Zeljka Zorz
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept …
WatchGuard Firebox firewalls under attack (CVE-2025-14733)
More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by …
Crypto theft in 2025: North Korean hackers continue to dominate
When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new …
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method …
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November …
Exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the …
Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved …
European police busts Ukraine scam call centers
Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced today. …
SoundCloud breached, hit by DoS attacks
Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to …
Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)
Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the …
Kali Linux 2025.4: New tools and “quality-of-life” improvements
OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and …
Malicious Rust packages targeted Web3 developers
A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for …
Featured news
Resources
Don't miss
- SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
- Open-source malware zeroes in on developer environments
- Hottest cybersecurity open-source tools of the month: January 2026
- A practical take on cyber resilience for CISOs
- OPNsense 26.1 brings updates to open-source firewall management