Author: Mash

For at least half a year, Procolored unknowingly distributed malware with its printer software, including a remote access trojan (XRedRAT) [...]

Google is implementing a security update in Chromium that prevents Chrome from running with administrator rights on Windows, following Microsoft [...]

Ivanti has issued fixes for a severe authentication bypass flaw (CVE-2025-22462) in its Neurons for ITSM platform that could let [...]

A serious vulnerability in ASUS's DriverHub tool let malicious websites execute commands with administrative privileges on affected devices. Discovered by [...]

The iClicker website, widely used by colleges across the U.S., was compromised in mid-April 2025 in a ClickFix-style attack that [...]

Cybercriminals are now actively exploiting a critical remote code execution (RCE) flaw in Samsung’s MagicINFO 9 Server, a platform widely [...]

Ransomware groups like Qilin and Hunters International are misusing the legitimate Kickidler employee monitoring software to secretly observe victim behavior, [...]

The Play ransomware group has been exploiting a Windows Common Log File System vulnerability (CVE-2025-29824) in zero-day attacks to escalate [...]

The developers behind StealC malware have launched version 2, introducing advanced data theft capabilities and stealth improvements. Initially released in [...]

Microsoft is phasing out the password autofill and storage feature in its Authenticator app, with full deprecation set for August [...]

Microsoft has addressed a problem in Exchange Online where emails from Gmail were wrongly flagged as spam due to a [...]

Security researchers at Socket uncovered seven harmful Python packages on PyPI that abused Gmail's SMTP servers and WebSockets to enable [...]

Citizen Lab researchers have uncovered a phishing and supply chain attack aimed at members of the Uyghur community living outside [...]

Coinbase recently corrected a bug in its account activity logs that had alarmed users into thinking their accounts were compromised. [...]

SAP has urgently released patches for a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer that attackers have exploited to [...]

Security researchers from Varonis have unveiled a proof-of-concept attack named "Cookie-Bite," which leverages a malicious Chrome extension to steal session [...]

Cybercriminals have discovered a way to send phishing emails that appear to come directly from Google by exploiting a flaw [...]

The Interlock ransomware group has adopted ClickFix-style attacks that trick users into running malicious PowerShell commands under the guise of [...]

A Windows flaw (CVE-2025-24054) allowing NTLM hash leakage through .library-ms files is now being actively used in phishing attacks against [...]

Apple has released urgent security updates to fix two newly discovered zero-day vulnerabilities that were exploited in highly targeted iPhone [...]

Russian-backed hacking group Midnight Blizzard (also known as APT29 or Cozy Bear) is behind a spear-phishing campaign targeting European diplomatic [...]

Researchers from Doctor Web have uncovered a malware campaign in which low-cost Android phones come pre-infected with spyware designed to [...]

The Tycoon2FA phishing-as-a-service platform has received updates that enhance its ability to evade detection while targeting Microsoft 365 and Gmail [...]

Hackers began taking advantage of a serious authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin just hours after [...]

Microsoft has acknowledged that the April 2025 cumulative update (KB5055523) may cause Windows Hello to malfunction on certain devices, particularly [...]

Nine fake Visual Studio Code extensions were found on Microsoft's VSCode Marketplace, posing as legitimate tools while secretly infecting users [...]

Cybercriminals are increasingly abusing WordPress's mu-plugins (Must-Use Plugins) directory to stealthily execute harmful code on every page without being easily [...]

A recently discovered flaw in WinRAR, identified as CVE-2025-31334, enables attackers to bypass the Windows "Mark of the Web" (MotW) [...]

CISA, alongside the FBI, NSA, and international partners, is warning about the persistent threat of Fast Flux, a DNS evasion [...]

Mozilla has rolled out Firefox 136.0.4 to fix a serious security vulnerability (CVE-2025-2857) that allows attackers to break out of [...]

A new ransomware operation, VanHelsing, has surfaced as a multi-platform RaaS (Ransomware-as-a-Service), attacking Windows, Linux, BSD, ARM, and ESXi systems. [...]

The FBI warns that cybercriminals are using fake online document converters to distribute malware, steal sensitive data, and even launch [...]

Cybercriminals are misusing Microsoft’s Trusted Signing service to code-sign malware using short-lived three-day certificates, making malicious files appear legitimate. Code-signing [...]

Cybercriminals have begun attacking unpatched Cisco Smart Licensing Utility (CSLU) instances by exploiting a vulnerability that provides access to a [...]

Since 2016, the DollyWay malware campaign has compromised over 20,000 WordPress sites worldwide, redirecting visitors to fraudulent pages promoting scams [...]

Microsoft has confirmed that the March 2025 cumulative updates for Windows 10 and Windows 11 mistakenly uninstall the Copilot digital [...]

Cybercriminals are using deceptive Microsoft OAuth apps disguised as Adobe and DocuSign tools to spread malware and steal Microsoft 365 [...]

Microsoft has restored the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace [...]