Author: Mash

A Windows flaw (CVE-2025-24054) allowing NTLM hash leakage through .library-ms files is now being actively used in phishing attacks against [...]

Apple has released urgent security updates to fix two newly discovered zero-day vulnerabilities that were exploited in highly targeted iPhone [...]

Russian-backed hacking group Midnight Blizzard (also known as APT29 or Cozy Bear) is behind a spear-phishing campaign targeting European diplomatic [...]

Researchers from Doctor Web have uncovered a malware campaign in which low-cost Android phones come pre-infected with spyware designed to [...]

The Tycoon2FA phishing-as-a-service platform has received updates that enhance its ability to evade detection while targeting Microsoft 365 and Gmail [...]

Hackers began taking advantage of a serious authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin just hours after [...]

Microsoft has acknowledged that the April 2025 cumulative update (KB5055523) may cause Windows Hello to malfunction on certain devices, particularly [...]

Nine fake Visual Studio Code extensions were found on Microsoft's VSCode Marketplace, posing as legitimate tools while secretly infecting users [...]

Cybercriminals are increasingly abusing WordPress's mu-plugins (Must-Use Plugins) directory to stealthily execute harmful code on every page without being easily [...]

A recently discovered flaw in WinRAR, identified as CVE-2025-31334, enables attackers to bypass the Windows "Mark of the Web" (MotW) [...]

CISA, alongside the FBI, NSA, and international partners, is warning about the persistent threat of Fast Flux, a DNS evasion [...]

Mozilla has rolled out Firefox 136.0.4 to fix a serious security vulnerability (CVE-2025-2857) that allows attackers to break out of [...]

A new ransomware operation, VanHelsing, has surfaced as a multi-platform RaaS (Ransomware-as-a-Service), attacking Windows, Linux, BSD, ARM, and ESXi systems. [...]

The FBI warns that cybercriminals are using fake online document converters to distribute malware, steal sensitive data, and even launch [...]

Cybercriminals are misusing Microsoft’s Trusted Signing service to code-sign malware using short-lived three-day certificates, making malicious files appear legitimate. Code-signing [...]

Cybercriminals have begun attacking unpatched Cisco Smart Licensing Utility (CSLU) instances by exploiting a vulnerability that provides access to a [...]

Since 2016, the DollyWay malware campaign has compromised over 20,000 WordPress sites worldwide, redirecting visitors to fraudulent pages promoting scams [...]

Microsoft has confirmed that the March 2025 cumulative updates for Windows 10 and Windows 11 mistakenly uninstall the Copilot digital [...]

Cybercriminals are using deceptive Microsoft OAuth apps disguised as Adobe and DocuSign tools to spread malware and steal Microsoft 365 [...]

Microsoft has restored the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace [...]

Facebook has disclosed a critical FreeType vulnerability (CVE-2025-27363) that can enable arbitrary code execution and has reportedly been exploited in [...]

A critical command injection vulnerability (CVE-2025-1316) in the Edimax IC-7100 IP camera is actively being exploited by botnet malware to [...]

Cybercriminals are falsely claiming copyright ownership of Windows Packet Divert (WPD) tools to pressure YouTube creators into spreading malware and [...]

A new botnet called Eleven11bot has compromised over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs), to [...]

A new strain of the Vo1d malware botnet has infected nearly 1.6 million Android TV devices across 226 countries, integrating [...]

A social engineering scam has been targeting job seekers in the Web3 industry using a fraudulent "GrassCall" meeting app that [...]

A malware campaign known as GitVenom has been using hundreds of fake GitHub repositories to spread info-stealers, remote access trojans [...]

Microsoft is experimenting with ad-supported versions of its Office desktop apps, allowing users to edit documents with restricted functionality. Unlike [...]

A new phishing scam is abusing PayPal’s address settings to send fraudulent purchase confirmations, tricking users into calling scammers who [...]

Google is continuing its phased deprecation of Manifest V2-based extensions, including the popular ad blocker uBlock Origin, as part of [...]

The Chinese state-sponsored hacking group Salt Typhoon has been using a custom tool called JumbledPath to covertly monitor network traffic [...]

The Chinese APT group "Mustang Panda," also known as Earth Preta, has been abusing Microsoft's Application Virtualization Injector (MAVInject.exe) to [...]

Microsoft is removing the Location History feature from Windows, which previously allowed apps like Cortana to access stored location data [...]

Google Chrome has upgraded its "Enhanced Protection" feature with AI to provide real-time security against malicious websites, downloads, and extensions. [...]

Security researchers from Rapid7 revealed that attackers used a previously unknown PostgreSQL vulnerability (CVE-2025-1094) as a zero-day to exploit BeyondTrust’s [...]

Security researchers at DataDog uncovered a vulnerability called "whoAMI," which lets attackers gain code execution in AWS accounts by publishing [...]

Hackers are increasingly targeting unpatched systems vulnerable to older security flaws, specifically CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. The [...]

Apple has issued urgent security updates to address a zero-day vulnerability (CVE-2025-24200) that was exploited in highly targeted attacks. The [...]