Cybersecurity News, Threats & Vulnerability Alerts

Russian Police Arrest LeakBase Forum Administrator

Russian authorities detained the alleged administrator of LeakBase cybercrime forum in Taganrog for managing stolen data marketplace operations.

5m41

netscaler-vulnerability March 25 — 04:52 PM

Citrix Patches Critical NetScaler Flaws Similar to CitrixBleed

Citrix released patches for two NetScaler vulnerabilities, including one resembling the previously exploited CitrixBleed zero-day attacks.

5m38

bitpaymer-ransomware March 25 — 09:47 AM

Russian Hacker Gets 2 Years for BitPaymer Ransomware Attacks

Aleksei Volkov sentenced to two years in prison for managing phishing botnet that enabled BitPaymer ransomware attacks against 72 U.S. companies.

5m40

navia-breach March 25 — 08:57 AM

HackerOne Employee Data Exposed in Navia Breach

HackerOne confirms hundreds of employee records were compromised in a cyberattack targeting third-party vendor Navia Benefits Solutions.

5m42

ptc-windchill March 25 — 12:04 AM

PTC Patches Critical RCE Flaw in Windchill PLM Software

PTC Inc. fixed a critical remote code execution vulnerability in Windchill and FlexPLM that threatens manufacturing organizations worldwide.

5m27

infostealer March 25 — 12:00 AM

Torg Grabber Infostealer Targets 728 Crypto Wallets via ClickFix PowerShell Attack

A newly identified infostealer named Torg Grabber is actively targeting 728 cryptocurrency wallet extensions across 25 browsers, using ClickFix-based PowerShell lures for initial access. Researchers at Gen Digital discovered 334 unique samples developed in just three months, with new command-and-control infrastructure deployed weekly.

Evan Mael6m51

litellm-compromise March 24 — 11:29 PM

TeamPCP Hackers Compromise LiteLLM Python Package in Supply Chain Attack

TeamPCP hacking group compromised the popular LiteLLM Python package on PyPI, claiming to have stolen data from hundreds of thousands of devices.

5m43

iran March 23 — 12:00 AM

FBI Warns of Iranian Hackers Using Telegram as Malware Command Infrastructure

The FBI has issued a warning about Iranian hackers linked to the Ministry of Intelligence and Security using Telegram as command-and-control infrastructure to deploy malware targeting journalists, dissidents, and opposition groups worldwide.

5m45

cisa March 23 — 12:00 AM

CISA Orders Federal Agencies to Patch DarkSword iOS Flaws Exploited in Active Attacks

CISA has ordered U.S. federal agencies to patch three critical iOS vulnerabilities exploited by the DarkSword exploit kit, a sophisticated framework used in cryptocurrency theft and cyber-espionage campaigns linked to Russian intelligence and Turkish commercial surveillance actors.

5m47

trivy-scanner March 21 — 06:30 PM

Trivy Scanner Hit by Supply Chain Attack via GitHub Actions

TeamPCP threat actors compromised the popular Trivy vulnerability scanner, distributing credential-stealing malware through official releases and GitHub Actions workflows.

5m75

cve-2025-32975 March 21 — 12:00 PM

Quest KACE CVE-2025-32975 Exploited in Education Attacks

Critical Quest KACE vulnerability CVE-2025-32975 has been actively exploited in targeted attacks against educational institutions worldwide.

5m53

russian-intelligence March 20 — 09:45 PM

FBI Warns of Russian Phishing Targeting Signal, WhatsApp Users

FBI alerts that Russian intelligence-linked attackers are actively compromising thousands of encrypted messaging app accounts through sophisticated phishing campaigns.

5m87

oracle-identity-manager March 20 — 08:30 PM

Oracle Patches Critical RCE Flaw in Identity Manager

Oracle released emergency patches for critical remote code execution vulnerabilities affecting Identity Manager and Web Services Manager components exposed to the internet.

Evan Mael5m92

trivy-scanner March 20 — 06:47 PM

Trivy Scanner Hit by Second Supply Chain Attack in Month

Aqua Security's Trivy vulnerability scanner suffered another supply chain compromise targeting GitHub Actions workflows and CI/CD secrets.

Evan Mael4m81

operation-alice March 20 — 06:19 PM

Operation Alice Shuts Down 373,000 Dark Web CSAM Sites

International law enforcement operation dismantles massive dark web network distributing fake child exploitation material packages across hidden services.

Evan Mael5m57

ransomware-attacks March 20 — 05:31 PM

Ransomware Groups Target Network Backups in Systematic Attacks

Security researchers discovered ransomware operators systematically targeting network backup infrastructure to maximize attack impact and prevent recovery.

Evan Mael5m51

cve-2026-33017 March 20 — 04:15 PM

Langflow CVE-2026-33017 Exploited 20 Hours After Disclosure

Critical authentication bypass flaw in Langflow enables remote code execution, actively exploited within hours of public disclosure.

Evan Mael5m72

navia-data-breach March 20 — 12:02 PM

Navia Data Breach Exposes 2.7 Million Health Records

Navia Benefits Solutions suffered a major data breach affecting 2.7 million individuals' personal and health plan information during a three-week attack period.

5m42

polyshell-vulnerability March 20 — 10:30 AM

PolyShell Flaw Exposes Magento Stores to RCE Attacks

Critical Magento REST API vulnerability allows unauthenticated attackers to upload malicious executables disguised as images for remote code execution.

5m47

insider-threat March 20 — 07:57 AM

NC Data Analyst Convicted of Extorting DC Tech Company

A North Carolina data analyst contractor was found guilty of extorting his Washington D.C.-based technology employer through insider threats.

Evan Mael5m43

ubiquiti-unifi March 19 — 02:00 PM

Ubiquiti Patches Critical UniFi Flaw Enabling Account Takeover

Ubiquiti fixed two UniFi Network Application vulnerabilities including a maximum-severity flaw allowing complete account hijacking attacks.

Evan Mael5m46

1 2 3 4 5 6 7 8 9 10 11 12 13