Jenkins has released critical updates addressing four security flaws that unauthenticated and low-privileged attackers could exploit to disrupt service or glean sensitive configuration details. Administrators…
In recent months, cybersecurity researchers have exposed a tangled web of hidden alliances among leading ransomware operations, reshaping how defenders perceive these threats. Historically treated…
Python developers face a growing threat from typosquatted packages in the Python Package Index (PyPI), with malicious actors increasingly targeting this trusted repository to distribute…
Raven Stealer has emerged as a potent information‐stealing threat targeting users of Chromium‐based browsers, most notably Google Chrome. First observed in mid-2025, this lightweight malware…
A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2025-9961, has been discovered in TP-Link routers. Security research firm ByteRay has released a proof-of-concept…
The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract…
Google has released an emergency security update for its Chrome web browser to address a high-severity zero-day vulnerability that is being actively exploited in the…
The Chinese state-sponsored threat actor TA415 has evolved its tactics, techniques, and procedures by leveraging legitimate cloud services like Google Sheets and Google Calendar for…
Since early 2025, cybersecurity teams have observed a marked resurgence in operations attributed to MuddyWater, an Iranian state–sponsored advanced persistent threat (APT) actor. Emerging initially…
A sophisticated North Korean nation-state threat actor campaign has emerged, distributing an evolved variant of the BeaverTail malware through deceptive fake hiring platforms and ClickFix…
The threat landscape for e-commerce websites has once again shifted with the emergence of a sophisticated Magecart-style attack campaign, characterized by the deployment of obfuscated…
Since mid-2024, cybercriminals have leveraged a subscription-based phishing platform known as RaccoonO365 to harvest Microsoft 365 credentials at scale. Emerging as an off-the-shelf service, RaccoonO365…
