CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. […]
CISA orders feds to patch BlueHammer flaw exploited as zero-day Read More »
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. […]
Apple fixes bug that let the FBI recover deleted Signal messages Read More »
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. […]
New Mirai campaign exploits RCE flaw in EoL D-Link routers Read More »
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. […]
Kyber ransomware gang toys with post-quantum encryption on Windows Read More »
The Spanish police have dismantled the largest Spanish-language manga piracy platform, operating since 2014, with millions of monthly users from around the globe. […]
Spain dismantles major $4.7M manga piracy platform, arrests four Read More »
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector. “The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Read More »
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw. “Improper verification of
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug Read More »
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API
Toxic Combinations: When Cross-App Permissions Stack into Risk Read More »
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky. “Two
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack Read More »
Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. […]
Microsoft Teams to get efficiency mode on PCs with limited resources Read More »