WhatsApp has patched a vulnerability in its iOS and macOS client applications that had been actively exploited in zero-day targeted attacks. The flaw enabled a “zero-click” scenario, requiring no interaction from the victim. According...
At DEF CON 2025, researchers from Akamai unveiled a study on a critical vulnerability in Windows Server 2025 known as BadSuccessor (CVE-2025-53779), which allows low-privileged users to instantly escalate their access to Domain Admin....
The Netherlands has officially disclosed a cyber-espionage campaign linked to China that has impacted critical sectors across the globe. According to the Ministry of Defense, the attacks were carried out by groups tracked under...
Experts at ReversingLabs have uncovered a critical loophole in the VS Code Marketplace. The platform allows new extensions to be published under the same names previously used by other packages, provided those packages were...
The FBI and Dutch police have conducted a joint operation that shut down VerifTools, a major online marketplace specializing in the sale of forged documents. The servers supporting the platform were seized in Amsterdam,...
The BetterBank project, which positions itself as a decentralized banking protocol on PulseChain, suffered an exploit in which an attacker siphoned assets valued between $1 and $5 million. The root cause was a vulnerability...
Anthropic has issued a warning about a new threat emerging alongside “smart” browser extensions — websites may discreetly inject hidden commands, which an AI agent could execute without hesitation. The company unveiled a research...
A researcher from the University of Texas at Dallas has proposed viewing the fight against ransomware not solely through the lens of technology, but also through political intervention. Atanu Lahiri, Professor of Information Systems,...
Researchers at Recorded Future’s Insikt Group documented five distinct clusters of activity attributed to the persistent threat actor Blind Eagle (also tracked as TAG-144) between May 2024 and July 2025. The primary focus of...
The group ShadowSilk has been identified as the orchestrator of a new wave of cyberattacks against government institutions across Central Asia and the Asia-Pacific region. According to Group-IB, the number of victims is approaching...
The NPM ecosystem has been struck by a new supply chain attack, this time targeting the Nx project, into whose repository several malicious package versions were uploaded late Tuesday evening. According to researchers at...
Anthropic has published a report revealing how malicious actors are increasingly exploiting AI models for attacks and fraud, bypassing existing security measures. The document provides concrete examples showing that agent-based AI systems are no...
