Security researcher has disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420. Dubbed “BodySnatcher,” this flaw…
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating…
A critical vulnerability in Windows Kerberos authentication that enables attackers to conduct credential-relay attacks by exploiting DNS CNAME records. Tracked as CVE-2026-20929, this flaw allows…
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection.…
Security researchers have discovered critical privilege escalation vulnerabilities in Google’s Vertex AI platform that allow attackers with minimal permissions to hijack high-privileged Service Agent accounts.…
Security researchers have uncovered two critical cross-site scripting (XSS) vulnerabilities in Meta’s Conversions API Gateway that could enable attackers to hijack Facebook accounts on a…
Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. Security researchers recently demonstrated this vulnerability by exploiting…
Microsoft’s latest security update for Windows 11 has triggered an unexpected problem affecting enterprise users: PCs equipped with Secure Launch are unable to shut down…
The Go development team has released Go versions 1.25.6 and 1.24.12, addressing six critical security vulnerabilities that could enable denial-of-service attacks, arbitrary code execution, and…
UAT-8837, a China-nexus advanced persistent threat (APT) actor, is conducting sustained campaigns against critical infrastructure sectors across North America. The group, assessed with medium confidence…
The National Security Agency has published the first two products in its Zero Trust Implementation Guidelines series, offering organizations practical recommendations for adopting Zero Trust security models. …
Cisco has confirmed an ongoing cyberattack campaign targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, in which threat actors are executing arbitrary…
