A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords or multi-factor…
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2 Pierluigi Paganini December 12, 2025 Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707,…
Amelia Coen | 12 December 2025 at 11:34 UTC In 2025, we set out with a simple mission: take Burp Suite on the road and…
Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims 11 Dec 2025 • …
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. RasMan is…
MITRE has unveiled its 2025 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and…
When you’re shopping around for a Virtual Private Network (VPN) you’ll find yourself in a sea of promises like “military-grade encryption!” and “total anonymity!” You…
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT…
Open sourcing artificial intelligence (AI) can help combat concentrations of capital and power that currently define its development, while nascent assurance practices need regulation to…
A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals…
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini December 12, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks,…
