-
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks
Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just…
Read More » -
Tactics Targeting M365 and Gmail
The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform,…
Read More » -
New Email Security Technique Prevents Phishing Attacks Behind NPM Breach
The discovery of a large-scale NPM ecosystem compromise in September 2025 has renewed focus on email security as the critical…
Read More » -
Google Launches New AI Security Features on Android to Block Mobile Scams
Google has announced enhanced artificial intelligence protections designed to combat the rising tide of mobile scams affecting billions of users…
Read More » -
Lampion Stealer Resurfaces with ClickFix Attack to Steal User Credentials Stealthily
A Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection…
Read More » -
10 Best Cloud Access Security Brokers (CASB) in 2025
The year 2025 marks a new era in enterprise cloud adoption, characterized by a complex tapestry of Software-as-a-Service (SaaS) applications,…
Read More » -
Vulnerability in Perplexity’s Comet Browser Screenshot Feature Allows Malicious Prompt Injection
Researchers have discovered a critical security vulnerability in Perplexity’s Comet AI browser that allows attackers to inject malicious commands through…
Read More » -
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated…
Read More » -
Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf—also tracked as YoroTrooper and Silent Lynx—executed…
Read More » -
Critical Zimbra SSRF Flaw Exposes Sensitive Data
Zimbra has released an emergency security patch to address a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers…
Read More » -
Attackers Exploit Zendesk Authentication Issue to Flood Targets’ Inboxes with Corporate Notifications
Cybercriminals have discovered a gap in Zendesk’s ticket submission process and are using it to bombard victims with waves of…
Read More » -
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to…
Read More » -
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the…
Read More »