During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into...
The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. [...]
TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. [...]
Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates.BackgroundOn October 21, Oracle released its Critical Patch Update (CPU) for October...
Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns...
It’s dominating the economy and shaping the threats we face and how we defend against them
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. [...]
In a letter to Apple cited by the state news agency TASS, the Federal Antimonopoly Service (FAS) said Apple’s current setup gives preference to foreign search engines, putting local providers at a...
Why organizations need a new strategy to break down silos and usher in a new era of risk intelligence Partner Content As cyber risk continues to escalate, many organizations face a disconnect...
The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. [...]
Written by: Alden Wahlstrom, David Mainor Introduction Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives...
On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards. [...]
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the...
Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers. [...]
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per...
Choi A-ri reports: Kim Young-shub, KT’s representative, stated regarding the unauthorized micro-payment incident, “I will take responsibility once the situation is resolved,” effectively...
Jake Kanter reports: The cyber-attack on Prospect, the parent union of film and TV group Bectu, has sparked fears that it could have compromised information pertaining to the UK’s national...
CISA KEV Catalog " data-image-caption="" data-medium-file="https://cyble.com/wp-content/uploads/2025/10/CISA-KEV-Catalog-300x150.webp"...
SQL Injection vulnerability (CVE-2025-9339) has been found in SIMPLE.ERP software.
Wojeski & Company suffered a ransomware attack, and then an insider breach when an employee of a firm hired to investigate the breach inappropriately accessed data. Employees were also...
Japanese retailer halts online orders after attack cripples third-party vendor Japanese retailer Muji is suspending online orders after logistics partner Askul was knocked offline by a ransomware attack.…
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start...
Scouting America (formerly known as Boy Scouts) has a new badge in cybersecurity. There’s an image in the article; it looks good. I want one.
Over on Risky Biz News, Catalin Cimpanu has a great write-up about how a Romanian prisoner hacked the country’s prison management platform. He writes: The incident took place in August and...
Juan F. Luis Hospital CEO Darlene A. Baptiste says no personal data was stolen in the April cyberattack that forced the hospital offline for months, causing major billing delays, financial losses,...
CISA adds high-severity flaw to KEV list, urges swift updating Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited –...
Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep...
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses.
Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.
A flaw rooted in the Server Message Block (SMB) protocol of Windows enables attackers to escalate privileges to SYSTEM level on vulnerable Windows devices, potentially granting full control over...