Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails. The…
Security researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft…
Cybersecurity researchers at Datadog have uncovered a sophisticated adversary-in-the-middle phishing campaign targeting organizations that use Microsoft 365 and Okta for single sign-on authentication. The campaign…
A comprehensive security analysis has uncovered a critical vulnerability in container image distribution: more than 10,000 Docker Hub images containing leaked production credentials from over…
A critical privilege escalation vulnerability in Microsoft Windows Cloud Files Mini Filter Driver is now under active exploitation, according to a new Cybersecurity and Infrastructure…
Security researchers have successfully extracted firmware from a cheap JieLi-based smartwatch by reviving an obscure 2000s attack technique that transmits sensitive data through display pixels.…
The Cybersecurity and Infrastructure Security Agency has released critical guidance on managing UEFI Secure Boot configurations across enterprise systems. The comprehensive advisory addresses growing concerns…
New research from Kaspersky has mapped the complete lifecycle of data stolen during phishing attacks, revealing a sophisticated “shadow market conveyor belt” where victim information…
MITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the most critical vulnerabilities affecting software development worldwide.…
A sophisticated information-stealing tool known as JSCEAL has evolved significantly in recent months, deploying advanced anti-analysis techniques and hardened command-and-control infrastructure to target users of…
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code…
Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws…
