tokens
-
Cybersecurity Landscape 2025 Amid Record Vulnerabilities, Infrastructure Breakdown, and Growing Digital Risks
The year 2025 has unfolded in an environment marked by eroding trust in vulnerability databases, an explosive growth in cyberattacks,…
Read More » -
Food Delivery Robots Vulnerable to Hacks That Redirect Orders
A startling vulnerability in Pudu Robotics’ management APIs that allowed anyone with minimal technical skill to seize control of the…
Read More » -
Popular Nx Packages Compromised by Credential-Stealing Malware
A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials…
Read More » -
How SafeLine WAF Turns Hackers’ Scanners into Trash
When web application protection is no longer a million-dollar luxury, and when every developer can build their own security perimeter…
Read More » -
AI Website Generators Repurposed by Adversaries for Malware Campaigns
Adversaries are using AI-powered website builders to expedite the development of harmful infrastructure in a quickly changing threat landscape, hence…
Read More » -
Threat Actors Abuse npm Developer Accounts Hijacked to Spread Malicious Packages
A sophisticated phishing campaign targeting the maintainer of eslint-config-prettier, a widely-used npm package with over 3.5 billion downloads, resulted in…
Read More » -
Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability
The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed on…
Read More » -
‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control Channel
Security researchers have unveiled a sophisticated new attack technique called “Ghost Calls” that exploits popular web conferencing platforms to establish…
Read More » -
Stealing Login Credentials from 19 Major Browsers
A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential…
Read More » -
Scavenger Malware Compromises Popular npm Packages to Target Developers
The well-known npm package eslint-config-prettier was released without authorization, according to several GitHub users, even though its repository did not…
Read More » -
Lumma Infostealer Steals Browser Data and Sells It as Logs on Underground Markets
Infostealers are specialized malware variants that routinely steal large amounts of sensitive data from compromised systems. This includes session tokens,…
Read More » -
Fortinet FortiWeb Fabric Connector Flaw Enables Remote Code Execution
Security researchers have identified a severe pre-authentication SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, designated as CVE-2025-25257, that allows…
Read More » -
Critical Vulnerability in Microsens Devices Exposes Systems to Hackers
A series of critical vulnerabilities have been discovered in MICROSENS NMP Web+, a widely used network management platform for industrial…
Read More » -
Threat Actors Use Clickfix Tactics to Deploy Malicious AppleScripts for Stealing Login Credentials
A sophisticated malware campaign dubbed Odyssey Stealer has been uncovered, targeting macOS users through a deceptive method known as Clickfix…
Read More » -
Threat Actors Use Clickfix Tactics to Deploy Malicious AppleScripts for Stealing Login Credentials
In a recent discovery by the CYFIRMA research team, a sophisticated malware campaign dubbed Odyssey Stealer has been uncovered, targeting…
Read More » -
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation
Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and…
Read More »