Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified…
Threat researchers are warning of twin Chinese-nexus espionage operations—“Operation Chat” and “Operation PhantomPrayers”—that erupted in the weeks preceding the Dalai Lama’s 90th birthday, exploiting heightened…
Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild. The…
Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This…
WhoFi surfaced last on the public repository ArXiv, stunning security teams with a proof-of-concept that turns ordinary 2.4 GHz routers into covert biometric scanners. Unlike…
The pro-Russian hacktivist group NoName057(16) has orchestrated a massive distributed denial-of-service campaign targeting over 3,700 unique hosts across thirteen months, according to new research published…
CitrixBleed 2 (CVE-2025-5777) erupted in 2025 when researchers uncovered an out-of-bounds read in Citrix NetScaler ADC and Gateway that lets an unauthenticated request siphon memory…
CISA has issued an urgent warning about a critical vulnerability in Google Chromium that threat actors are actively exploiting. The vulnerability, designated as CVE-2025-6558, poses…
UNC3944, a financially driven threat organization associated with “0ktapus,” “Octo Tempest,” and “Scattered Spider,” launched a sophisticated cyber campaign that used social engineering and hypervisor-level…
Cybercriminals have evolved their social engineering tactics with a sophisticated malware campaign that exploits users’ trust in financial institutions. The latest threat involves a malicious…
A critical security vulnerability has been discovered in the widely-used JavaScript form-data library, potentially exposing millions of applications to code execution attacks. The vulnerability, assigned…
The brief lull following May’s multinational takedown of the Lumma Stealer infrastructure proved deceptive. Within weeks, telemetry again lit up with fresh command-and-control (C2) beacons,…
