Author: Mash

A critical vulnerability in the Advanced Custom Fields: Extended (ACF Extended) WordPress plugin allows unauthenticated attackers to gain administrative control [...]

A new malware strain named PDFSider has been deployed in attacks against a Fortune 100 financial company, serving as a [...]

A new wave of the GhostPoster campaign has been discovered, involving 17 malicious extensions across Chrome, Firefox, and Microsoft Edge [...]

Microsoft has acknowledged a new bug preventing some Windows 11 Enterprise and IoT devices from shutting down properly after installing [...]

The Gootloader malware campaign has adopted a sophisticated evasion technique using malformed ZIP archives composed of up to 1,000 concatenated [...]

A critical vulnerability in Fortinet's Security Information and Event Management (SIEM) platform, tracked as CVE-2025-25256, allows unauthenticated remote attackers to [...]

The user database from the latest version of the notorious BreachForums cybercrime marketplace has been leaked online, exposing information for [...]

A critical command injection vulnerability in several legacy D-Link DSL routers is being actively exploited by threat actors. Tracked as [...]

A new social engineering campaign is targeting the European hospitality sector by using deceptive Blue Screen of Death (BSOD) screens [...]

A threat group calling itself "Scattered Lapsus$ Hunters" claims to have successfully breached the cybersecurity firm Resecurity, stealing alleged internal [...]

The Kimwolf botnet has infected over two million devices globally by exploiting a critical vulnerability in residential proxy networks, allowing [...]

Scammers have sent fraudulent emails to Grubhub users promising a tenfold return on any Bitcoin sent to a specified wallet. [...]

A fraudulent domain masquerading as the popular Microsoft Activation Scripts (MAS) tool is being used to infect users with a [...]

Security researchers have identified two distinct campaigns distributing sophisticated malware loaders through deceptive distribution channels. The first leverages cracked software [...]

A critical vulnerability in the UEFI firmware of motherboards from ASUS, Gigabyte, MSI, and ASRock allows attackers with physical access [...]

A new campaign named "GhostPairing" is exploiting WhatsApp's legitimate device-linking feature to hijack user accounts without requiring authentication. Attackers initiate [...]

The inaugural Zeroday Cloud hacking competition in London has awarded security researchers a total of $320,000 for uncovering and demonstrating [...]

A malicious campaign named GhostPoster is concealing JavaScript code within the PNG logo files of over a dozen Firefox extensions. [...]

A new malware-as-a-service (MaaS) operation named SantaStealer is being marketed on cybercrime forums, promoted for its ability to run in [...]

A newly discovered zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service allows attackers to crash the critical [...]

A malicious campaign on the official VSCode Marketplace has been distributing 19 extensions that contain hidden malware within their bundled [...]

A new Android malware named DroidLock is targeting Spanish-speaking users by locking their devices and demanding a ransom. Distributed through [...]

Multiple prominent ransomware gangs are utilizing a packer-as-a-service platform called Shanya to conceal and deploy malware designed to disable endpoint [...]

Microsoft has removed a significant barrier for its Windows 11-exclusive security feature, Smart App Control, by eliminating the mandatory clean [...]

Cloudflare experienced a major global outage today, causing widespread "500 Internal Server Error" messages for many websites. The company has [...]

A command injection vulnerability in Array Networks AG Series VPN appliances is being actively exploited by attackers to deploy webshells [...]

Microsoft has issued the KB5070311 optional preview update for Windows 11, addressing 49 known issues, including significant problems with File [...]

A persistent malware operation dubbed "ShadyPanda" has infected over 4.3 million users through malicious browser extensions on Google Chrome and [...]

A new vulnerability dubbed "HashJack" allows attackers to conceal malicious instructions within the fragment identifier (the part following a '#' [...]

Microsoft has confirmed that recent Windows 11 updates are causing the password sign-in option to disappear from the lock screen [...]

A high-severity vulnerability has been discovered in the widely used 'node-forge' JavaScript cryptography library, enabling attackers to bypass digital signature [...]

A new campaign linked to Russian threat actors is distributing the StealC V2 information-stealing malware by hiding it within malicious [...]

A recent investigation into a Qilin ransomware attack demonstrated how security analysts can reconstruct an incident even with severely limited [...]

Security researchers successfully compiled a database of 3.5 billion WhatsApp user accounts by exploiting an API endpoint that lacked rate-limiting [...]

Nvidia has confirmed that recent Windows security updates from October 2025 are causing performance degradation in games running on Windows [...]

A sophisticated new Android banking trojan named Sturnus has been discovered, capable of stealing credentials and enabling full remote control [...]

A severe security flaw in the popular W3 Total Cache (W3TC) WordPress plugin enables unauthenticated attackers to execute arbitrary PHP [...]

Microsoft has announced that the System Monitor (Sysmon) tool will be directly integrated into future versions of Windows 11 and [...]

Google has released an urgent security update for its Chrome browser to address a zero-day vulnerability that is being actively [...]

Google will soon begin flagging Android applications on the Play Store that exhibit high background activity and cause significant battery [...]