A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...
The CrushFTP service has encountered a newly discovered critical vulnerability, already being exploited in active attacks. Designated CVE-2025-54309 and assigned a CVSS severity score of 9.0, the flaw stems from improper handling of AS2...
The hacking collective known as EncryptHub—also tracked as LARVA-208 and Water Gamayun—has launched a new wave of attacks specifically targeting developers within the Web3 ecosystem. Their aim: to infect victims with data-stealing malware capable...
Cybercriminals affiliated with the group PoisonSeed have devised a method to circumvent FIDO2 protection—not by breaching the technology itself, but by cleverly exploiting one of its legitimate features: cross-device authentication. Through this technique, attackers...
The Chinese firm SDIC Intelligence Xiamen Information Co., Ltd. (formerly Meiya Pico), renowned for its work in digital forensics and information security technologies, has developed a mobile tool named Massistant for data extraction from...
As humanity becomes increasingly accustomed to integrating artificial intelligence into daily life—from text generation to software development—OpenAI introduces a next-generation tool. The ChatGPT Agent, now available to subscribers of the Plus, Pro, and Teams...
Coercer A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all...
Earlier this year, Microsoft published a study exposing a sweeping campaign involving the distribution of infostealers—malicious software designed to exfiltrate user data. According to the report, over one million devices were compromised, with the...
Three malicious scripts have been discovered in the Arch User Repository (AUR)—a community-driven repository for Arch Linux user packages—used to deploy the CHAOS RAT trojan. These scripts, uploaded by a user operating under the...
Until recently, victims of the Phobos and 8Base ransomware families had virtually no recourse for recovering their encrypted data without paying a ransom. These strains were considered among the most resilient and widely deployed...
Tired of the visual clutter generated by AI? DuckDuckGo is here to help. The developers have recently unveiled a new tool designed to cleanse search results. A feature called AI Images has been introduced...
Hewlett-Packard Enterprise has issued a critical security advisory concerning a severe vulnerability in Aruba Instant On access points. Embedded credentials have been discovered within the devices, enabling malicious actors to bypass standard authentication and...
Hackers have successfully injected malicious code into popular npm packages by leveraging a phishing campaign against project maintainers. The attackers orchestrated a targeted campaign aimed at developers stewarding key projects and managed to steal...
A critical vulnerability has been discovered in Microsoft SharePoint Server, now actively exploited as part of a widespread cyberattack campaign. The flaw, identified as CVE-2025-53770, carries a staggering severity score of 9.8 out of...
A team of analysts at Kaspersky Lab has uncovered an exceptionally sophisticated piece of malware embedded within the Exchange infrastructure of governmental institutions. Based on forensic logs and the nature of the executable code,...
Wiz, a cybersecurity firm specializing in cloud infrastructure protection, has uncovered a critical vulnerability in the NVIDIA Container Toolkit, identified as CVE-2025-23266 and rated 9.0 on the CVSS scale. Dubbed “NVIDIAScape,” the flaw poses...
