French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. […]
Police dismantles fake ID marketplace used by migrant smugglers Read More »
On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. […]
Microsoft blames unexpected Windows driver updates on caching issue Read More »
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. […]
Hackers Are After the Gaps in Your Vulnerability Program: Here’s Their Playbook Read More »
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. […]
Cisco warns of critical Unified CM flaw with PoC exploit code Read More »
The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog Read More »
A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. […]
Chinese hackers use new Atlas RAT malware in European cyberattacks Read More »
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it can reach once it does. That is a question about the shape of your
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore Read More »
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT Read More »
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android Read More »