RCE

NPM Package “fezbox” Uses QR Code Steganography to Steal Browser Cookies

Malware Analysis

NPM Package “fezbox” Uses QR Code Steganography to Steal Browser Cookies

In September 2025, the Node Package Manager (NPM) ecosystem was targeted by a series of sophisticated supply...

Ransomware Defense Efficacy Declines as Attack Tactics Evolve in 2025

Blue-Team

Ransomware Defense Efficacy Declines as Attack Tactics Evolve in 2025

Recent analysis from the Picus Security Blue Report 2025 indicates a significant decline in the effectiveness of...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

CVE News

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Google has released an emergency security update for its Chrome browser to address a high-severity zero-day vulnerability,...

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

CVE News

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Apple has released security updates for older iPhone and iPad models, backporting a critical fix for a...

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

CVE News

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Samsung has released a critical security update addressing a remote code execution vulnerability that was actively exploited...

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

CVE News

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

A significant surge in Akira ransomware activity, first observed in late July 2025, has been attributed to...

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Blue-Team

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Microsoft’s September 2025 Patch Tuesday has been released, addressing a total of 81 security vulnerabilities across its...

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

CVE News

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

SAP has released patches for 21 new security flaws, including three critical vulnerabilities in its widely used...

Meta Faces Lawsuit Over Alleged WhatsApp Security Failures and FTC Violations

Cyber Laws & Regulations

Meta Faces Lawsuit Over Alleged WhatsApp Security Failures and FTC Violations

A former head of security for WhatsApp has filed a lawsuit against Meta, accusing the social media...

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

CVE News

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

A critical zero-day vulnerability in legacy Sitecore deployments, designated CVE-2025-53690, has been actively exploited by threat actors...

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

CVE News

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as the U.S....

Geolocation as a Cyber Weapon: The Invisible Attack Vector Reshaping Modern Threats

Threat Intelligence

Geolocation as a Cyber Weapon: The Invisible Attack Vector Reshaping Modern Threats

The weaponization of geolocation data represents one of the most significant shifts in offensive cyber operations, transforming...

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

CVE News

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Google’s September 2025 Android security bulletin addresses a significant security event, patching 120 vulnerabilities across the platform...

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

CVE News

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Click Studios, the developer of the Passwordstate enterprise password manager, has issued an urgent warning to its...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

CVE News

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Git distributed...

Coordinated Reconnaissance Campaign Targets Microsoft RDP Authentication Servers

Threat Intelligence

Coordinated Reconnaissance Campaign Targets Microsoft RDP Authentication Servers

Internet intelligence firm GreyNoise has identified a significant and coordinated surge in scanning activity directed at Microsoft...

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Red-Team

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

A new class of attack, exploiting the image preprocessing pipelines of multimodal AI systems, has been demonstrated...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Posts pagination

Previous 1 2 3 4 5 … 12 Next

RCE

NPM Package “fezbox” Uses QR Code Steganography to Steal Browser Cookies

Ransomware Defense Efficacy Declines as Attack Tactics Evolve in 2025

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

Meta Faces Lawsuit Over Alleged WhatsApp Security Failures and FTC Violations

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

Geolocation as a Cyber Weapon: The Invisible Attack Vector Reshaping Modern Threats

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

Coordinated Reconnaissance Campaign Targets Microsoft RDP Authentication Servers

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

You may have missed

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis

U.S. Launches Scam Center Strike Force to Combat $10 Billion Crypto Fraud Networks