Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances.…
Category: CyberSecurityNews
Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users
Google is gradually rolling out the ability to change the @gmail.com email address associated with a Google Account to a new @gmail.com address. This feature,…
Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks
The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service…
New AWS Console Supply Chain Attack Lets Attackers Hijack AWS GitHub Repositories
A critical misconfiguration in AWS CodeBuild enabled unauthenticated attackers to seize control of key AWS-owned GitHub repositories, including the widely used AWS JavaScript SDK powering…
Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits
Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional…
Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats
Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial…
Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks
Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation, as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote…
Azure Identity Token Vulnerability Enables Tenant-Wide Compromise in Windows Admin Center
A high-severity vulnerability in Windows Admin Center’s Azure Single Sign-On implementation has exposed Azure virtual machines and Arc-connected systems to unauthorized access across entire tenants.…
Cloudflare Acquires Human Native to Strengthen AI Data Security
Cloudflare, the San Francisco-based cybersecurity and internet infrastructure giant, has acquired Human Native, a UK-based AI data marketplace. The deal aims to empower content creators…
Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features
Critical security updates addressing CVE-2026-20824, a protection mechanism failure in Windows Remote Assistance that permits attackers to circumvent the Mark of the Web (MOTW) defense…
MonetaStealer Malware Powered with AI Code Attacking macOS Users in the Wild
A new information-stealing malware named MonetaStealer has been discovered actively targeting macOS users through deceptive file disguises and social engineering tactics. Security researchers at Iru…
New Sicarii RaaS Operation Attacks Exposed RDP Services and Attempts to Exploit Fortinet Devices
In December 2025, a previously unknown ransomware-as-a-service operation named Sicarii emerged across underground platforms, introducing itself as an Israeli or Jewish affiliated group. The operation…