A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document‐sharing notifications. The Stripe OLT SOC has…
Google has firmly rejected widespread reports suggesting it issued a global security alert to its 2.5 billion Gmail users, calling such claims “entirely false”. The…
A critical authentication bypass flaw in ESPHome’s ESP-IDF web server component allows unauthorized users on the same local network to access and control smart devices…
Cybersecurity vendor Palo Alto Networks disclosed that its Salesforce environment was breached through a compromised Salesloft Drift integration, marking the latest in a series of…
Cloudflare disclosed that its automated defenses intercepted and neutralized a record-shattering Distributed Denial-of-Service (DDoS) assault peaking at 11.5 terabits per second (Tbps). The attack, characterized…
A sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group…
Researchers have demonstrated that advanced prompt injection techniques can turn defensive AI agents into potent vectors for system compromise. The findings, detailed in a new…
In mid-2025, a coalition of Ukraine-based autonomous systems orchestrated unprecedented brute-force and password-spraying campaigns against exposed SSL VPN and Remote Desktop Protocol (RDP) services, overwhelming…
Users of the popular messaging app WhatsApp are being targeted by a new, highly deceptive scam that grants attackers full access to victims’ contacts, chat…
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses a critical attack vector, effectively handing adversaries the keys to an organization’s…
A critical vulnerability in HashiCorp Vault—tracked as CVE-2025-6203 and HCSEC-2025-24—has been disclosed that allows malicious actors to submit specially crafted payloads capable of exhausting server…
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus,…
