A recently patched vulnerability in WinRAR, identified as CVE-2025-8088, was exploited in targeted phishing attacks even before a fix became available. The flaw, classified as a Directory Traversal vulnerability and addressed only in WinRAR...
Experts at Claroty have uncovered a series of critical vulnerabilities in Axis Communications’ video surveillance product line which, if successfully exploited, could grant an attacker complete control over the affected devices. At risk are...
The group behind the SocGholish malware has intensified its use of the Parrot TDS and Keitaro TDS traffic distribution systems to filter visitors and redirect them to malicious destinations. According to Silent Push, the...
U.S. law enforcement has revealed details of an international operation that dismantled the core infrastructure of the BlackSuit ransomware gang, notorious for a series of devastating cyberattacks. Nearly two weeks ago, the group’s dark...
Microsoft, in coordination with federal agencies, has issued a warning about a newly discovered, high-severity vulnerability in hybrid Exchange Server deployments that could allow an attacker with existing access to an on-premises server to...
A researcher operating under the pseudonym dead1nfluence has discovered that the Internet Archive contains over 130,000 recorded conversations with popular chatbots — including Claude, Grok, ChatGPT, and others. This finding suggests that with improper...
Researchers at Google have unveiled an enhanced method for exploiting the Retbleed vulnerability — a flaw that enables the extraction of arbitrary data from the memory of any process on affected systems. This weakness...
A new tool for disabling EDR systems has emerged in the cybercriminal underground, which Sophos researchers regard as an evolution of the EDRKillShifter utility. Its use has already been documented in attacks by eight...
At the Black Hat conference in Las Vegas, representatives from VisionSpace Technologies demonstrated that disabling a satellite or altering its trajectory can be achieved far more easily — and at a fraction of the...
Radio communications used by intelligence agencies, law enforcement, and military forces across dozens of countries have been found vulnerable to interception — and the flaw lies not only in outdated algorithms, but also in...
Cybersecurity researchers have uncovered 11 malicious Go packages designed to download additional components from remote servers and execute them on both Windows and Linux systems. According to Socket researcher Olivia Brown, during execution the...
Two malicious packages have been discovered in the NPM ecosystem, disguised as libraries for building bots and automated services using the WhatsApp Business API. Identified by researchers at Socket, these modules mimicked popular WhatsApp...
Akira ransomware attacks are growing ever more sophisticated: threat actors have begun exploiting a legitimate Intel CPU tuning driver to disable Windows’ built-in protections. The driver in question—rwdrv.sys, part of the ThrottleStop utility—is registered...
In a new apartment in Tel Aviv, the lights suddenly switch off, smart blinds rise on their own, and the water heater powers up—without the tenants’ knowledge. This is not part of a “smart...
At the Black Hat USA conference in Las Vegas, Naor Haziz, a researcher at Sweet Security, unveiled an attack dubbed ECScape, capable of completely undermining the trust-based security model of Amazon ECS. The vulnerability...
Six years ago, researchers at PortSwigger first identified a fundamental flaw in the HTTP/1.1 protocol—one that enables HTTP Request Smuggling attacks. Despite being publicly known since 2019, the vulnerability remains unresolved and continues to...
