Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of arbitrary code by bypassing Address Space Layout Randomization (ASLR). Tracked as CVE-2025-9961 (CVSS score: 8.6), the...
Jaguar Land Rover has found itself mired in a protracted crisis following a recent cyberattack that crippled both its information systems and manufacturing operations. The company announced that automobile production will not resume until...
Experts from Zscaler ThreatLabz have uncovered two malicious packages in the PyPI repository that, upon installation and import, secretly deploy the SilentSync Python trojan—a threat capable of seizing control of developer environments and exfiltrating...
An independent researcher named Andreas, author of the blog Anagogistis, has uncovered severe vulnerabilities in the Linux clients of PureVPN, flaws that undermine the very foundations of anonymity and traffic protection. The issues affect...
Proofpoint has published an analysis detailing a series of targeted phishing campaigns attributed to a group linked to Chinese state interests, tracked as TA415. The report describes carefully crafted espionage attempts against U.S. government...
Researchers from the Lat61 Threat Intelligence Team have published a comprehensive analysis of Raven Stealer, a lightweight, furtive infostealer written in Delphi and C++. The report details its credential-theft capabilities, methods for clandestine exfiltration...
Researchers at Specops have updated their study on cracking passwords hashed with bcrypt. Two years earlier they published similar findings, but the hardware landscape has shifted dramatically since: the AI boom and surging compute...
Microsoft researchers have unveiled Sploitlight, a practical technique for bypassing macOS’s TCC protections by abusing Spotlight plugins—an exploit that can siphon data from protected databases, including those that feed Apple Intelligence features. The study...
Researchers at TyphoonPWN, participating in the TyphoonPWN 2025 contest, uncovered a critical flaw in LG WebOS firmware that permits total takeover of a television — from unauthorized file downloads to webcam access, application installation,...
Google has released a new security update for the Chrome browser, addressing four vulnerabilities at once. Particular emphasis was placed on a zero-day flaw already observed in active exploitation: CVE-2025-10585, a type confusion error...
Developers of the PureHVNC remote-access trojan have adopted a new level of concealment, brazenly using GitHub to host source code and modules for their malicious toolkit. That is the conclusion of Check Point Research...
Researchers at SySS GmbH have disclosed a critical vulnerability in the Windows Boot Manager dubbed BitPixie. The flaw permits attackers to bypass BitLocker protections and attain full administrative access to a system. At the...
