The Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in Rapid7 Velociraptor to its Known Exploited Vulnerabilities catalogue, warning that threat actors are…
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498,…
Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code…
A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects…
Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws…
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability,…
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers…
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on…
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and…
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so…
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end…
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications…
