Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The…
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft application…
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this…
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly…
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a…
A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and thousands of API keys to…
In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation…
Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to…
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In…
CyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting sophisticated fileless techniques to evade…
SharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism for command-and-control (C2) communications. By…
Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns…
