A critical security vulnerability (CVE-2024-13918) in the Laravel framework allows attackers to execute arbitrary JavaScript code on websites running affected versions of the popular PHP…
A security researcher known as newp1ayer48 has successfully demonstrated a method to extract firmware from IoT and embedded devices using direct Flash Memory dumps, providing…
Apple has taken another step toward the official release of iOS 18.4 by seeding the third developer beta of the update to testers late on…
Security researchers have identified a sophisticated attack campaign attributed to APT37, a North Korean state-sponsored hacking group also known as ScarCruft, Reaper, and Red Eyes.…
Today CISA added three Ivanti Endpoint Manager (EPM) vulnerabilities CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161 to its Known Exploited Vulnerabilities (KEV) catalog. These absolute path traversal flaws…
CISA has likely added two VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by the XE Group.…
Cybersecurity researchers have identified a sophisticated ransomware campaign attributed to a North Korean threat actor dubbed “Moonstone Sleet.” The group has deployed an advanced custom…
Microsoft Threat Intelligence detected a large-scale malvertising campaign in early December 2024 that infected nearly one million devices globally in an opportunistic attack designed to…
Security researchers have uncovered a sophisticated malware campaign where threat actors are coercing popular YouTubers to distribute SilentCryptoMiner malware disguised as restriction bypass tools. This…
Physical penetration testing provides crucial insights into real-world security vulnerabilities that might be overlooked in purely digital assessments. A recent case study conducted by Hackmosphere…
YouTube has issued an urgent alert to content creators regarding a highly sophisticated phishing campaign exploiting AI-generated deepfake technology to hijack accounts. The attack, first…
Jenkins, the widely adopted open-source automation server central to CI/CD pipelines, has disclosed four critical security vulnerabilities enabling unauthorized secret disclosure, cross-site request forgery (CSRF),…
