The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability CVE‑2025‑40551 affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog. The…
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have…
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront.…
A high-severity vulnerability has been discovered in the Kubernetes ingress-nginx controller, allowing attackers to execute arbitrary code and potentially compromise entire clusters. Tracked as CVE-2026-24512,…
The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February…
The HoneyMyte APT group, also known as Mustang Panda and Bronze President, continues expanding its cyber-espionage operations across Asia and Europe, with Southeast Asia being…
A sophisticated social engineering campaign targeting Windows users across the UK, using fake event invitations to silently install ScreenConnect a legitimate remote access tool that…
Microsoft is making a significant move to strengthen Windows security by phasing out NTLM (New Technology LAN Manager). This legacy authentication protocol has been part…
ASUS has discontinued the File Shredder feature in its Business Manager software following the discovery of a critical security vulnerability, CVE-2025-13348. The company issued a…
A new malware variant dubbed “PDFly” is abusing a heavily modified PyInstaller stub to hide its Python bytecode, forcing analysts to reverse-engineer a custom decryption…
A newly observed phishing campaign is abusing fake “audit/compliance confirmation” emails to target macOS users and steal highly sensitive data. The campaign uses convincing business-themed…
A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and…
