Author: Mash

A new ransomware operation, VanHelsing, has surfaced as a multi-platform RaaS (Ransomware-as-a-Service), attacking Windows, Linux, BSD, ARM, and ESXi systems. [...]

The FBI warns that cybercriminals are using fake online document converters to distribute malware, steal sensitive data, and even launch [...]

Cybercriminals are misusing Microsoft’s Trusted Signing service to code-sign malware using short-lived three-day certificates, making malicious files appear legitimate. Code-signing [...]

Cybercriminals have begun attacking unpatched Cisco Smart Licensing Utility (CSLU) instances by exploiting a vulnerability that provides access to a [...]

Since 2016, the DollyWay malware campaign has compromised over 20,000 WordPress sites worldwide, redirecting visitors to fraudulent pages promoting scams [...]

Microsoft has confirmed that the March 2025 cumulative updates for Windows 10 and Windows 11 mistakenly uninstall the Copilot digital [...]

Cybercriminals are using deceptive Microsoft OAuth apps disguised as Adobe and DocuSign tools to spread malware and steal Microsoft 365 [...]

Microsoft has restored the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace [...]

Facebook has disclosed a critical FreeType vulnerability (CVE-2025-27363) that can enable arbitrary code execution and has reportedly been exploited in [...]

A critical command injection vulnerability (CVE-2025-1316) in the Edimax IC-7100 IP camera is actively being exploited by botnet malware to [...]

Cybercriminals are falsely claiming copyright ownership of Windows Packet Divert (WPD) tools to pressure YouTube creators into spreading malware and [...]

A new botnet called Eleven11bot has compromised over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs), to [...]

A new strain of the Vo1d malware botnet has infected nearly 1.6 million Android TV devices across 226 countries, integrating [...]

A social engineering scam has been targeting job seekers in the Web3 industry using a fraudulent "GrassCall" meeting app that [...]

A malware campaign known as GitVenom has been using hundreds of fake GitHub repositories to spread info-stealers, remote access trojans [...]

Microsoft is experimenting with ad-supported versions of its Office desktop apps, allowing users to edit documents with restricted functionality. Unlike [...]

A new phishing scam is abusing PayPal’s address settings to send fraudulent purchase confirmations, tricking users into calling scammers who [...]

Google is continuing its phased deprecation of Manifest V2-based extensions, including the popular ad blocker uBlock Origin, as part of [...]

The Chinese state-sponsored hacking group Salt Typhoon has been using a custom tool called JumbledPath to covertly monitor network traffic [...]

The Chinese APT group "Mustang Panda," also known as Earth Preta, has been abusing Microsoft's Application Virtualization Injector (MAVInject.exe) to [...]

Microsoft is removing the Location History feature from Windows, which previously allowed apps like Cortana to access stored location data [...]

Google Chrome has upgraded its "Enhanced Protection" feature with AI to provide real-time security against malicious websites, downloads, and extensions. [...]

Security researchers from Rapid7 revealed that attackers used a previously unknown PostgreSQL vulnerability (CVE-2025-1094) as a zero-day to exploit BeyondTrust’s [...]

Security researchers at DataDog uncovered a vulnerability called "whoAMI," which lets attackers gain code execution in AWS accounts by publishing [...]

Hackers are increasingly targeting unpatched systems vulnerable to older security flaws, specifically CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. The [...]

Apple has issued urgent security updates to address a zero-day vulnerability (CVE-2025-24200) that was exploited in highly targeted attacks. The [...]

Microsoft has offered a solution for users experiencing blocked security updates on certain Windows 11 24H2 systems. The issue occurs [...]

Cisco has released fixes for two critical vulnerabilities (CVE-2025-20124 and CVE-2025-20125) in its Identity Services Engine (ISE) platform, a widely [...]

AMD has released firmware and microcode updates to mitigate a high-severity flaw (CVE-2024-56161) that could enable attackers with local admin [...]

A Chinese cyber-espionage group, Evasive Panda (also known as DaggerFly), has been using a newly discovered SSH backdoor, "ELF/Sshdinjector.A!tr," to [...]

As part of its November security updates, Google patched two Android zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, both actively exploited in [...]

PyPI has launched a new 'Project Archival' system, enabling developers to mark projects as archived, signaling users that no future [...]

Google's Threat Intelligence Group (GTIG) has identified government-backed APT groups from over 20 countries, including Iran, China, North Korea, and [...]

Microsoft has improved text contrast for all Chromium-based browsers on Windows, including Google Chrome and Edge, by integrating enhanced gamma [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about Contec CMS8000 patient monitors, which secretly send [...]

Akamai researchers have identified Aquabotv3, a new variant of the Mirai-based botnet malware, exploiting the CVE-2024-41710 vulnerability in Mitel SIP [...]

Microsoft is testing a new scareware blocker in its Edge browser, designed to protect Windows PC users from tech support [...]

Chinese AI platform DeepSeek has paused new registrations for its DeepSeek-V3 chat service following a major cyberattack. The platform recently [...]

Hackers have set up nearly 1,000 fake web pages impersonating Reddit and WeTransfer to distribute Lumma Stealer malware. The scam [...]