-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that…
-
Deployed across Australia and Europe, China’s electric buses are vulnerable to cybercriminals and sport a virtual kill switch the Chinese state could activate. Read More
-
Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files. Read More
-
Concern is growing across Europe about relying on US cybersecurity companies, and Greenland takeover talk is eroding trust across the EU even further. Read More
-
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec…
-
Cisco has released fresh patches to address what it described as a “critical” security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on…
-
Once trust is granted to the repository’s author, a malicious app executes arbitrary commands on the victim’s system with no other user interaction. Read More
-
The bait incudes plausible subject lines and credible messages, most likely thanks to attackers’ use of large language models to craft them. Read More
-
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findings …
-
The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT. Read More