Former L3Harris defense contractor employee Peter Williams has pleaded guilty in a U.S. federal court to two counts of theft of trade secrets, admitting that he sold eight zero-day vulnerabilities to a Russian intermediary...
The ongoing PhantomRaven campaign has targeted developers via the npm registry, disseminating dozens of malicious packages across the ecosystem in a short span. Embedded within these packages, malicious code harvests authentication tokens, CI/CD secrets,...
A newly uncovered phishing campaign, identified by researchers at the Internet Storm Center, showcases a remarkably unconventional method of evading email filters—by embedding invisible characters within message headers. Specifically, the attackers employ soft hyphen...
The 2025 At-Bay InsurSec Rankings report recorded a sharp surge in cyberattacks linked to email and remote access—two channels responsible for nearly 90% of all incidents among the company’s clients. Analysts highlight that generative...
A vulnerability has been discovered in early builds of OpenVPN, allowing attackers to execute arbitrary commands on a user’s machine. The flaw affects versions from 2.7_alpha1 through 2.7_beta1 and poses a serious threat to...
In a recent report, researchers from Varonis Threat Labs reminded the cybersecurity community of a deceptive technique used by phishers to disguise malicious links as legitimate ones. This method, based on how browsers render...
Several media outlets have once again circulated false claims of a supposed large-scale data breach affecting Gmail, alleging the compromise of 183 million user accounts. The reports stemmed from an announcement by Troy Hunt,...
The BlueNoroff group — long linked to Lazarus — has begun incorporating generative AI into operations targeting executives and developers of blockchain projects, Kaspersky GReAT researchers reported at the Security Analyst Summit 2025 in...
A newly discovered vulnerability in ChatGPT Atlas, the experimental browser developed by OpenAI, allows attackers to silently inject malicious commands into the AI’s persistent memory, enabling the execution of arbitrary code on behalf of...
Seventy-two nations gathered in Hanoi, Vietnam, to sign the world’s first United Nations Convention on Cybercrime, establishing a global legal framework to counter digital threats. The document—years in the making—is set to become the...
Cyberthreat analysts are reporting active exploitation of a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287. Merely days after Microsoft released an emergency patch and CISA added the flaw to its...
The September attack on the embassy of a European nation in New Delhi has exposed the scale of an extensive espionage operation targeting diplomatic missions across several South Asian countries. Experts at Trellix have...
