CrushFTP zero-day exploited to gain admin access on servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain...
Read more →Category: Bleeping Computer
Arch Linux pulls AUR packages that installed Chaos RAT malware
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS...
Read more →
New ChatGPT o3-alpha model hints at coding upgrade
ChatGPT’s o3 is OpenAI’s best model to date because it features reasoning, and it might get even better in the...
Read more →
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a...
Read more →
Microsoft mistakenly tags Windows Firewall error log bug as fixed
Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are...
Read more →
Russian alcohol retailer WineLab closes stores after ransomware attack
WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is...
Read more →
New Phobos and 8base ransomware decryptor recover files for free
The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with...
Read more →
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and...
Read more →
GPT-5 is coming, “we’ll see” if it creates a shockwave
OpenAI’s next foundational and state-of-the-art model, GPT-5, is still on its way after a delay. OpenAI won’t tell us the...
Read more →
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” was actively exploited nearly two weeks before proof-of-concept...
Read more →
Microsoft Teams voice calls abused to push Matanbuchus malware
The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is...
Read more →
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin...
Read more →