-
A high command injection vulnerability has been discovered in TP-Link’s Archer MR600 v5 router, enabling authenticated attackers to execute arbitrary system commands through the device’s admin interface. The flaw, tracked as CVE-2025-14756,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced a revised deprecation timeline for SMTP AUTH Basic Authentication in Exchange Online, giving organizations an extended runway to modernize legacy email workflows. The updated schedule reflects customer feedback and adoption chal…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canadian citizens are facing a coordinated phishing campaign that leverages government impersonation and brand spoofing to harvest personal and financial data at scale. The campaign is heavily aligned with PayTool, a known phishing-as-a-service ecosyst…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Chinese national has been sentenced to nearly four years in U.S. federal prison for laundering tens of millions of dollars stolen from American investors through a large‑scale digital asset investment scam run from Southeast Asia. On Tuesday, Chinese…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp has unveiled Strict Account Settings, an advanced security feature designed to shield high-risk users from sophisticated cyber threats and targeted attacks. The lockdown-style protection mechanism provides enhanced safeguards for journalists, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as “G_Wagon,” employs multi-stage obfuscat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (S…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback funct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
