A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges.
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as...
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT. This flaw leverages the artificial intelligence (AI)...
Dutch authorities have taken offline a massive botnet of 17 million devices. They also seized more than 200 servers at a local provider that...
Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a...
Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings...
A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools.
An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to...
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). This flaw is...
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing...
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD). The company urges the research community to share findings...
Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign. This campaign spreads through a...
Latin America and Europe are targeted by two banking trojan campaigns. These campaigns aim to infect Windows and Android devices with Grandoreiro...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a...
Microsoft has warned of an active cryptojacking campaign that uses artificial intelligence (AI) chatbot interactions. These interactions serve as...
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the...
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint. This flaw could be exploited by malicious...
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal...
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS. Their goal is to inject malicious JavaScript code, aiming...
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that...
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware...
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems.
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in Unify OS that can be exploited by remote attackers...
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload. This vulnerability could allow an unauthenticated,...
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a...
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat...
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges.
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks.
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an...
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant...
