-
Cal.com, an open-source scheduling platform and developer-friendly alternative to Calendly, recently patched a set of critical vulnerabilities that exposed user accounts and sensitive booking data to attackers. The flaws, discovered by Gecko’s AI secur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time incident that ends with script removal, eSkimming is emerging as a long-lived, shape‑shifting threat that …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracke…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers to compromise Windows systems used to monitor video surveillance fully. IDI…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high command injection vulnerability has been discovered in TP-Link’s Archer MR600 v5 router, enabling authenticated attackers to execute arbitrary system commands through the device’s admin interface. The flaw, tracked as CVE-2025-14756,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced a revised deprecation timeline for SMTP AUTH Basic Authentication in Exchange Online, giving organizations an extended runway to modernize legacy email workflows. The updated schedule reflects customer feedback and adoption chal…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canadian citizens are facing a coordinated phishing campaign that leverages government impersonation and brand spoofing to harvest personal and financial data at scale. The campaign is heavily aligned with PayTool, a known phishing-as-a-service ecosyst…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Chinese national has been sentenced to nearly four years in U.S. federal prison for laundering tens of millions of dollars stolen from American investors through a large‑scale digital asset investment scam run from Southeast Asia. On Tuesday, Chinese…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp has unveiled Strict Account Settings, an advanced security feature designed to shield high-risk users from sophisticated cyber threats and targeted attacks. The lockdown-style protection mechanism provides enhanced safeguards for journalists, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
