AMD Patches High-Severity SMM Vulnerabilities Affecting EPYC and Ryzen...
AMD has released security patches addressing two high-severity vulnerabilities impacting its System Management Mode (SMM), a privileged execution The post AMD Patches High-Severity SMM Vulnerabilities...
View ArticleCVE-2024-1709 and CVE-2023-48788: Exploits Fueling Russia’s BadPilot Campaign
Microsoft Threat Intelligence has exposed a multiyear cyber espionage campaign conducted by a subgroup of the Russian state-sponsored The post CVE-2024-1709 and CVE-2023-48788: Exploits Fueling...
View ArticleFINALDRAFT Malware Exploits Outlook Drafts for Covert Communication
In a recent investigation into the REF7707 intrusion set, Elastic Security Labs has identified a new malware family The post FINALDRAFT Malware Exploits Outlook Drafts for Covert Communication appeared...
View ArticleMailcow Patches Password Reset Poisoning Vulnerability (CVE-2025-25198)
Popular open-source email server suite, mailcow, has released a patch addressing a serious vulnerability that could allow attackers The post Mailcow Patches Password Reset Poisoning Vulnerability...
View ArticleBuffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning
In a joint Secure by Design Alert, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau The post Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning...
View ArticleAMD Patches High-Severity SMM Callout Flaw (CVE-2024-21924) in EPYC and Ryzen...
AMD has released security patches addressing a high-severity vulnerability (CVE-2024-21924) affecting multiple processor families, including EPYC data center The post AMD Patches High-Severity SMM...
View ArticleNorth Korea’s IT Worker Scam: How the Regime Infiltrates Global Tech Firms...
Cybersecurity researchers at Insikt Group have uncovered a sophisticated North Korean IT worker scam designed to infiltrate global The post North Korea’s IT Worker Scam: How the Regime Infiltrates...
View ArticleSPAWNCHIMERA: New Malware Exploits Ivanti Zero-Day Flaw (CVE-2025-0282)
Cybersecurity researchers at JPCERT/CC have uncovered a significant upgrade to the SPAWN malware family, introducing SPAWNCHIMERA, a more The post SPAWNCHIMERA: New Malware Exploits Ivanti Zero-Day...
View ArticleAstaroth Phishing Kit Bypasses 2FA, Steals Accounts
Cybersecurity researchers at SlashNext have discovered a sophisticated new phishing kit dubbed “Astaroth” that is capable of bypassing The post Astaroth Phishing Kit Bypasses 2FA, Steals Accounts...
View ArticleMetasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote...
Rapid7 researchers have discovered a high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL’s interactive tool, psql. This vulnerability, found The post Metasploit-Ready: CVE-2025-1094...
View ArticleRussian Hackers Exploit Microsoft Device Code Authentication in Targeted...
Cybersecurity researchers at Volexity have uncovered a series of targeted phishing and social engineering campaigns by multiple Russian The post Russian Hackers Exploit Microsoft Device Code...
View ArticleCVE-2022-31631 (CVSS 9.1): Critical PHP Flaw Exposes Websites to SQL...
A serious vulnerability has been discovered in PHP, potentially exposing websites and applications to SQL injection attacks. Users The post CVE-2022-31631 (CVSS 9.1): Critical PHP Flaw Exposes Websites...
View ArticlexAI’s Grok 3 Debut: Musk Challenges OpenAI
Following the recent $97.4 billion acquisition proposal for OpenAI-related assets, which was formally rejected through a court filing The post xAI’s Grok 3 Debut: Musk Challenges OpenAI appeared first...
View ArticleMicrosoft Patches Windows Server 2025 Startup Error—Update KB5051987 Recommended
In October 2024, Microsoft confirmed that Windows Server 2025 may encounter a boot device inaccessible error under certain The post Microsoft Patches Windows Server 2025 Startup Error—Update KB5051987...
View ArticleGoogle Pays $10,633 for YouTube Security Vulnerabilities
Cybersecurity researcher Brutecat has uncovered two security vulnerabilities in YouTube platform. Despite Google’s assurances regarding user privacy protection, The post Google Pays $10,633 for YouTube...
View ArticleXCSSET Malware Returns with Enhanced Capabilities to Target macOS Users
Microsoft Threat Intelligence has discovered a new variant of the XCSSET malware targeting macOS users. This sophisticated malware, The post XCSSET Malware Returns with Enhanced Capabilities to Target...
View ArticleBlack-Hat SEO Poisoning Indian Government and Financial Websites
Researchers at CloudSEK have uncovered a large-scale Search Engine Poisoning (SEP) campaign targeting Indian government, educational, and financial The post Black-Hat SEO Poisoning Indian Government...
View ArticleCVE-2025-24865 (CVSS 10): Critical mySCADA myPRO Flaw Allow Full System Takeover
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing multiple critical vulnerabilities affecting mySCADA’s myPRO The post CVE-2025-24865 (CVSS 10): Critical...
View ArticleStorm-2372: Russian-Linked Hackers Exploit Device Code Phishing in Global...
Microsoft Threat Intelligence has uncovered an active and ongoing phishing campaign conducted by the threat actor Storm-2372, a The post Storm-2372: Russian-Linked Hackers Exploit Device Code Phishing...
View ArticleCVE-2024-12562: Critical s2Member Pro Flaw Leaves Millions of WordPress Sites...
A critical security vulnerability has been discovered in the popular s2Member Pro plugin for WordPress, potentially affecting millions The post CVE-2024-12562: Critical s2Member Pro Flaw Leaves...
View Article