CYBERSECURITY

Artificial intelligence copilots and agents have subtly infiltrated the SaaS apps that companies use on a daily basis during the past year. AI assistants or agent-like features are now integr

A security vulnerability in Secure Mobile Access (SMA) 100 series appliances has been fixed by SonicWall. Tracked as CVE-2025-40602, the vulnerability relates to a local privilege escalation

A number of businesses have been charged by the SEC for allegedly participating in a complex cryptocurrency scam. According to the SEC, the scam was a multi-step fraud that used social media

A phishing campaign has been linked to a group thought to be affiliated with Russia. Proofpoint is monitoring the activity, which has been going on since September 2025, under the name UNK_Ac

In order to sneak in a cryptocurrency wallet thief, a malicious NuGet package poses as the author of the.NET tracing library. "Tracer.Fody.NLog," the malicious package, was present in the rep

Threat actors are taking advantage of a security flaw called React2Shell. The vulnerability is spreading malware families such as ZnDoor and KSwapDoor. According to NTT Security and Palo Alto

Passwd was created especially for businesses using Google Workspace. Because Passwd is built on a zero-knowledge architecture, only users—not Passwd—can access data that has been decrypted. A

At least $2.02 billion of the over $3.4 billion that was pilfered between January and early December was the responsibility of the DPRK. $1.5 billion was lost in the February hack of the cryp

Over 64,000 distinct URLs linked to the threat were reportedly blocked by ESET this year. Czechia, Japan, Slovakia, Spain, and Poland accounted for the majority of detections. Nomani is using

Three "high-profile internet fraud suspects" are detained by Nigerian authorities. They are accused of participating in phishing attacks directed at large corporations. Okitipi Samuel, aka Mo

Affected vendors include ASRock, ASUSTeK Computer, GIGABYTE, and MSI. A disparity in the DMA protection status is the cause of the vulnerability. If the vulnerability is successfully exploite

MongoDB has been found to have a high-severity security flaw that could let unauthorized users read uninitialized heap memory. The vulnerability affects MongoDB

A notarized, digitally signed Swift application is used to deliver a new version of MacSync. In order to get around Apple's Gatekeeper checks, it is posing as a messaging app installer. It ha

According to Kaspersky, the new activity was discovered in October

Sensitive information can be remotely leaked by an unauthorized attacker thanks to a MongoDB vulnerability. The zlib message decompression implementation is the source of the issue. The vulne

In 2022, LastPass experienced a significant hack that gave hackers access to its users' personal data. Bad actors have been able to exploit weak master passwords thanks to the encrypted vault

1.8 million Android-based TVs, set-top boxes, and tablets are compromised by the Kimwolf botnet.

A new campaign that disseminates Android malware has been connected to a North Korean threat actor. The campaign makes use of QR codes that are hosted on phishing websites that imitate the lo

Competition in the App Store was limited by Apple's App Tracking Transparency (ATT) privacy framework. According to the Italian Competition Authority, the company was able to "unilaterally im

One of the oldest advanced persistent threat (APT) actors in the world, Infy (also known as Prince of Persia), has been linked to new activity by threat hunters. Evidence of Infy's early acti

The goal of eco-friendly browsing is to minimize needless digital load while maintaining an effective, practical, and user-friendly browsing experience. Wave Browser is intended for users who

17 Mozilla Firefox browser add-ons' logo files have been used in a new campaign called GhostPoster. Koi Security, which found the campaign, claims that the extensions have been downloaded mor

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious

Security teams frequently have the impression that their headlights are failing and they are driving through fog. Alerts proliferate, threats intensify, and SOCs find it difficult to determin

Uncrewed aircraft systems (UAS) and UAS critical components manufactured abroad have been added to the U.S. Federal Communications Commission's (FCC) Covered List. The action will prevent dro

A recently released malicious package on the npm repository functions as a complete WhatsApp API. It has the capacity to link the attacker's device to the victim's WhatsApp account and interc

The n8n workflow automation platform has been found to have a serious security flaw. The vulnerability has a CVSS score of

Researchers reveal information about a recent campaign that made use of websites that distribute cracked software. The campaign makes use of a new iteration of the Count loader, a stealthy an

Customers of Amazon Web Services (AWS) have been the target of an ongoing campaign that uses compromised Identity and Access Management (IAM) credentials to facilitate cryptocurrency mining.

A maximum-severity zero-day vulnerability in Cisco's AsyncOS software has been made known to users. A China-nexus advanced persistent threat (APT) actor known as UAT-9686 has been actively us