Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

Aug 25, 2025Ravie LakshmananMalware / Cyber Espionage A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance…

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Aug 25, 2025Ravie LakshmananContainer Security / Vulnerability Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out…

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter. The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing…

Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Aug 25, 2025Ravie LakshmananCybersecurity News / Hacking Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the…

Insights from 160 Million Attack Simulations

Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real time. However, the new Picus Blue…

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Aug 25, 2025Ravie LakshmananMalware / Cyber Attack The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut…

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Aug 24, 2025Ravie LakshmananMalware / Supply Chain Security Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its…

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure.…

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The “Linux-specific malware infection chain that starts with a spam email with a malicious…

CISA Issues Draft Software Bill of Materials Guide for Public Comment

by CISA
August 22, 2025
Security News, Assessments & Alerts
3 min read

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a draft Minimum Elements for a Software Bill of Materials (SBOM) for public comment. Reflecting the growing maturity of SBOM practices, this guide incorporates…

« Previous
1
…
93
94
95
96
97
…
445
Next »