Security Issues, Vulnerabilities, Exploits & Government Alerts
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its…
The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to…
Oct 24, 2025Ravie LakshmananData Breach / Cybercrime The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services…
Oct 24, 2025Ravie LakshmananVulnerability / Network Security Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under…
Oct 24, 2025Ravie LakshmananCyber Espionage / Malware A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed…
Oct 24, 2025The Hacker NewsCyber Resilience / Data Protection Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders…
Oct 24, 2025Ravie LakshmananMalware / Hacking News A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video…
Oct 24, 2025Ravie LakshmananDevOps / Malware Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers…
Oct 23, 2025Ravie LakshmananCyber Espionage / Threat Intelligence Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity Suite Vulnerabilities: Relative Path Traversal, Weak Password Recovery Mechanism for Forgotten Password, Incorrect Permission Assignment for Critical Resource,…