A newly disclosed critical vulnerability in Sitecore Experience Platform (CVE-2025-27218) allows unauthenticated attackers to execute arbitrary code on unpatched systems. The flaw, rooted in insecure…
With recent attack disclosures like Browser Syncjacking and extension infostealers, browser extensions have become a primary security concern at many organizations. SquareX’s research team discovers…
Securing Active Directory (AD) is a critical priority for organizations. Misconfigurations in AD, such as excessive permissions, outdated protocols, or unprotected service accounts, are common…
Security researchers at SEC Consult have discovered a significant vulnerability in CrowdStrike’s Falcon Sensor that allowed attackers to bypass detection mechanisms and execute malicious applications.…
Federal prosecutors unsealed criminal complaints today against David Jose Gomez Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, members of the Tren de Aragua Gang, for…
In its latest Android security update, Google has unveiled a dual-layer defense system combining AI-powered scam detection for both text messages and voice calls. The…
A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration…
A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs. Patched…
A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data,…
Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J.…
In a sophisticated cybercrime operation targeting high-demand events, two individuals were arrested this week for allegedly orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s…
A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal. Dubbed…
