Zeljka Zorz
CISA confirms exploitation of VMware ESXi flaw by ransomware attackers
CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in …
Why a decade-old EnCase driver still works as an EDR killer
Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance …
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last …
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting …
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in …
How state-sponsored attackers hijacked Notepad++ updates
UPDATE: Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by …
Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)
Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited …
Google disrupts proxy network used by 550+ threat groups
Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single …
eScan AV users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a …
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers …
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. …
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ …
Featured news
Resources
Don't miss
- Why risk alone doesn’t get you to yes
- ShipSec Studio brings open-source workflow orchestration to security operations
- Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
- TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
- CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation