-
Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana. The vulnerability, tracked as CVE-2025-68385, allows authenticated attackers to inject malicious scrip…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Scripted Sparrow, a prolific Business Email Compromise (BEC) collective with members spanning three continents, has raised significant concerns among cybersecurity researchers due to the sophisticated automation infrastructure underlying their large-sc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communica…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon has uncovered a North Korean imposter posing as a U.S.-based systems administrator. The discovery was made not through traditional background checks but by analyzing the subtle timing of the worker’s typing. According to a report from Bloo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Evalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to distribute a credential-stealing malware to un…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documente…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Roundcube, the widely used open-source webmail software, has officially released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS (Long-Term Support) versions. These flaws could allow attackers to execute mali…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WatchGuard has issued an urgent warning regarding a critical zero-day vulnerability in its Firebox firewall appliances that is currently being exploited in the wild. The flaw, tracked as CVE-2025-14733, allows remote attackers to seize control of affec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
North Korean cybercriminals shattered previous records in 2025, stealing at least $2.02 billion in cryptocurrency through a sophisticated campaign that represents the most successful year ever for state-sponsored digital theft despite fewer confirmed a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious Clop ransomware group has launched a new data extortion campaign targeting internet-facing Gladinet CentreStack file servers, exploiting an unknown vulnerability to steal sensitive corporate information. Incident responders from the Curat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
