The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that's targeting Web3 developers to infect them with information ...

The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by ...

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

CrushFTP flaw CVE-2025-54309 exploited in wild, giving attackers admin access. Older builds before July 1 are at high risk ...

The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen ...

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 ...

CVE-2025-0282 is a critical security flaw in ICS that could permit unauthenticated remote code execution. It was addressed by Ivanti in early January 2025. CVE-2025-22457, patched in April 2025, ...

Malicious GitHub repositories used by threat actors to host Amadey payloads and steal data, impacting targeted entities.

APT28 targets Ukrainian government officials with a phishing campaign delivering LAMEHUG malware, utilizing Alibaba Cloud’s ...

Critical NVIDIA vulnerability CVE-2025-23266 impacts 37% of cloud services, allowing privilege escalation and data tampering.

"The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open ...

This article discusses why IT leaders must think beyond backup and embrace cyber resilience to survive and thrive in the ...