A malicious npm package masquerading as the official Postmark MCP Server has been exfiltrating user emails to an external server. This fake “postmark-mcp” module, available…
VMware has disclosed critical security vulnerabilities in vCenter Server and NSX platforms that could allow attackers to enumerate valid usernames and manipulate system notifications. The…
VMware has released an advisory to address three high-severity vulnerabilities in VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware…
A zero-day local privilege escalation vulnerability in VMware Tools and VMware Aria Operations is being actively exploited in the wild. The flaw, tracked as CVE-2025-41244,…
Western Digital has released security updates for a critical vulnerability affecting multiple My Cloud network-attached storage (NAS) devices. The flaw, tracked as CVE-2025-30247, could allow…
Apple has rolled out security updates across its operating systems to address a vulnerability in the Font Parser component that could allow malicious fonts to…
The cybersecurity community is currently observing a surge in interest around Olymp Loader, a recently unveiled Malware-as-a-Service (MaaS) platform written entirely in Assembly. First advertised…
A sophisticated cyber campaign is exploiting the trust users place in popular collaboration software, tricking them into downloading a weaponized version of Microsoft Teams to…
Luxury department store Harrods has disclosed a significant data breach affecting approximately 430,000 customer records after a third-party provider was compromised. The hackers behind the…
A sophisticated malware campaign has emerged that weaponizes seemingly legitimate productivity tools to infiltrate systems and steal sensitive information. The TamperedChef malware represents a concerning…
As attackers increasingly leverage Scalable Vector Graphics (SVG) for stealthy code injection, security researchers face mounting challenges in detecting obfuscated payloads embedded within SVG assets. …
A newly observed spear-phishing campaign is leveraging sophisticated social engineering lures to distribute DarkCloud, a modular malware suite designed to harvest keystrokes, exfiltrate FTP credentials…
