The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the widely used Sudo utility—employed across Linux and Unix-like systems—to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-32463 and...
A new tool has emerged on the cybercriminal marketplace—one that has swiftly become a weapon of choice for dozens of groups. This is HeartCrypt, a malware-packing service that disguises malicious code as familiar, legitimate...
Specialists have disclosed a new critical vulnerability in the wireless network configuration procedure of Unitree robots. The flaw, dubbed UniPwn, was detailed on September 20 and affects the quadruped models Go2 and B2, as...
The world’s leading cybersecurity agencies have issued urgent warnings of a critical threat to global network infrastructure: vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower systems are under heavy, coordinated attack. The alarm...
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages, Go modules, GitHub actions, or VSCode extensions. It runs a set of heuristics on the package source code (through Semgrep...
Microsoft researchers have identified a new variant of XCSSET, the macOS-targeting malware that has plagued developers since 2020. This family, notorious for spreading through Xcode projects by embedding malicious code, has now evolved with...
Researchers from WatchTowr Labs have reported active exploitation of a critical vulnerability in Fortra’s GoAnywhere MFT file transfer management system. Tracked as CVE-2025-10035, the flaw stems from a deserialization bug in the License Servlet...
Experts at Microsoft Threat Intelligence have documented an attack in which adversaries, for the first time, employed artificial intelligence to disguise phishing code, with the aim of stealing corporate credentials from U.S.-based companies. The...
SmuggleShield is a browser extension that aims to prevent HTML smuggling attacks by detecting common patterns. While this is not a comprehensive or bulletproof solution, it is an attempt to provide an additional layer...
Developers have long placed their trust in tools that allow AI assistants to handle routine tasks—ranging from sending emails to managing databases. Yet that trust has proven a vulnerability: beginning with version 1.0.16, the...