Author: Mash

Two severe security flaws in vBulletin, identified as CVE-2025-48827 and CVE-2025-48828, are being actively exploited, with one enabling remote code [...]

Cybercriminals are now using Google Apps Script to host phishing sites that mimic legitimate login pages, aiming to steal user [...]

Microsoft’s KB5058499 preview update for Windows 11 version 24H2 introduces 48 new features and improvements, with many rolling out gradually. [...]

The DragonForce ransomware group recently infiltrated a managed service provider (MSP) and leveraged its SimpleHelp remote monitoring platform to access [...]

Security researchers from Socket uncovered 60 malicious NPM packages that gather host and network information and transmit it to a [...]

A collaborative international operation has significantly disrupted the Lumma malware-as-a-service (MaaS) scheme, taking control of around 2,300 domains used by [...]

A new feature included in Google Play Services could soon enable Android devices to automatically reboot if left idle for [...]

Hackers have been spreading a malicious version of the KeePass password manager for over eight months, using it to steal [...]

A newly developed tool called Defendnot can trick Windows into turning off Microsoft Defender by registering a fake antivirus through [...]

For at least half a year, Procolored unknowingly distributed malware with its printer software, including a remote access trojan (XRedRAT) [...]

Google is implementing a security update in Chromium that prevents Chrome from running with administrator rights on Windows, following Microsoft [...]

Ivanti has issued fixes for a severe authentication bypass flaw (CVE-2025-22462) in its Neurons for ITSM platform that could let [...]

A serious vulnerability in ASUS's DriverHub tool let malicious websites execute commands with administrative privileges on affected devices. Discovered by [...]

The iClicker website, widely used by colleges across the U.S., was compromised in mid-April 2025 in a ClickFix-style attack that [...]

Cybercriminals are now actively exploiting a critical remote code execution (RCE) flaw in Samsung’s MagicINFO 9 Server, a platform widely [...]

Ransomware groups like Qilin and Hunters International are misusing the legitimate Kickidler employee monitoring software to secretly observe victim behavior, [...]

The Play ransomware group has been exploiting a Windows Common Log File System vulnerability (CVE-2025-29824) in zero-day attacks to escalate [...]

The developers behind StealC malware have launched version 2, introducing advanced data theft capabilities and stealth improvements. Initially released in [...]

Microsoft is phasing out the password autofill and storage feature in its Authenticator app, with full deprecation set for August [...]

Microsoft has addressed a problem in Exchange Online where emails from Gmail were wrongly flagged as spam due to a [...]

Security researchers at Socket uncovered seven harmful Python packages on PyPI that abused Gmail's SMTP servers and WebSockets to enable [...]

Citizen Lab researchers have uncovered a phishing and supply chain attack aimed at members of the Uyghur community living outside [...]

Coinbase recently corrected a bug in its account activity logs that had alarmed users into thinking their accounts were compromised. [...]

SAP has urgently released patches for a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer that attackers have exploited to [...]

Security researchers from Varonis have unveiled a proof-of-concept attack named "Cookie-Bite," which leverages a malicious Chrome extension to steal session [...]

Cybercriminals have discovered a way to send phishing emails that appear to come directly from Google by exploiting a flaw [...]

The Interlock ransomware group has adopted ClickFix-style attacks that trick users into running malicious PowerShell commands under the guise of [...]

A Windows flaw (CVE-2025-24054) allowing NTLM hash leakage through .library-ms files is now being actively used in phishing attacks against [...]

Apple has released urgent security updates to fix two newly discovered zero-day vulnerabilities that were exploited in highly targeted iPhone [...]

Russian-backed hacking group Midnight Blizzard (also known as APT29 or Cozy Bear) is behind a spear-phishing campaign targeting European diplomatic [...]

Researchers from Doctor Web have uncovered a malware campaign in which low-cost Android phones come pre-infected with spyware designed to [...]

The Tycoon2FA phishing-as-a-service platform has received updates that enhance its ability to evade detection while targeting Microsoft 365 and Gmail [...]

Hackers began taking advantage of a serious authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin just hours after [...]

Microsoft has acknowledged that the April 2025 cumulative update (KB5055523) may cause Windows Hello to malfunction on certain devices, particularly [...]

Nine fake Visual Studio Code extensions were found on Microsoft's VSCode Marketplace, posing as legitimate tools while secretly infecting users [...]

Cybercriminals are increasingly abusing WordPress's mu-plugins (Must-Use Plugins) directory to stealthily execute harmful code on every page without being easily [...]

A recently discovered flaw in WinRAR, identified as CVE-2025-31334, enables attackers to bypass the Windows "Mark of the Web" (MotW) [...]

CISA, alongside the FBI, NSA, and international partners, is warning about the persistent threat of Fast Flux, a DNS evasion [...]

Mozilla has rolled out Firefox 136.0.4 to fix a serious security vulnerability (CVE-2025-2857) that allows attackers to break out of [...]