Cybersecurity News, Threats & Vulnerability Alerts
Real-time threat monitoring, zero-day vulnerability analysis, and data breach reports.
GopherWhisper APT Targets Government Networks with Go Malware
ADT Confirms Data Breach After ShinyHunters Ransom Demand
Firestarter Malware Targets Cisco Firewall Devices
BlackFile Ransomware Group Targets Retail and Hospitality
Pack2TheRoot Linux Flaw Grants Root Access via PackageKit
Zimbra XSS Flaw Under Active Attack on 10,000+ Servers
Over 10,000 Zimbra Collaboration Suite instances face active exploitation of a cross-site scripting vulnerability enabling credential theft and system compromise.
WordPress Breeze Cache Plugin Hit by Critical RCE Exploit
Hackers actively exploit CVE-2024-50550 in WordPress Breeze Cache plugin, allowing unauthenticated arbitrary file uploads and remote code execution.
Bitwarden CLI Hit by Supply Chain Attack via Malicious npm
Attackers compromised the official Bitwarden CLI npm package with credential-stealing malware that could self-propagate across development environments.
Trigona Ransomware Deploys Custom Data Theft Tool
Trigona ransomware operators developed a specialized command-line exfiltration tool to accelerate data theft from compromised corporate networks.
Checkmarx KICS Supply Chain Attack Targets Developer Tools
Attackers compromised Docker images and VSCode extensions for Checkmarx KICS security scanner to steal sensitive data from developer environments.
Rituals Cosmetics Suffers Data Breach Exposing Customer Info
Dutch cosmetics giant Rituals disclosed a data breach affecting its My Rituals membership database containing customer personal information.
Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635
New Mirai variant actively exploits CVE-2025-29635 command injection vulnerability in D-Link DIR-823X routers to build botnets.
Kyber Ransomware Targets VMware ESXi with Quantum Encryption
New Kyber ransomware operation deploys post-quantum Kyber1024 encryption against Windows systems and VMware ESXi infrastructure in coordinated attacks.
NPM Supply Chain Attack Steals Developer Credentials
A sophisticated supply chain attack targeting Node Package Manager is compromising developer accounts and spreading malicious packages across the ecosystem.
GoGra Linux Backdoor Exploits Microsoft Outlook for Stealth
A new Linux variant of the GoGra backdoor leverages Microsoft's legitimate infrastructure through Outlook inboxes to deliver payloads undetected.
Microsoft Patches Critical ASP.NET Core Privilege Escalation
Microsoft released emergency out-of-band security updates to fix a critical privilege escalation vulnerability in ASP.NET Core affecting web applications.
1,300+ SharePoint Servers Remain Unpatched Against Active Exploits
Over 1,300 Microsoft SharePoint servers exposed online stay vulnerable to a spoofing flaw actively exploited in ongoing attacks.
Claude Mythos AI Discovers 271 Security Flaws in Firefox 150
Mozilla's latest Firefox 150 browser contains 271 security vulnerabilities identified by Claude Mythos AI during automated security testing.
France Titres Government Agency Hit by Major Data Breach
France Titres, the French government agency managing administrative documents, disclosed a significant data breach after threat actors claimed to have stolen citizen data.
Firefox 150 Patches 271 Vulnerabilities in Major Release
Mozilla released Firefox 150 today with fixes for 271 security vulnerabilities, marking the browser's largest security update in recent history.