Iranian cyber group UNC1549 hacked 11 telecom firms, deploying Azure-hosted MINIBIKE malware through LinkedIn lures to steal ...

Fortra fixes CVE-2025-10035, a CVSS 10.0 deserialization flaw in GoAnywhere MFT; update to version 7.8.4 to block remote ...

REM Proxy’s SystemBC botnet infects 1,500 VPS daily across 80 C2 servers, with 40% unpatched for over 31 days, exposing ...

CISA details attackers exploiting Ivanti EPMM zero-days CVE-2025-4427/4428 in May 2025, enabling persistent remote code ...

Two UK teens tied to Scattered Spider’s $115M ransomware attacks face U.S. fraud charges and potential 95-year sentence for ...

ESET confirms Russian hackers Gamaredon and Turla joined forces in Feb 2025 to deploy the Kazuar backdoor on Ukrainian ...

The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries.

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in ...

SonicWall breach exposed backup files of under 5% customers, prompting password resets to prevent firewall exploitation.

CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.

Microsoft and Cloudflare seized 338 RaccoonO365 domains in September 2025, disrupting phishing attacks stealing 5,000 ...

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and ...