Please turn on your JavaScript for this page to function normally.
Agentic AI
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI …

cloud
China-linked Murky Panda targets and moves laterally through cloud services

In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to …

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian …

APT
APT groups are getting personal, and CISOs should be concerned

Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members …

email
Russia-linked hackers target webmail servers in Ukraine-related espionage operation

ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned …

Microsoft 365 phishing
Attackers phish OAuth codes, take over Microsoft 365 accounts

Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics …

NTLM
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting …

Apple
Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been …

hand
China-linked FamousSparrow APT group resurfaces with enhanced capabilities

ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate …

Google Chrome
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)

Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome …

Microsoft
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for …

malware
China-based Silver Fox spoofs healthcare app to deliver malware

Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools