Amazon warns that Russia’s Sandworm has shifted its tactics
Attackers associated with Russia’s Main Intelligence Directorate (GRU) have targeted Western-based critical infrastructure with a special focus on the energy sector as part of an…
Month: December 2025
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. The two vulnerabilities are tracked…
Top 3 SOC Bottlenecks and How to Solve Them
Attackers evolve faster than most organizations can update their defenses. That’s why 2026 will be defined not by whether incidents happen but by how efficiently and proactively…
Hackers are exploiting critical Fortinet flaws days after patch release
Hackers are exploiting critical Fortinet flaws days after patch release Pierluigi Paganini December 16, 2025 Threat actors are exploiting two critical Fortinet flaws, tracked as…
Cyberattack disrupts Venezuelan oil giant PDVSA’s operations
Petróleos de Venezuela (PDVSA), Venezuela’s state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. In a Monday statement, PDVSA denied…
CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical zero-day vulnerability in Apple WebKit that is currently being actively exploited in attacks. CISA has added CVE-2025-43529 to…
Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator…
Most Parked Domains Now Serving Malicious Content – Krebs on Security
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A…
Android threats in 2025: When your phone becomes the main attack surface
Android users spent 2025 walking a tighter rope than ever, with malware, data‑stealing apps, and SMS‑borne scams all climbing sharply while attackers refined their business…
Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges
A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked…
JumpCloud Remote Assist Flaw Lets Users Gain Full Control of Company Devices – Hackread – Cybersecurity News, Data Breaches, AI, and More
A major security problem has been found in the JumpCloud Remote Assist for Windows agent, a tool used by over 180,000 organisations across 160 countries…
The Risks of Integrating LLMs into Enterprise Apps
Integrating LLMs (large language models) with enterprise applications enables organizations to directly embed LLMs into operations for a wide range of use cases. These integrations…