A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to…
The Cybersecurity and Infrastructure Security Agency released five critical Industrial Control Systems advisories on December 2, 2025, addressing significant security threats across industrial environments. These…
A new security assessment tool has been released to help researchers and administrators identify React Server Components (RSC) endpoints potentially exposed to CVE-2025-55182. Developed as…
A sophisticated attack campaign known as Operation DupeHike has emerged as a significant threat to Russian corporate environments, specifically targeting employees within human resources, payroll,…
A critical security flaw in React and Next.js could let remote attackers run malicious code on servers without logging in. The issue affects React Server…
A fake Visual Studio Code extension has been used in a supply chain attack that targets developers through their editor. The rogue extension, named prettier-vscode-plus…
The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading…
A sophisticated phishing campaign has emerged targeting business professionals with Calendly-themed emails, combining social engineering with advanced credential theft techniques. The attack specifically focuses on…
A new feature in Anthropic’s Claude AI, known as Claude Skills, has been identified as a potential vector for ransomware attacks. This feature, designed to…
India has implemented a mandatory SIM-binding requirement for messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and others. The Department of Telecommunications issued a directive on…
A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges…
A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core…
