Ivanti has issued security patches for three serious vulnerabilities in its Workspace Control (IWC) platform, which stem from hardcoded cryptographic [...]
Two harmful npm packages, ‘express-api-sync’ and ‘system-health-sync-api’, have been uncovered posing as helpful utilities while secretly containing code to wipe [...]
Two severe security flaws in vBulletin, identified as CVE-2025-48827 and CVE-2025-48828, are being actively exploited, with one enabling remote code [...]
The DragonForce ransomware group recently infiltrated a managed service provider (MSP) and leveraged its SimpleHelp remote monitoring platform to access [...]
A collaborative international operation has significantly disrupted the Lumma malware-as-a-service (MaaS) scheme, taking control of around 2,300 domains used by [...]
A serious vulnerability in ASUS's DriverHub tool let malicious websites execute commands with administrative privileges on affected devices. Discovered by [...]
Ransomware groups like Qilin and Hunters International are misusing the legitimate Kickidler employee monitoring software to secretly observe victim behavior, [...]
The developers behind StealC malware have launched version 2, introducing advanced data theft capabilities and stealth improvements. Initially released in [...]
SAP has urgently released patches for a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer that attackers have exploited to [...]
Security researchers from Varonis have unveiled a proof-of-concept attack named "Cookie-Bite," which leverages a malicious Chrome extension to steal session [...]
Russian-backed hacking group Midnight Blizzard (also known as APT29 or Cozy Bear) is behind a spear-phishing campaign targeting European diplomatic [...]