In a landmark development for cybersecurity infrastructure, Google’s Mandiant subsidiary has unveiled GoStringUngarbler – an open-source deobfuscation framework designed to neutralize advanced string encryption techniques…
Researchers uncovered one of the most technically sophisticated attacks in cryptocurrency history, exploiting Bybit’s Ethereum hot wallet infrastructure through a malicious proxy contract upgrade. The…
The U.S. Department of Justice (DOJ) unsealed indictments today against 12 Chinese nationals linked to state-sponsored cyber espionage campaigns targeting the U.S. Treasury Department, religious…
Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks.…
HUMAN Security’s Satori Threat Intelligence team has uncovered a sophisticated malware operation dubbed “BADBOX 2.0” that compromised over 50,000 Android devices using 24 deceptive applications.…
The Vim text editor vulnerability CVE-2025-27423 is a high-severity issue that allows for arbitrary code execution via malicious TAR archives. Affecting Vim versions prior to…
A critical evolution of the CVE-2024-7014 vulnerability, originally patched in July 2024, has resurfaced with updated tactics to bypass security measures. Dubbed Evilloader, this new…
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions today against Behrouz Parsarad, an Iran-based cybercriminal identified as the…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on March 4, 2025, adding three critical VMware vulnerabilities to its Known Exploited…
Security researchers at Proofpoint have uncovered a sophisticated cyber espionage campaign targeting aviation and satellite communications organizations in the United Arab Emirates. The campaign, attributed…
A newly disclosed vulnerability in Cisco Webex for BroadWorks Release 45.2 enables remote attackers to intercept sensitive credentials and user data when Session Initiation Protocol…
A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed over 100,000 WordPress websites to unauthenticated remote code execution (RCE) attacks. …
