Threat Note

 A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines. The flaw affects OpenVPN releases from 2.7_alpha1 to…

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity "reveals a notable evolution in SideWinder's TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in

 The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications. On October 27, 2025, Apache disclosed two…

A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season. Read More  

While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team. Read More  

 In late 2025, a staggering 81% of broadband users were found to have never changed their router’s default administrative password, opening the door to significant malware risk. This widespread negligence…

AI's explosive growth has lifted cybersecurity to the top of the board's agenda. Here's how CISOs can seize the moment, according to Diana Kelley. Read More  

 The emergence of Pegasus and Predator spyware over the past several years has transformed the landscape of mobile device security. These advanced malware strains—deployed by sophisticated threat actors for surveillance…

 New York, New York, USA, October 27th, 2025, CyberNewsWire nsKnox, a leader in payment security, today announced the launch of Adaptive Payment Security, a groundbreaking enhancement to its PaymentKnox platform…

 Ubiquiti’s UniFi Access application has been found vulnerable to a critical flaw that leaves its management API exposed without authentication. Discovered by Catchify Security, this issue allows malicious actors on…

Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service. To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, by November 10, 2025. "After November 10, if you

The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats. Read More  

[[{"value":"Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions.  The post Chainguard Raises $280 Million in Growth Funding appeared first on…

 Predatory Sparrow has emerged as one of the most destructive cyber-sabotage groups targeting critical infrastructure across the Middle East, with operations focused primarily on Iranian and Syrian assets. The hacktivist…