Telephone-based fraud schemes masquerading as customer support from well-known brands are rapidly gaining traction among cybercriminals. According to researchers at Cisco Talos, attackers are increasingly employing a method known as TOAD (Telephone-Oriented Attack Delivery),...
Australian airline Qantas has suffered a significant cybersecurity incident after malicious actors gained access to a third-party platform containing customer data, the company announced on Monday evening. Qantas, the nation’s largest carrier—operating both domestic...
Anthropic has encountered a critical vulnerability in one of its AI-related projects. The flaw, identified as CVE-2025-49596, affects the Model Context Protocol (MCP) Inspector tool and has been assigned a CVSS severity score of...
A newly discovered technique in Windows allows malicious scripts to be executed without triggering any user warnings. This method, known as FileFix, has been refined to exploit a vulnerability in how browsers handle saved...
Let’s Encrypt has officially begun issuing certificates for IP addresses. The inaugural certificate of this kind was issued on July 1, 2025—nearly a decade after the service’s initial launch. Although the new feature was...
Google has once again drawn the attention of cybersecurity experts following its implementation of a new user data protection mechanism in the Chrome browser—AppBound Cookie Encryption. Although the initiative reflects an ambitious stride toward...
The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack...
Cybercriminals have launched a new wave of attacks targeting WordPress websites—so meticulously concealed that the campaign was only recently uncovered. Security experts at Sucuri have discovered that compromised websites are being used as silent...
The International Criminal Court (ICC) in The Hague has once again come under the crosshairs of cyber attackers. The judicial body reported that it had been the target of a deliberate and coordinated cyberattack....
Microsoft has announced its intention to discontinue password support within the Authenticator app starting August 1, 2025. This move forms part of the company’s broader global initiative to shift away from traditional login methods...
Google has released security updates for its Chrome browser to address a critical vulnerability for which an active exploit is already in circulation. The issue, tracked as CVE-2025-6554, is classified as a “Type Confusion”...
The Government of Canada has officially ordered the cessation of operations of Hikvision Canada Inc. within its territory, citing concerns over national security. The announcement followed the conclusion of a multi-phase review conducted under...
U.S. cyber divisions, including the FBI and NSA, have issued an urgent advisory warning of potential cyberattacks targeting the nation’s critical infrastructure by hacker groups affiliated with Iran. While experts note that there is...
The FBI held a closed-door briefing for members of the U.S. Congress to bolster mobile device security after the contact list from the personal smartphone of White House Chief of Staff Susie Wiles fell...
Hackers affiliated with Iran have resurfaced once again—this time claiming to have accessed a trove of new emails belonging to former President Donald Trump and his inner circle. According to Reuters, the breach allegedly...
Perhaps the most critical component of an AWS infrastructure is the policy document describing the actions allowed or denied to a resource. IAM can become a messy kitchen as misconfigurations will introduce gaps in...
