Active! Mail RCE flaw exploited in attacks on Japanese orgs
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Active! mail is a web-based email client…
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Active! mail is a web-based email client…
Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in…
A hacking group dubbed ‘Elusive Comet’ targets cryptocurrency users in social engineering attacks that exploit Zoom’s remote control feature to trick users into granting them…
South Korea’s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. SK Telecom…
The recommended Ripple cryptocurrency NPM JavaScript library named “xrpl.js” was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled…
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain…
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. On Saturday…
ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in…
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all…
A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent…
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection…
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers…