New MacSync malware dropper bypasses macOS Gatekeeper security
The latest variant of the MacSync information stealer, which targets macOS systems, is delivered through a digitally signed, notarized Swift application.
Cyber Alerts
ASUS Live Update vulnerability: CVE-2025-59374 is historic, not new
An ASUS Live Update vulnerability, tracked as CVE-2025-59374, has been widely discussed in infosec feeds. Some headlines suggested recent or...
Critical RCE flaw affects 115,000+ WatchGuard firewalls, unpatched and exploited.
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively...
Android Malware Merges Droppers, SMS Theft, and RAT Capabilities
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer...
25,000+ FortiCloud SSO devices exposed to remote attacks
Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks...
Critical WatchGuard Firebox flaw actively exploited in attacks
WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls.
China-aligned group uses Windows Group Policy for espionage malware deployment.
A previously undocumented China-aligned threat cluster, LongNosedGoblin, has been attributed to a series of cyber attacks. These attacks target...
France arrests Latvian crew for installing malware on Italian ferry
French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled...
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell, 15 More
This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics...
HPE warns of critical RCE flaw in OneView software
Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute...
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway...
SonicWall warns of new SMA1000 zero-day vulnerability exploited in attacks
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day...
Critical React2Shell flaw exploited by ransomware gangs in attacks.
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the...
Cellik Android malware creates malicious Google Play app versions
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums. It offers a robust set of...
Hackers exploit newly patched Fortinet authentication bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products. They gain unauthorized access to admin accounts and...
Hypervisors: Hidden Ransomware Risk in Virtualization
Ransomware groups are targeting hypervisors to maximize impact, allowing a single breach to encrypt dozens of virtual machines at once. Drawing on...
SantaStealer malware steals data from browsers and Crypto wallets
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory...
FreePBX Patches Critical Security Flaws: SQLi, File-Upload, AUTHTYPE Bypass, RCE
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw...
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity...
CISA adds Sierra Wireless router flaw to KEV catalog, enabling RCE attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS...
CISO-COO Partnership: Enhancing Operational Excellence and Cybersecurity
Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship...
Fake 'One Battle After Another' torrent hides malware in subtitles
A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately...
New Windows RasMan zero-day flaw gets free, unofficial patches
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager...
CISA orders federal agencies to patch exploited GeoServer vulnerability
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks.
React RSC flaws allow DoS, source code exposure
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in...
React2Shell Exploitation: Global Attacks Force Emergency Mitigation by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by...
CISA flags actively exploited GeoServer XXE flaw in KEV catalog update.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its...
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack...
Malicious VSCode extensions hid trojan in fake PNG files
A stealthy campaign involving 19 extensions on the VSCode Marketplace has been active since February. It specifically targets developers,...
Gogs Zero-Day Flaw Exploited for Months by Attackers
Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
AI accelerates cyberattacks. Is your network prepared for advanced threats?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional...