Tag Archives: it security

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting...

10
Dec
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

Cloud security is changing. Attackers are no longer just breaking down the door; they are...

10
Dec
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Microsoft closed out 2025 with patches for 56 security flaws in various products across the...

10
Dec
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that,...

10
Dec
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the...

09
Dec
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader,...

09
Dec
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial...

09
Dec
How to Streamline Zero Trust Using the Shared Signals Framework

Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many...

09
Dec
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

Google on Monday announced a set of new security features in Chrome, following the company’s...

09
Dec
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a...

09
Dec
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace...

09
Dec
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed...

08
Dec
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

It’s been a week of chaos in code and calm in headlines. A bug that...

08
Dec
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run...

08
Dec
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher,...

08
Dec
Prompt injection is not SQL injection (it may be worse)
December 8, 2025

There are crucial differences between prompt and SQL injection which – if not considered –...

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited...

08
Dec
Provisioning and managing certificates in the Web PKI
December 8, 2025

How service owners should securely provision and manage certificates in the Web PKI....

Updating our guidance on security certificates, TLS and IPsec
December 8, 2025

The NCSC has updated 3 key pieces of cryptographic guidance. Here, we explain the changes....

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed...

08
Dec
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments...

06
Dec
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security...

06
Dec
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly...

05
Dec
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an...

05
Dec
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security...

05
Dec
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from...

05
Dec
“Getting to Yes”: An Anti-Sales Guide for MSPs

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects...

05
Dec
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor...

05
Dec
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited...

05
Dec
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation...

04
Dec