Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A severe Stored Cross-Site Scripting (XSS) vulnerability in the Prompt module of the DNN Platform enables low-privilege attackers to inject and execute arbitrary scripts in…
A severe Stored Cross-Site Scripting (XSS) vulnerability in the Prompt module of the DNN Platform enables low-privilege attackers to inject and execute arbitrary scripts in…
Kali Linux 2025.3 has arrived, bringing a wave of improvements, updated firmware support, and a suite of ten new security tools. This release builds on…
Cisco Talos has uncovered a sophisticated, long-running campaign active since 2022 that leverages DLL search order hijacking to deliver a novel PlugX variant with overlapping…
In today’s complex threat landscape, adversaries increasingly favor “malware-less” intrusion methods that slip past traditional defenses. One particularly insidious scheme involves North Korean operatives posing…
Jaguar Land Rover (JLR) has announced a further delay to the reopening of its production lines following a sophisticated cyber attack. The pause in manufacturing…
Darktrace’s latest investigation uncovered a novel campaign that blends traditional malware with modern DevOps technology. At the center of this operation lies a Python-based command-and-control…
Cybersecurity researchers at Zscaler ThreatLabz have identified a sophisticated new malware strain dubbed YiBackdoor, first detected in June 2025. This emerging threat represents a significant…
A critical vulnerability in SolarWinds Web Help Desk (WHD) could allow attackers to escalate privileges and execute arbitrary code on affected systems. SolarWinds has released…
A novel npm package named fezbox has been uncovered by the Socket Threat Research Team as a sophisticated malware delivery mechanism that exfiltrates username and…
Leveraging a native IIS module named BadIIS, attackers manipulated search engine crawler traffic to poison search results and redirect legitimate users to scam or adult-oriented…
The U.S. Secret Service has dismantled a sophisticated network of electronic devices scattered across the New York tri-state area. These devices posed an imminent threat…
Attackers are accelerating their foothold in corporate networks: over the past three months (June 1 to August 31, 2025), the average time from initial breach…