Please turn on your JavaScript for this page to function normally.
Veeam
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging …

backdoor
RansomHub affiliate leverages multi-function Betruger backdoor

A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The …

Microsoft
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for …

Biohazard
Stealthy StilachiRAT steals data, may enable lateral movement

While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques …

malware
FBI: Free file converter sites and tools deliver malware

Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned …

GitHub
GitHub project maintainers targeted with fake security alert

A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and …

MITRE Caldera
MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)

Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code …

Phishing
2024 phishing trends tell us what to expect in 2025

Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024, according to risk advisory firm Kroll, which …

Siemens Teamcenter
Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)

A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid …

infostealers
Is your email or password among the 240+ million compromised by infostealers?

For the second time since the start of 2025, a huge number of login credentials extracted from infostealer logs has been added to the database powering the HaveIBeenPwned …

GitHub
Hundreds of GitHub repos served up malware for years

Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using …

data breach
Background check, drug testing provider DISA suffers data breach

DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools