A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed caching…
A massive resurgence of the Sha1-Hulud supply chain malware has struck the open-source ecosystem, compromising over 800 npm packages and tens of thousands of GitHub…
India-aligned threat group Dropping Elephant has launched a sophisticated multi-stage cyberattack targeting Pakistan’s defense sector using a Python-based remote access trojan disguised within an MSBuild…
In October 2025, a significant breach exposed the internal workings of APT35, also known as Charming Kitten, a cyber unit operating within Iran’s Islamic Revolutionary…
Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary…
A new threat known as EtherHiding is reshaping how malware spreads through the internet. Unlike older methods that rely on traditional servers to deliver harmful…
A massive supply chain attack targeting the NPM accounts of automation giant Zapier and the Ethereum Name Service (ENS). Identified by Aikido Security, the campaign…
Cybersecurity researchers have uncovered a sophisticated Python-based malware that employs process injection techniques to hide inside legitimate Windows binaries. This threat represents a new evolution…
A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize…
A critical memory corruption vulnerability in vLLM versions 0.10.2 and later allows attackers to achieve remote code execution through the Completions API endpoint by sending…
A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job…
A concerning vulnerability in DeepSeek-R1, a Chinese-developed artificial intelligence coding assistant. When the AI model encounters politically sensitive topics related to the Chinese Communist Party,…
