malicious
-
Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access
Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as…
Read More » -
Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams
A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to…
Read More » -
Critical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution Attacks
In February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM).…
Read More » -
CISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical code-injection vulnerability discovered within Langflow.…
Read More » -
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads
GhostClaw, a multi-stage macOS infostealer, now exploits both GitHub repositories and AI-assisted development workflows to steal credentials and deploy secondary…
Read More » -
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
A campaign attributed to APT-Q-27 (GoldenEyeDog), a Chinese group targeting Web3, is leveraging deceptive fake screenshot links delivered through support…
Read More » -
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, faced a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, exploited prior…
Read More » -
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
New research highlights how infostealer malware can rapidly convert a single careless click into full credential exposure on dark web…
Read More » -
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them…
Read More » -
Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
TP-Link disclosed a critical security advisory revealing four high-severity vulnerabilities impacting its Archer NX200, NX210, NX500, and NX600 router series.…
Read More » -
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure Disruption
Tycoon 2FAoperators have restarted large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core…
Read More » -
DarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhones
Security experts haveverified that the advanced iOS exploit chain known as DarkSword is now accessible outside of its original threat…
Read More » -
Roundcube Releases Urgent Security Update to Fix Critical Bugs
Roundcube Webmail has issued an urgent security update addressing eight critical vulnerabilities discovered by independent security researchers. This release, version…
Read More » -
$30 IP-KVM Flaws Could Enable BIOS-Level Enterprise Network Attacks
Recent threat research exposes a critical security crisis with low-cost IP-KVM devices, revealing nine vulnerabilities across four prominent vendors. These…
Read More »