First detected in July 2024, DCHSpy is assessed to be the handiwork of MuddyWater, an Iranian nation-state group tied to MOIS ...

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT ...

Hackers bypass FIDO keys using spoofed portals and QR codes, exposing MFA weaknesses and risking user accounts.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in an alert, said it's aware of active exploitation of CVE-2025-53770, which enables unauthenticated access to SharePoint systems and ...

APT28 targets Ukrainian government officials with a phishing campaign delivering LAMEHUG malware, utilizing Alibaba Cloud’s ...

The cybersecurity vendor has also classified it as a high-severity, high-urgency threat, urging organizations running ...

Critical NVIDIA vulnerability CVE-2025-23266 impacts 37% of cloud services, allowing privilege escalation and data tampering.

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign.

CVE-2025-0282 is a critical security flaw in ICS that could permit unauthenticated remote code execution. It was addressed by Ivanti in early January 2025. CVE-2025-22457, patched in April 2025, ...

Even when users must log in with passwords, there are methods to ensure that they don't handle them directly. Tools like SSO ...

Further dissection has determined that over 3,500 websites have been ensnared in the sprawling illicit crypto mining effort, ...

HPE fixed two flaws in Instant On Access Points that could allow admin access and command injection. Patch now to stay secure ...