Author: Mash

A threat actor known as TigerJack is persistently targeting developers with harmful extensions on both the VSCode Marketplace and the [...]

Microsoft is imposing new restrictions on the Internet Explorer (IE) mode within its Edge browser after discovering active zero-day exploits. [...]

A new smishing campaign is deceiving New York residents with fraudulent text messages that impersonate the state's Department of Taxation [...]

Apple has significantly expanded its bug bounty program, doubling the top reward to $2 million for zero-click remote code execution [...]

A new Android spyware known as ClayRat is being distributed by impersonating popular applications like WhatsApp, TikTok, and YouTube. The [...]

The Qilin ransomware group has publicly claimed responsibility for a cyberattack on Asahi, Japan's largest brewing company. The hackers allege [...]

A security researcher has discovered that Google's Gemini AI is vulnerable to ASCII smuggling attacks, a technique that uses invisible [...]

A threat actor known as Storm-1175 is actively exploiting a critical vulnerability in Fortra's GoAnywhere MFT secure file transfer tool. [...]

Oracle has released an emergency security update for a critical zero-day vulnerability, tracked as CVE-2025-61882, in its E-Business Suite (EBS). [...]

Signal has introduced a new cryptographic defense named Sparse Post-Quantum Ratchet (SPQR) to protect user communications against potential future quantum [...]

Two distinct spyware campaigns, dubbed ProSpy and ToSpy, are deceiving Android users by posing as legitimate messaging applications. The malicious [...]

Microsoft is addressing a known issue causing the classic Outlook client for Windows to crash immediately upon launch. This problem [...]

A new malicious toolkit named MatrixPDF enables threat actors to transform standard PDF files into interactive phishing lures that evade [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the Sudo command-line utility to its [...]

Microsoft has removed a compatibility block that was preventing certain Intel-based PCs from upgrading to Windows 11 version 24H2. The [...]

Cybercriminals are using search engine advertisements and SEO poisoning to distribute a fake Microsoft Teams installer that installs the Oyster [...]

A maximum-severity vulnerability in Fortra's GoAnywhere managed file transfer (MFT) software is being actively exploited by attackers. Tracked as CVE-2025-10035, [...]

A new version of the XCSSET malware is being used in limited attacks against macOS developers, according to Microsoft Threat [...]

Cisco has issued security updates to fix a high-severity zero-day vulnerability, tracked as CVE-2025-20352, which is being actively exploited in [...]

SonicWall has released a critical firmware update designed to eradicate a previously unknown rootkit called OVERSTEP from its Secure Mobile [...]

A ransomware attack targeting critical airport systems caused significant disruptions at several major European airports over the weekend. The incident [...]

A new native feature in Windows 11 will allow users to set video files as their desktop background, with the [...]

Security researchers have identified what may be the earliest known malware embedded with a large language model, dubbed MalTerminal. This [...]

A critical zero-click vulnerability, named ShadowLeak, has been discovered in OpenAI’s ChatGPT Deep Research agent, allowing attackers to extract sensitive [...]

The operators behind the SystemBC proxy botnet are actively targeting vulnerable commercial virtual private servers (VPS) to maintain a network [...]

The threat group TA558, also tracked as RevengeHotels, is using AI-generated scripts in a new campaign targeting hotels in Brazil [...]

A self-propagating supply chain attack has compromised at least 187 npm packages, beginning with the popular @ctrl/tinycolor library, which receives [...]

Google has confirmed that cybercriminals created a fraudulent account within its Law Enforcement Request System (LERS), a platform used by [...]

A new phishing-as-a-service platform named VoidProxy is targeting Microsoft 365 and Google accounts, even when protected by third-party single sign-on [...]

A threat actor known as WhiteCobra is distributing fraudulent extensions across the Visual Studio Marketplace and OpenVSX registry, targeting developers [...]

A recently identified ransomware variant, named HybridPetya, mimics the behavior of the infamous Petya/NotPetya malware but adds the capability to [...]

Microsoft has eliminated the registration fee for individual developers who want to publish their applications on the Microsoft Store. This [...]

A security vulnerability in the Cursor AI code editor could allow malicious repositories to automatically execute harmful code as soon [...]

A malfunction in Microsoft’s anti-spam service is mistakenly flagging legitimate URLs as malicious, preventing users from opening links in Exchange [...]

A new malware operation, dubbed GPUGate, is using malicious Google Ads and counterfeit GitHub commit pages to target IT and [...]

Cybercriminals are exploiting iCloud Calendar's invitation system to distribute fraudulent emails that appear to originate directly from Apple's official servers. [...]

VirusTotal's AI Code Insight feature has uncovered a previously undetected phishing operation that uses SVG image files to impersonate Colombia's [...]

Cybercriminals are actively exploiting a zero-day vulnerability in older Sitecore systems to install WeepSteel malware, a reconnaissance backdoor. This security [...]

A new offensive security framework named HexStrike-AI is being actively used by hackers to quickly weaponize recently disclosed security flaws. [...]

Zscaler disclosed a security breach after attackers accessed its Salesforce environment through stolen OAuth and refresh tokens from Salesloft Drift, [...]