An advanced threat actor exploited the critical vulnerabilities "Citrix Bleed 2" (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Service Engine (ISE) as...
Google has released a new stable Chrome update that addresses a serious flaw in its V8 JavaScript engine. The update, now available as version 142.0.7444.162/.163 for Windows, 142.0.7444.162 for...
Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some...
The Tor Project has released a fresh update for its privacy-focused web browser. Tor Browser 15.0.1 is now available and addresses several high-risk security issues that could have compromised...
Lite XL, a lightweight text editor written in Lua and C that runs on Windows, Linux, and macOS, has been found to contain a high vulnerability that could enable arbitrary code execution. Security...
Microsoft’s November Patch Tuesday release for 2025 has delivered fixes for 63 security flaws across its software portfolio, including one zero-day vulnerability already being exploited in the...
Microsoft has resolved a known issue preventing users from quitting the Windows 11 Task Manager after installing the optional Windows 11 KB5067036 update. [...]
Microsoft has disclosed a critical Windows Kernel vulnerability that is currently under active exploitation in the wild. Tracked as CVE-2025-62215, the flaw enables attackers to escalate...
A new theory from the agency that brought us ‘America hacked itself to blame Beijing’ China’s National Computer Virus Emergency Response Center (CVERC) has alleged a nation-state entity, probably...
Many times, websites have subdomains that need to communicate with each other. Because of the Same Origin Policy (SOP), this isn't usually possible. Some technologies allow for this, a formerly...
Typus Finance on the Sui blockchain suffered a hack recently of about 3.44M USD. This article explains the vulnerability and the exploit itself. Typus Finance has an oracle that contained the...
When creating a React Native project looking, most developers use the package react-native-community/cli. This will create a project structure with proper dependencies and configuration files. To...
‘Elite teams’ are pondering cyber-attacks to turn off energy supply or telecoms networks The head of Australia’s Security Intelligence Organisation (ASIO) has warned that authoritarian regimes...
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a...
Discover how 43% of security leaders now use threat intelligence for strategic planning. Explore key insights from the 2025 State of Threat Intelligence Report, including enterprise spending...
Discover how threat intelligence has moved from the SOC to the boardroom. Learn why modern enterprises use it to drive strategic decisions, manage risk, and power governance across the business.
Researchers uncovered active exploitation of an unauthenticated access vulnerability (CVE-2025-12480) in Gladinet’s Triofox remote access platform by the threat cluster UNC6485. The flaw, present...
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed...
The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers. [...]
Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.”
Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. [...]
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned...
This webinar brings together Citizen Lab researchers with policy advisors, Women, Peace and Security (WPS) experts, and human rights defenders to reflect on twenty-five years of the WPS agenda in...
Citizen Lab senior researcher John Scott-Railton speaks with TechCrunch about the proliferation of spyware use, and the effects it has on democracy. While it is ostensibly used to monitor...
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service...
KONNI espionage crew covertly abused Google’s Find My Device feature to remotely factory-reset Android phones North Korean state-backed spies have found a new way to torch evidence of their own...
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the...
Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. [...]
This article originally appeared on the Stroz Freidberg, A LevelBlue Company, blog site.