.webp)
A sophisticated new botnet family has emerged in the cybersecurity landscape, demonstrating unprecedented innovation in malware design and attack methodologies. The hpingbot malware, first detected in June 2025, represents a significant departure from traditional botnet architectures by leveraging legitimate online…
.webp)
Microsoft Azure’s role-based access control system has been found to contain critical security vulnerabilities that could expose enterprise networks to unauthorized access. Security researchers have identified a combination of over-privileged built-in roles and API implementation flaws that create dangerous attack…
.webp)
The .COM top-level domain continues to dominate the cybercriminal landscape as the primary vehicle for hosting credential phishing websites, maintaining its position as the most extensively abused TLD by threat actors worldwide. Recent intelligence indicates that malicious actors leverage the…
Citrix has issued an urgent advisory warning customers of widespread authentication failures following recent updates to NetScaler builds 14.1.47.46 and 13.1.59.19. The updates, released as part of the company’s ongoing secure-by-design initiative, have inadvertently caused significant disruption to enterprise authentication…
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly…
.webp)
Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than 70 countries since their disclosure in March 2025. The three vulnerabilities—CVE-2025-24813 affecting Apache Tomcat…
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN.
The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have
Deloitte’s new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees. Read More
Microsoft has officially acknowledged a harmless error event appearing in Windows Firewall With Advanced Security logs following the installation of the June 2025 Windows non-security preview update. The company confirmed on July 2, 2025, that the error event, designated as…
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web. Read More
The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware. Read More
Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited. The latest Microsoft Edge Stable Channel Version 138.0.3351.65 incorporates crucial security patches from the Chromium project,…
A major security vulnerability in the Android spyware operation Catwatchful has exposed the complete database of over 62,000 customer accounts, including plaintext passwords and email addresses, according to a security researcher who discovered the breach in June 2025. Canadian cybersecurity…
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security. Read More
The sudden emergence of the “TeamsPhantom” malware in early June rattled school districts and multinational corporations alike. Masquerading as a harmless Microsoft Teams plug-in, the threat weaponized legitimate meeting invitations to sideload a multi-stage loader that siphoned Azure AD refresh…
