Author: Mash

A cybersecurity expert has developed FileFix, an evolution of the ClickFix social engineering attack, that leverages the Windows File Explorer [...]

A new malware named SparkKitty has been uncovered in apps on both the Google Play Store and Apple App Store, [...]

CoinMarketCap recently experienced a supply chain attack that exposed its visitors to a crypto-stealing campaign via a fake Web3 wallet [...]

Microsoft is currently investigating a widespread OneDrive issue that causes search results to appear blank or fail to return existing [...]

A new iteration of the Android malware "Godfather" now uses virtualization to embed banking apps within isolated environments on infected [...]

After years of user feedback, Microsoft is finally restoring a long-missed Windows 10 feature in Windows 11 — the clock [...]

Trend Micro has issued security patches to fix multiple serious vulnerabilities in its Apex Central and Endpoint Encryption PolicyServer tools, [...]

A newly discovered flaw, tracked as CVE-2025-3052, allows attackers to bypass Secure Boot on most systems by exploiting a signed [...]

Ivanti has issued security patches for three serious vulnerabilities in its Workspace Control (IWC) platform, which stem from hardcoded cryptographic [...]

Two harmful npm packages, ‘express-api-sync’ and ‘system-health-sync-api’, have been uncovered posing as helpful utilities while secretly containing code to wipe [...]

A severe vulnerability in the Roundcube webmail application, tracked as CVE-2025-49113, has been exploited and is now being sold by [...]

A recent Coinbase data breach has been attributed to support agents in India working for outsourcing firm TaskUs, who were [...]

Qualcomm has issued fixes for three zero-day vulnerabilities in its Adreno GPU driver, which are being exploited in targeted cyberattacks. [...]

Two severe security flaws in vBulletin, identified as CVE-2025-48827 and CVE-2025-48828, are being actively exploited, with one enabling remote code [...]

Cybercriminals are now using Google Apps Script to host phishing sites that mimic legitimate login pages, aiming to steal user [...]

Microsoft’s KB5058499 preview update for Windows 11 version 24H2 introduces 48 new features and improvements, with many rolling out gradually. [...]

The DragonForce ransomware group recently infiltrated a managed service provider (MSP) and leveraged its SimpleHelp remote monitoring platform to access [...]

Security researchers from Socket uncovered 60 malicious NPM packages that gather host and network information and transmit it to a [...]

A collaborative international operation has significantly disrupted the Lumma malware-as-a-service (MaaS) scheme, taking control of around 2,300 domains used by [...]

A new feature included in Google Play Services could soon enable Android devices to automatically reboot if left idle for [...]

Hackers have been spreading a malicious version of the KeePass password manager for over eight months, using it to steal [...]

A newly developed tool called Defendnot can trick Windows into turning off Microsoft Defender by registering a fake antivirus through [...]

For at least half a year, Procolored unknowingly distributed malware with its printer software, including a remote access trojan (XRedRAT) [...]

Google is implementing a security update in Chromium that prevents Chrome from running with administrator rights on Windows, following Microsoft [...]

Ivanti has issued fixes for a severe authentication bypass flaw (CVE-2025-22462) in its Neurons for ITSM platform that could let [...]

A serious vulnerability in ASUS's DriverHub tool let malicious websites execute commands with administrative privileges on affected devices. Discovered by [...]

The iClicker website, widely used by colleges across the U.S., was compromised in mid-April 2025 in a ClickFix-style attack that [...]

Cybercriminals are now actively exploiting a critical remote code execution (RCE) flaw in Samsung’s MagicINFO 9 Server, a platform widely [...]

Ransomware groups like Qilin and Hunters International are misusing the legitimate Kickidler employee monitoring software to secretly observe victim behavior, [...]

The Play ransomware group has been exploiting a Windows Common Log File System vulnerability (CVE-2025-29824) in zero-day attacks to escalate [...]

The developers behind StealC malware have launched version 2, introducing advanced data theft capabilities and stealth improvements. Initially released in [...]

Microsoft is phasing out the password autofill and storage feature in its Authenticator app, with full deprecation set for August [...]

Microsoft has addressed a problem in Exchange Online where emails from Gmail were wrongly flagged as spam due to a [...]

Security researchers at Socket uncovered seven harmful Python packages on PyPI that abused Gmail's SMTP servers and WebSockets to enable [...]

Citizen Lab researchers have uncovered a phishing and supply chain attack aimed at members of the Uyghur community living outside [...]

Coinbase recently corrected a bug in its account activity logs that had alarmed users into thinking their accounts were compromised. [...]

SAP has urgently released patches for a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer that attackers have exploited to [...]

Security researchers from Varonis have unveiled a proof-of-concept attack named "Cookie-Bite," which leverages a malicious Chrome extension to steal session [...]

Cybercriminals have discovered a way to send phishing emails that appear to come directly from Google by exploiting a flaw [...]

The Interlock ransomware group has adopted ClickFix-style attacks that trick users into running malicious PowerShell commands under the guise of [...]