A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per…
The BlackNevas ransomware group has emerged as a significant threat since November 2024, continuously launching devastating attacks against businesses and critical infrastructure organizations across Asia,…
Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted…
The eruption of widespread protests across Nepal in early September 2025 provided fertile ground for a sophisticated campaign orchestrated by the Sidewinder APT group. As…
A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks…
Burger King has invoked the U.S. Digital Millennium Copyright Act (DMCA) to force the removal of a security researcher’s blog post that exposed critical vulnerabilities…
Microsoft has resolved a significant audio bug in Windows 11 version 24H2 that prevented Bluetooth headsets and speakers from functioning correctly on certain devices. The…
In mid-July 2025, a novel campaign emerged in which cybercriminals weaponized generative AI to fabricate deepfake images of government IDs, embedding them within spear-phishing messages…
Red AI Range (RAR), an open-source AI red teaming platform, is transforming the way security professionals assess and harden AI systems. Designed to simulate realistic…
The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware…
In August 2025, security researchers uncovered a sophisticated SEO poisoning campaign targeting Chinese-speaking Windows users. By manipulating search result rankings with tailored SEO plugins and…
A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain. Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers…
