Author: Mash

Microsoft is addressing a known issue where the first extended security update (ESU) for Windows 10, KB5068781, fails to install [...]

AMD has confirmed a high-severity vulnerability within the RDSEED instruction of its latest Zen 5 architecture CPUs, which compromises the [...]

A self-propagating worm, dubbed 'IndonesianFoods,' is spamming the npm registry by automatically generating and publishing new packages at an alarming [...]

The DanaBot malware has reemerged in a new version after a six-month hiatus following a major international law enforcement operation. [...]

A critical vulnerability in the Triofox file-sharing platform is being actively exploited by a threat actor to gain full system [...]

Three newly discovered vulnerabilities in the runC container runtime could allow attackers to break out of container isolation and gain [...]

With Windows 10 having reached its official end of support on October 14, 2025, users must enroll in the Extended [...]

A newly identified spyware, dubbed LandFall, was deployed by exploiting a zero-day vulnerability in Samsung's Android image processing library. The [...]

Google's Threat Intelligence Group has identified a significant trend where cybercriminals are now using large language models (LLMs) to create [...]

A critical vulnerability in the popular Post SMTP WordPress plugin is being actively exploited by hackers to hijack administrator accounts [...]

Microsoft has acknowledged a bug in an optional Windows 11 update that prevents the Task Manager from closing properly. After [...]

Facing financial pressures, OpenAI is internally debating the introduction of advertisements on its ChatGPT platform. Despite a massive user base [...]

A Chinese state-sponsored threat group, known as UNC6384 or Mustang Panda, is actively using a Windows zero-day vulnerability to spy [...]

A significant surge in Near-Field Communication (NFC) relay malware is targeting Android users, primarily in Eastern Europe, with over 760 [...]

Security researchers have identified ten malicious packages on the npm registry that deploy a sophisticated information stealer capable of targeting [...]

Starting with Chrome 154 in October 2026, Google's browser will ask for user permission by default before connecting to any [...]

A critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is now being actively exploited in the wild, [...]

Cybercriminals are repurposing the open-source RedTiger penetration testing suite to create an information-stealing malware that primarily targets Discord users. The [...]

A novel phishing method named 'CoPhish' exploits Microsoft Copilot Studio to deliver fraudulent OAuth consent prompts from legitimate Microsoft domains. [...]

A large-scale exploitation campaign is targeting WordPress websites using outdated versions of the GutenKit and Hunk Companion plugins. Attackers are [...]

Microsoft has disabled the File Explorer preview feature for files downloaded from the internet as a new security measure. This [...]

On the second day of the Pwn2Own Ireland 2025 competition, security researchers demonstrated 56 previously unknown vulnerabilities, earning a total [...]

The Russian state-backed hacking group Star Blizzard, also known as ColdRiver, has rapidly evolved its malware arsenal, deploying new families [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a high-severity Windows Server Message Block (SMB) vulnerability is [...]

A malicious campaign is using Google Ads to promote counterfeit websites for popular macOS tools like Homebrew, LogMeIn, and TradingView. [...]

Microsoft has addressed a maximum-severity vulnerability in ASP.NET Core, identified as CVE-2025-55315, which is an HTTP request smuggling flaw within the Kestrel [...]

A threat actor known as TigerJack is persistently targeting developers with harmful extensions on both the VSCode Marketplace and the [...]

Microsoft is imposing new restrictions on the Internet Explorer (IE) mode within its Edge browser after discovering active zero-day exploits. [...]

A new smishing campaign is deceiving New York residents with fraudulent text messages that impersonate the state's Department of Taxation [...]

Apple has significantly expanded its bug bounty program, doubling the top reward to $2 million for zero-click remote code execution [...]

A new Android spyware known as ClayRat is being distributed by impersonating popular applications like WhatsApp, TikTok, and YouTube. The [...]

The Qilin ransomware group has publicly claimed responsibility for a cyberattack on Asahi, Japan's largest brewing company. The hackers allege [...]

A security researcher has discovered that Google's Gemini AI is vulnerable to ASCII smuggling attacks, a technique that uses invisible [...]

A threat actor known as Storm-1175 is actively exploiting a critical vulnerability in Fortra's GoAnywhere MFT secure file transfer tool. [...]

Oracle has released an emergency security update for a critical zero-day vulnerability, tracked as CVE-2025-61882, in its E-Business Suite (EBS). [...]

Signal has introduced a new cryptographic defense named Sparse Post-Quantum Ratchet (SPQR) to protect user communications against potential future quantum [...]

Two distinct spyware campaigns, dubbed ProSpy and ToSpy, are deceiving Android users by posing as legitimate messaging applications. The malicious [...]

Microsoft is addressing a known issue causing the classic Outlook client for Windows to crash immediately upon launch. This problem [...]

A new malicious toolkit named MatrixPDF enables threat actors to transform standard PDF files into interactive phishing lures that evade [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the Sudo command-line utility to its [...]