Huntress
Fake “Windows Update” screen fuels new wave of ClickFix attacks
A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery …
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)
Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band …
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server …
Legit tools, illicit uses: Velociraptor, Nezha turned against victims
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the …
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira …
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls
Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. …
SonicWall firewalls targeted in ransomware attacks, possibly via zero-day
Attackers wielding the Akira ransomware and possibly a zero-day exploit have been spotted targeting SonicWall firewalls since July 15, 2025. “In the intrusions reviewed, …
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP …
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to …
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being …
Huntress upgrades Managed ITDR to disrupt hacker tradecraft
Huntress has unveiled its newly enhanced Managed Identity Threat Detection and Response (ITDR) solution, purpose-built to wreck hacker identity tradecraft, alongside new …
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the …
Featured news
Resources
Don't miss
- Social data puts user passwords at risk in unexpected ways
- New observational auditing framework takes aim at machine learning privacy leaks
- Why password management defines PCI DSS success
- Hottest cybersecurity open-source tools of the month: November 2025
- Gainsight breach: Salesforce details attack window, issues investigation guidance