The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack...
Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity
Following the disclosure of CVE-2025-4427 and CVE-2025-4428, two Ivanti EPMM vulnerabilities that can be chained for RCE, another critical security issue has emerged, posing a severe threat to...
The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General
Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started.
Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. [...]
A joint advisory from the US, UK, Australia and others highlights the importance of SIEM/SOAR platforms and overcoming implementation challenges
MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. [...]
The U.S. Defense Intelligence Agency’s 2025 Worldwide Threat Assessment lays out a stark view of an evolving global... The post US DIA 2025 Threat Assessment warns of growing complexity in global...
Everest ransomware leaks Coca-Cola employee data: 1,104 files exposed, including HR, admin roles, IDs, personal details, and internal records.
Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data
How It Works Uncoder AI streamlines threat detection in SentinelOne by automatically transforming raw intelligence into executable event queries. In this case, it focuses on WRECKSTEEL...
How It Works Uncoder AI automates the decomposition of complex IOC-driven detection logic authored in CrowdStrike Endpoint Query Language (EQL). This example centers around the CERT-UA#14283...
How It Works 1. IOC Extraction from Threat Report Uncoder AI automatically parses and categorizes indicators from the incident report (on the left), including: Malicious domains, such as:...
A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. [...]
In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical...
Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly. [...]
Written by: Diana Ion, Rommel Joven, Yash Gupta Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular...
German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. [...]
The Aqara Camera Hub G5 Pro provides AI-powered visual recognition technology with a host of home security features - and it's on sale now.
Manufacturers are using electronic forms, checklists and management capabilities to enhance team engagement and drive continuous improvement.
Chief Editor Renee Bassett introduces the May 2025 trends issue of Automation.com Monthly.
Between February and May 2025, the intrusion set known as Mimo exploited CVE-2025-32432, a critical unauthenticated RCE in Craft CMS, to deploy a multi-stage infection chain observed via...
SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal.
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a...
Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with...
Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…
Cyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting...
We were thrilled by the remarkable interest in speaking at TechCrunch Disrupt 2025, taking place October 27–29 at Moscone West in San Francisco. After an in-depth review process, we’ve selected 20...
2025-05-22 • Recorded Future • Insikt Group • py.cherryspy, vbs.hatvibe Open article on Malpedia