APT37, the North Korean-aligned threat actor also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has expanded its arsenal with sophisticated new malware targeting Windows…
Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate networks across multiple continents. The threat actors…
A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security mitigations to gain root privileges. The method targets CVE-2024-50264,…
Elastic has disclosed a security incident stemming from a third-party breach at Salesloft Drift, which resulted in unauthorized access to an internal email account containing…
A sophisticated new cybercrime toolkit named SpamGPT is enabling hackers to launch massive and highly effective phishing campaigns by combining artificial intelligence with the capabilities…
Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact…
In the largest supply chain attack, hackers compromised 18 popular npm packages, which together account for over two billion downloads per week. The attack, which…
A significant security flaw has been discovered in pgAdmin, the widely used open-source administration and development platform for PostgreSQL databases. The vulnerability, tracked as CVE-2025-9636,…
A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The technique,…
A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for…
Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a…
A massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational…
