional file formats to bypass security solutions. A particularly concerning trend involves the weaponization of Scalable Vector Graphics (SVG) files, which are being embedded with malicious JavaScript code…

Read more →

A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors.  The spike, registering more than 230 unique IP addresses probing ICS/IPS endpoints…

Read more →

Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform products.  The initiative, announced by Microsoft Security Response, aims to…

Read more →

A cyber-aware culture is the backbone of any resilient organization in today’s digital world. As cyber threats become more advanced and frequent, safeguarding sensitive data and systems can no longer rest solely with IT departments. Chief Information Security Officers (CISOs)…

Read more →

In an era where cyber threats evolve faster than regulatory frameworks, Vice Presidents (VPs) of Security are redefining their roles from compliance enforcers to strategic business leaders. While adherence to standards like GDPR and HIPAA remains critical, forward-thinking security executives…

Read more →

A significant security vulnerability (CVE-2025-34028) has been discovered in Commvault Command Center Innovation Release, enabling unauthenticated attackers to execute arbitrary code remotely. The vulnerability, which carries a high CVSS score of 9.0, affects explicitly version 11.38 of the Command Center…

Read more →

WhatsApp has announced the rollout of its new “Advanced Chat Privacy” feature, designed to give users greater control over the confidentiality of their conversations. Building on its foundation of end-to-end encryption, which ensures that only the sender and recipient can…

Read more →

A significant supply chain attack targeting cryptocurrency users. The official XRPL (Ripple) NPM package, which serves as the JavaScript SDK for the XRP Ledger, was compromised with malicious code designed to steal cryptocurrency private keys, potentially affecting hundreds of thousands…

Read more →