-
AhnLab Security Intelligence Center (ASEC) has uncovered a dangerous distribution campaign targeting Windows users through Korean web hard services. Threat actors are leveraging xRAT (QuasarRAT) malware, disguising it as legitimate adult game content t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked as CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ransomware attacks don’t begin with encryption. They start with reconnaissance and security researchers just documented a significant reconnaissance operation that unfolded over the Christmas holiday. Between December 25 and 28, a single operator…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CrowdStrike has announced its agreement to acquire SGNL, a leading identity-first security company, for $740 million. The acquisition will strengthen CrowdStrike Falcon® Next-Gen Identity Security by adding continuous, context-aware authorization capab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cyber threat environment in Australia and New Zealand has entered a critical phase throughout 2025, marked by a dramatic surge in initial access sales, sophisticated ransomware operations, and widespread data breaches affecting essential sectors. A…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Trend Micro has issued a critical security update for Apex Central to address multiple remotely exploitable vulnerabilities, including a bug that allows unauthenticated attackers to execute code with SYSTEM-level privileges. Organizations running vuln…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese threat actors are weaponizing NFC technology to steal funds from victims’ bank remotely accounts through sophisticated Android malware campaigns, with security researchers identifying at least $355,000 in fraudulent transactions from a si…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is tightening security for its cloud customers by making multi-factor authentication mandatory for anyone accessing the Microsoft 365 admin center, effectively ending password-only logins for high-privilege admin portals.&…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID that weaponizes legitimate OAuth 2.0 authentication flows to harvest privileged access t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New research has uncovered a sophisticated phishing campaign that abuses DocuSign’s brand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
