NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0. The flaw, tracked as CVE-2025-50979, resides…
Since its emergence in February 2025, the NightSpire ransomware group has rapidly distinguished itself through a sophisticated double-extortion strategy that combines targeted encryption with public…
In June 2025, a previously undocumented campaign leveraging end-of-support software began surfacing in telemetry data gathered across Eastern Asia. Dubbed TAOTH, the operation exploits an…
A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The…
Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to…
Over the past year, security researchers have observed a growing trend of North Korean–linked developers establishing credible-looking profiles on popular code-sharing platforms such as GitHub,…
Cybersecurity researchers have uncovered a sophisticated malvertising campaign on Meta’s Facebook platform in recent weeks that targets Android users with promises of a free TradingView…
Security researchers have uncovered significant vulnerabilities in code generated by Large Language Models (LLMs), demonstrating how “vibe coding” with AI assistants can introduce critical security…
A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and…
Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape. Unlike traditional phishing attacks that merely collect static…
A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed…
A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft. The attack,…
