A serious vulnerability in ASUS's DriverHub tool let malicious websites execute commands with administrative privileges on affected devices. Discovered by [...]
Ransomware groups like Qilin and Hunters International are misusing the legitimate Kickidler employee monitoring software to secretly observe victim behavior, [...]
The developers behind StealC malware have launched version 2, introducing advanced data theft capabilities and stealth improvements. Initially released in [...]
SAP has urgently released patches for a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer that attackers have exploited to [...]
Security researchers from Varonis have unveiled a proof-of-concept attack named "Cookie-Bite," which leverages a malicious Chrome extension to steal session [...]
Russian-backed hacking group Midnight Blizzard (also known as APT29 or Cozy Bear) is behind a spear-phishing campaign targeting European diplomatic [...]
The Tycoon2FA phishing-as-a-service platform has received updates that enhance its ability to evade detection while targeting Microsoft 365 and Gmail [...]
Hackers began taking advantage of a serious authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin just hours after [...]
Microsoft has acknowledged that the April 2025 cumulative update (KB5055523) may cause Windows Hello to malfunction on certain devices, particularly [...]
Cybercriminals are increasingly abusing WordPress's mu-plugins (Must-Use Plugins) directory to stealthily execute harmful code on every page without being easily [...]
A new ransomware operation, VanHelsing, has surfaced as a multi-platform RaaS (Ransomware-as-a-Service), attacking Windows, Linux, BSD, ARM, and ESXi systems. [...]
Cybercriminals are misusing Microsoft’s Trusted Signing service to code-sign malware using short-lived three-day certificates, making malicious files appear legitimate. Code-signing [...]
Cybercriminals have begun attacking unpatched Cisco Smart Licensing Utility (CSLU) instances by exploiting a vulnerability that provides access to a [...]
Since 2016, the DollyWay malware campaign has compromised over 20,000 WordPress sites worldwide, redirecting visitors to fraudulent pages promoting scams [...]