U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini December 13, 2025 U.S. Cybersecurity and…
Two people allegedly linked to China’s infamous Salt Typhoon espionage hacking group seem to have previously received training through Cisco’s prominent, long-running networking academy. Meanwhile,…
Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found 12 Dec 2025 • , 3 min. read…
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift…
Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails. The…
Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,”…
Dec 13, 2025Ravie LakshmananZero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to…
Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26. The iOS 26.2 and…
Emergency fixes deployed by Google and Apple after targeted attacks Pierluigi Paganini December 13, 2025 Google and Apple issued emergency updates to address zero-day flaws…
Cybercriminals are tricking users into downloading malware disguised as popular office tools like Microsoft Teams and Google Meet. This dangerous campaign is mainly targeting those…
Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. The zero-days are tracked…
Security researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft…
