Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbed SessionReaper, enables remote code…
Cybersecurity researchers have uncovered a sophisticated campaign targeting global retail and consumer services organizations through credential theft and gift card fraud. Dubbed “Jingle Thief,” this…
Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The…
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft application…
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this…
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly…
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a…
A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and thousands of API keys to…
In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation…
Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to…
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In…
CyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting sophisticated fileless techniques to evade…
