Category: Security

Major international auction house Sotheby’s is notifying customers of a data breach incident on its systems where threat actors stole sensitive information, including financial details. […]

Read more →

Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. […]

Read more →

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. […]

Read more →

North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. […]

Read more →

Microsoft says Windows 11 users can now start a conversation with the AI-powered Copilot digital assistant by saying the “Hey Copilot” wake word. […]

Read more →

19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a massive data breach. […]

Read more →

An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. […]

Read more →

Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. […]

Read more →

Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. […]

Read more →

Dark web activity can hide in plain sight within everyday network traffic. Corelight’s NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. […]

Read more →

U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. […]

Read more →

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft’s Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors. […]

Read more →

FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs’ reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process. […]

Read more →

Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. […]

Read more →

Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. […]

Read more →

AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis’ new Interceptor platform uses multimodal AI — vision, language, and behavior models — to detect zero-hour attacks and stop them before they reach users. […]

Read more →

Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle’s E-Business Suite servers. […]

Read more →

An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer “Inflation Refunds” in an attempt to steal victims’ personal and financial data. […]

Read more →

In today’s hyper-connected world, cyber threats are more sophisticated and frequent than ever – ransomware, data breaches, and social engineering scams, targeting everyone from individuals to Fortune 500 companies. Right now, you can grab “Cybersecurity For Dummies, 3rd Edition” – a $29.99 value – completely FREE for a limited time. […]

Read more →

Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. […]

Read more →

From lab work to leadership — VMware certification can transform your IT career. Learn from VMware User Group (VMUG) how the VMUG Advantage can help you build real skills, gain confidence, and join a global IT community. […]

Read more →

Salesforce rekrutiert Security- und Privacy-Agenten Salesforce erweitert seine KI-Plattform für den Einsatz im Bereich Security und Privacy. Im Security Center soll Agentforce neue Sicherheitsfunktionen hinzufügen. Dazu zählen schnelle, gründliche Sicherheitsanalysen, Unterstützung beim Beheben von Sicherheitsvorfällen oder autonomes Thread Detection und Monitoring. Das Privacy Center wird laut Salesforce durch die KI-Agenten um Automatisierungen erweitert. Als wichtigste Funktionen…

Read more →

Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. […]

Read more →

A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. […]

Read more →

Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and TLS-pinned C2. Join Huntress Labs’ Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. […]

Read more →