Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. […]
Microsoft pulls KB5079391 Windows update over install issues Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution.
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation Read More »
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits Read More »
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. […]
European Commission confirms data breach after Europa.eu hack Read More »
The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. […]
FBI confirms hack of Director Patel’s personal email inbox Read More »
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. […]
File read flaw in Smart Slider plugin impacts 500K WordPress sites Read More »
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files Read More »
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. “The pipeline had a single boolean return value that meant both ‘no scanners are
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks Read More »
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. […]
New Infinity Stealer malware grabs macOS data via ClickFix lures Read More »
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. “TikTok has been historically
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion Read More »