416 posts from this source
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units GPUs that could be exploited to escalate priv...
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero‑day and N‑day vulnerabilities to...
Overview Threat actors are exploiting a maximum‑severity security flaw in Flowise, an open‑source artificial intelligence AI platform, according to new finding...
Overview An Iran‑nexus threat actor is suspected to be behind a password‑spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid t...
Threat actors likely associated with the Democratic People’s Republic of Korea DPRK have been observed using GitHub as command‑and‑control C2 infrastructure in...
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Window...
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort...
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, co...
Overview Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring‑your‑own‑vulnerable‑driver BYOVD technique to...
Germany's Federal Criminal Police Office aka BKA or the Bundeskriminalamt has unmasked the real identity of the main threat actors associated with the now-defun...
Drift has revealed that the April 1, 2026 attack that led to the theft of $285 million was the culmination of a months‑long, targeted, and meticulously planned...
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to...
Fortinet has released out‑of‑band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. - Vulnerability ID...
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid‑2025, following a two‑year period of minimal targe...
> Threat actors are increasingly using HTTP cookies as a control channel for PHP‑based web shells on Linux servers to achieve remote code execution, according t...
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly targeted social engineering campaign orchestra...
The Emerging Threat Landscape The next major breach hitting your clients probably won't come from inside their walls. It’ll come through a vendor they trust, a...
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan...
Solana‑based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place o...
A large‑scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database creden...
Cisco has released updates to address a critical security flaw in the Integrated Management Controller IMC that, if successfully exploited, could allow an unaut...
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a...
Overview A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans RATs and cryptocurren...
In December 2025, we shared the first‑ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open‑source co...
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with sp...
Update Expansion Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk pose...
Overview The Computer Emergency Response Team of Ukraine CERT‑UA has disclosed details of a new phishing campaign in which the cybersecurity agency itself was...
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its...
Overview A multi‑pronged phishing campaign is targeting Spanish‑speaking users in organizations across Latin America and Europe to deliver Windows banking troj...
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script VBS files. The activity, begin...
Overview Google released security updates for Chrome on Thursday, addressing 21 vulnerabilities. Among them is a zero‑day flaw that is actively being exploited...
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malwa...
Overview Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cl...
Incident Overview Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvert...
Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps...
Vulnerability Overview A high‑severity security flaw in the TrueConf client video‑conferencing software has been exploited in the wild as a zero‑day as part of...
Overview Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence AI agen...
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dra...
Chinese‑speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocum...
Overview The popular HTTP client known as Axios suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dep...
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new f...
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. > “...
Some weeks are loud. This one was quieter but not in a good way. Long‑running operations are finally hitting courtrooms, old attack methods are showing up in ne...
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come fr...
Overview Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 rep...
Discovery Cybersecurity researchers have identified a remote access toolkit of Russian origin, dubbed the CTRL toolkit. The findings were reported by security...
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and...
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI,...
