Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. […]
Critical Cisco IMC auth bypass gives attackers Admin access Read More »
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. “Use-after-free in Dawn in Google
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Read More »
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. […]
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Read More »
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. […]
Microsoft links Classic Outlook issue to email delivery problems Read More »
Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. […]
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Read More »
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. […]
New CrystalRAT malware adds RAT, stealer and prankware features Read More »
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. […]
‘NoVoice’ Android malware on Google Play infected 2.3 million devices Read More »
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. […]
New EvilTokens service fuels Microsoft device code phishing attacks Read More »
Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. […]
Hackers exploit TrueConf zero-day to push malicious software updates Read More »