BLASTPASS Explained: How NSO’s WebP Zero-Day Exploit Hacked iPhones Silently
In September 2023, Apple rushed to patch a critical vulnerability after researchers uncovered an alarming zero-click exploit chain attributed to…
Security
Kaspersky Uncovers New Chrome 0-Day Actively Exploited
In the latest discovery, Kaspersky Lab exposed a highly sophisticated cyber attack, dubbed “ Operation ForumTroll ,” that leverages a critical zero-d…
IngressNightmare - Critical RCE Vulnerabilities Expose Kubernetes Clusters
Cybersecurity researchers at Wiz ( recently acquired by Google ) have uncovered multiple severe vulnerabilities in the Ingress NGINX Controller for K…
Oracle Cloud Security Breach Exposes 6 Million Records Affecting 140,000 Tenants
A significant security breach at Oracle Cloud has been reported, with a cybercriminal claiming to have stolen approximately 6 million records from Or…
Auth Bypass Vulnerability Disclosed in Next.js Middleware
A critical security vulnerability has been identified in Next.js, the popular React framework, which could allow attackers to bypass authorization ch…
Zero-Click WhatsApp Exploit Used in Paragon Spyware Attacks
In a groundbreaking investigation, Citizen Lab has uncovered a sophisticated spyware operation leveraging a zero-click exploit in WhatsApp to target…
Email Marketing Security: How to Protect Customer Data from Cyber Threats
According to recent studies , email marketing continues to deliver impressive ROI for businesses across industries, with an average return of $36 for…
Chinese APT Group MirrorFace Expands Operations to Europe, Revives ANEL Backdoor
ESET researchers have uncovered a significant shift in tactics by the China-aligned advanced persistent threat (APT) group MirrorFace , which has exp…
Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction
Security researchers have discovered and documented a critical Windows vulnerability (CVE-2025-24071) that enables attackers to steal authentication …
The Rise of Deepfake Scams: How to Protect Your Finances
The rapid expansion of deepfake technology has introduced a new dimension to financial fraud, posing significant threats to individuals and organizat…
Microsoft's March 2025 Update Patches Critical Zero-Day Exploited via PipeMagic Backdoor
Microsoft's March 2025 Patch Tuesday has addressed 57 security flaws, including seven zero-day vulnerabilities— six of which were already being a…
Apache Camel Vulnerability CVE-2025-27636 Less Severe Than Initially Reported
A recently disclosed vulnerability in Apache Camel ( CVE-2025-27636 ) has been officially classified as moderate severity, despite earlier reports ci…
Critical Apache Tomcat Vulnerability Discovered: Immediate Patching Required
A serious security vulnerability has been identified in Apache Tomcat, potentially exposing servers to remote code execution (RCE), information discl…
Hidden Command Discovered in Bluetooth Chips Used Across a Billion Devices
Security researchers from Tarlogic Security have unveiled new techniques that significantly simplify Bluetooth attacks using widely available hardwar…
Microsoft Uncovers Massive Malvertising Campaign Affecting One Million Devices via GitHub
Microsoft Threat Intelligence has detected a large-scale malvertising campaign that impacted approximately one million devices globally in December 2…
Critical Vulnerability in Sitecore Experience Platform Discovered
Security researchers at Assetnote, recently acquired by Searchlight Cyber, have uncovered a pre-authentication remote code execution vulnerability in…
Three VMware Vulnerabilities Actively Exploited in the Wild
Broadcom has released urgent security patches to address three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion products. T…