Author: Mash

Facing financial pressures, OpenAI is internally debating the introduction of advertisements on its ChatGPT platform. Despite a massive user base [...]

A Chinese state-sponsored threat group, known as UNC6384 or Mustang Panda, is actively using a Windows zero-day vulnerability to spy [...]

A significant surge in Near-Field Communication (NFC) relay malware is targeting Android users, primarily in Eastern Europe, with over 760 [...]

Security researchers have identified ten malicious packages on the npm registry that deploy a sophisticated information stealer capable of targeting [...]

Starting with Chrome 154 in October 2026, Google's browser will ask for user permission by default before connecting to any [...]

A critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is now being actively exploited in the wild, [...]

Cybercriminals are repurposing the open-source RedTiger penetration testing suite to create an information-stealing malware that primarily targets Discord users. The [...]

A novel phishing method named 'CoPhish' exploits Microsoft Copilot Studio to deliver fraudulent OAuth consent prompts from legitimate Microsoft domains. [...]

A large-scale exploitation campaign is targeting WordPress websites using outdated versions of the GutenKit and Hunk Companion plugins. Attackers are [...]

Microsoft has disabled the File Explorer preview feature for files downloaded from the internet as a new security measure. This [...]

On the second day of the Pwn2Own Ireland 2025 competition, security researchers demonstrated 56 previously unknown vulnerabilities, earning a total [...]

The Russian state-backed hacking group Star Blizzard, also known as ColdRiver, has rapidly evolved its malware arsenal, deploying new families [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a high-severity Windows Server Message Block (SMB) vulnerability is [...]

A malicious campaign is using Google Ads to promote counterfeit websites for popular macOS tools like Homebrew, LogMeIn, and TradingView. [...]

Microsoft has addressed a maximum-severity vulnerability in ASP.NET Core, identified as CVE-2025-55315, which is an HTTP request smuggling flaw within the Kestrel [...]

A threat actor known as TigerJack is persistently targeting developers with harmful extensions on both the VSCode Marketplace and the [...]

Microsoft is imposing new restrictions on the Internet Explorer (IE) mode within its Edge browser after discovering active zero-day exploits. [...]

A new smishing campaign is deceiving New York residents with fraudulent text messages that impersonate the state's Department of Taxation [...]

Apple has significantly expanded its bug bounty program, doubling the top reward to $2 million for zero-click remote code execution [...]

A new Android spyware known as ClayRat is being distributed by impersonating popular applications like WhatsApp, TikTok, and YouTube. The [...]

The Qilin ransomware group has publicly claimed responsibility for a cyberattack on Asahi, Japan's largest brewing company. The hackers allege [...]

A security researcher has discovered that Google's Gemini AI is vulnerable to ASCII smuggling attacks, a technique that uses invisible [...]

A threat actor known as Storm-1175 is actively exploiting a critical vulnerability in Fortra's GoAnywhere MFT secure file transfer tool. [...]

Oracle has released an emergency security update for a critical zero-day vulnerability, tracked as CVE-2025-61882, in its E-Business Suite (EBS). [...]

Signal has introduced a new cryptographic defense named Sparse Post-Quantum Ratchet (SPQR) to protect user communications against potential future quantum [...]

Two distinct spyware campaigns, dubbed ProSpy and ToSpy, are deceiving Android users by posing as legitimate messaging applications. The malicious [...]

Microsoft is addressing a known issue causing the classic Outlook client for Windows to crash immediately upon launch. This problem [...]

A new malicious toolkit named MatrixPDF enables threat actors to transform standard PDF files into interactive phishing lures that evade [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the Sudo command-line utility to its [...]

Microsoft has removed a compatibility block that was preventing certain Intel-based PCs from upgrading to Windows 11 version 24H2. The [...]

Cybercriminals are using search engine advertisements and SEO poisoning to distribute a fake Microsoft Teams installer that installs the Oyster [...]

A maximum-severity vulnerability in Fortra's GoAnywhere managed file transfer (MFT) software is being actively exploited by attackers. Tracked as CVE-2025-10035, [...]

A new version of the XCSSET malware is being used in limited attacks against macOS developers, according to Microsoft Threat [...]

Cisco has issued security updates to fix a high-severity zero-day vulnerability, tracked as CVE-2025-20352, which is being actively exploited in [...]

SonicWall has released a critical firmware update designed to eradicate a previously unknown rootkit called OVERSTEP from its Secure Mobile [...]

A ransomware attack targeting critical airport systems caused significant disruptions at several major European airports over the weekend. The incident [...]

A new native feature in Windows 11 will allow users to set video files as their desktop background, with the [...]

Security researchers have identified what may be the earliest known malware embedded with a large language model, dubbed MalTerminal. This [...]

A critical zero-click vulnerability, named ShadowLeak, has been discovered in OpenAI’s ChatGPT Deep Research agent, allowing attackers to extract sensitive [...]

The operators behind the SystemBC proxy botnet are actively targeting vulnerable commercial virtual private servers (VPS) to maintain a network [...]