The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active…
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially…
Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform…
Amazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products…
Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you’re…
Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD’s importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every…
Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four…
Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has…
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from…
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed…
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide…
Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories. “We think the intent was to have…
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its…
Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480…
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and…