-
Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿梭), published under the threat actor…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have confirmed the release of proof-of-concept (PoC) exploit code for CVE-2025-68613, a critical remote code execution flaw affecting n8n workflow automation platform. The vulnerability carries a maximum CVSS score of 10.0 and impa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
University of Phoenix, Inc. disclosed a significant data breach affecting approximately 3.5 million individuals following an external system compromise discovered in November 2025. The unauthorized access occurred on August 13, 2025, but remained undet…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign has compromised the npm registry through a malicious package that perfectly mimics legitimate WhatsApp API functionality while silently exfiltrating authentication credentials, messages, contacts, and media files from u…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Romania’s critical water infrastructure faced a significant cyber threat when the National Administration “Romanian Waters” disclosed a ransomware attack affecting multiple government agencies on December 20, 2025. The incident compro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Nissan Motor Co., Ltd. has disclosed a significant data breach affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. following unauthorized access to a Red Hat-managed server used for developing the company’s dealership custo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Colombian government institutions are facing a sophisticated multi-stage cyberattack campaign orchestrated by the BlindEagle threat group, which leveraged compromised internal email accounts, PowerShell scripts, and steganography to deploy remote acces…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent “Income Tax Department” portals, representing a significant evolution in the SideWinder APT’s operational tradecraft…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems. Tracked as CVE-2025-29970, the security flaw affects the bfs.sys component a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices. CVE-2025-38352 represents a use-after-fr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
