npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

CrushFTP flaw CVE-2025-54309 exploited in wild, giving attackers admin access. Older builds before July 1 are at high risk ...

The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by ...

This article discusses why IT leaders must think beyond backup and embrace cyber resilience to survive and thrive in the ...

"The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open ...

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 ...

A new attack uses CVE-2021-41773 in Apache HTTP Server to install a cryptocurrency miner via compromised websites.

APT28 targets Ukrainian government officials with a phishing campaign delivering LAMEHUG malware, utilizing Alibaba Cloud’s ...

Critical NVIDIA vulnerability CVE-2025-23266 impacts 37% of cloud services, allowing privilege escalation and data tampering.

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE ...

CVE-2025-0282 is a critical security flaw in ICS that could permit unauthenticated remote code execution. It was addressed by Ivanti in early January 2025. CVE-2025-22457, patched in April 2025, ...

Europol dismantles NoName057(16), a Russian group behind DDoS attacks, arresting two and targeting over 1,000 supporters.