The Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across platforms. Documented initially by Cyfirma…
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a…
Security researchers have identified a dangerous flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than…
The Google Threat Intelligence Group (GTIG) has unveiled a sophisticated three-year cyber espionage campaign orchestrated by APT24, a China-nexus threat actor, targeting organizations primarily in…
The holiday shopping rush has always been the retail industry’s busiest and riskiest time of year. As e-commerce traffic, in-store digital systems, and supply-chain automation…
Security researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services (WSUS) infrastructure. The attackers…
The notorious Clop ransomware gang, also known as Graceful Spider, has listed Oracle Corporation on its dark web leak site, claiming to have successfully breached…
Salesforce has identified unusual activity involving applications published by Gainsight that are connected to the Salesforce platform. The company’s investigation revealed that this suspicious activity…
Operation DreamJob, a longstanding North Korean cyberespionage campaign, has once again demonstrated its lethal effectiveness by targeting manufacturing organizations through deceptive job-related messages delivered via…
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate…
A critical authentication bypass vulnerability in the Milvus vector database could allow attackers to gain administrative access without credentials. The flaw exists in how the…
The United States, Australia, and the United Kingdom have announced coordinated sanctions against Media Land, a Russia-based bulletproof hosting provider, and related entities for supporting…
