Vulnerabilities

The attacks remained undetected for an average of 393 days, allowing the attackers to siphon off sensitive data for over a year in some cases.  ​ Read More  ​ 

The multi-stage approach represents an evolution in Coldrivers's tactics, which previously relied mostly on credential phishing.  ​ Read More  ​ 

The company urges all users of the SMA 100 series, including SMA 210, 410, and 500v models, to upgrade as soon as possible.  ​ Read More  ​ 

The intruders moved laterally across the agency's network, targeting and infiltrating a web server and an SQL server.  ​ Read More  ​ 

The flaw, tracked as CVE-2025-59689, impacts ESG versions 4.5 through 5.5.x, up to but not including 5.5.7.  ​ Read More  ​ 

The network included over 300 SIM servers and 100,000 SIM cards.  ​ Read More  ​ 

The technique exploits legitimate Windows components to force EDR and antivirus processes into a suspended or ‘coma’ state.  ​ Read More  ​ 

The media company in question was part of a wider disinformation network financed through a complex money-laundering scheme.  ​ Read More  ​ 

The company plans to introduce new security measures aimed at reducing the risks posed by token abuse, credential theft, and malware propagation.  ​ Read More  ​ 

The threat actor sends highly targeted phishing emails that look like job offers from HR recruiters.  ​ Read More  ​ 

The attackers are using SEO poisoning to manipulate Google and Bing search results.  ​ Read More  ​ 

The SIM cards were used to enhance the communication and navigation systems of combat UAVs.  ​ Read More  ​ 

The cyberattack targeted software systems provided by US defense and aviation firm Collins Aerospace.  ​ Read More  ​ 

The flaw stems from a deserialization of untrusted data issue, which can be exploited without user interaction in low-complexity attacks.  ​ Read More  ​ 

In brief: Google patches a Chrome zero-day flaw, Gamaredon and Turla join efforts in attacks on Ukraine, and more.  ​ Read More  ​