cyber attacks

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Dec 15, 2025Ravie LakshmananMalware / Cybercrime Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO…

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

Dec 15, 2025Ravie LakshmananRansomware / Cybercrime The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users…

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

Dec 13, 2025Ravie LakshmananNetwork Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following…

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Dec 13, 2025Ravie LakshmananZero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited…

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed as development utilities or OSINT…

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials…

Policy, Isolation, and Data Controls That Actually Work

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft…

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source…

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

Dec 12, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The…

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

Dec 12, 2025Ravie LakshmananVulnerability / Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence…

« Previous
1
…
14
15
16
17
18
…
351
Next »