Category: Security

QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. […]

Read more →

Attackers are using AI to weaponize old vulnerabilities while security teams face expanding attack surfaces and limited resources. Intruder’s 2025 Exposure Management Index reveals how 3,000+ organizations are adapting and fixing critical flaws faster than ever. […]

Read more →

Flashpoint has released its Proactive Defender’s Guide to Infostealers, underscoring the urgent need for proactive defense against infostealers — identified as the “most scalable entry point into enterprises” in 2025. Proactive infostealer monitoring and defense According to Flashpoint’s research, infostealer-driven credential theft has surged by 800% over the past year, compromising more than 1.8 billion…

Read more →

Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. […]

Read more →

Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software’s uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. […]

Read more →

Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems. […]

Read more →

AI agents now act, decide, and access systems on their own — creating new blind spots Zero Trust can’t see. Token Security helps organizations govern AI identities so every agent’s access, intent, and action are verified and accountable. […]

Read more →

State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. […]

Read more →

Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. […]

Read more →

A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee of the Red Cross, UNICEF, and various NGOs. […]

Read more →

The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. […]

Read more →

TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. […]

Read more →

The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. […]

Read more →

Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep networks compliant. […]

Read more →

Japanese retail company Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. […]

Read more →

Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. […]

Read more →

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times. […]

Read more →

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs’ Cazadora script helps uncover rogue apps before they lead to a breach. Dive deeper in their Tradecraft Tuesday sessions. […]

Read more →

Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware. […]

Read more →

ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. […]

Read more →

Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. […]

Read more →

Hack The Box (HTB), a leader in gamified cybersecurity skills development, has released three sector-specific cyber skills reports covering MSSPs, finance, and healthcare. Across these reports, HTB found that technical capability—not just compliance—has become the true benchmark for cybersecurity resilience and readiness. Skill gaps found in highly regulated sectors HTB’s Global Cyber Skills Benchmark 2025…

Read more →

VMware certification isn’t just about passing exams — it’s about mastering systems, proving expertise, and your career. Gain hands-on labs, discounts, and mentorship with VMUG Advantage to reach your next goal faster. […]

Read more →

Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week. […]

Read more →