A newly disclosed critical vulnerability in Wing FTP Server has been assigned CVE-2025-47812 with a maximum CVSSv4 score of 10.0, allowing unauthenticated attackers to achieve complete server control. The vulnerability, discovered by security researcher Julien Ahrens from RCE Security, affects…
.webp)
Windows Shortcut (LNK) files, traditionally used for creating quick access links to applications and files, have emerged as a prominent attack vector in the cybersecurity landscape. These seemingly innocuous files, identifiable by their small arrow icon overlay, are increasingly being…
A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices. The vulnerability, designated CVE-2025-20309 with a maximum CVSS score of 10.0, affects Engineering Special releases and stems from…
A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in prison at Inner London Crown Court. The case represents a…
CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild. The vulnerability, designated CVE-2025-6554, affects the Chromium V8 JavaScript engine and has been added to CISA’s Known Exploited…
.webp)
Cybercriminals have significantly escalated their use of PDF attachments as attack vectors, leveraging the trusted document format to impersonate major brands including Microsoft, DocuSign, Dropbox, PayPal, and Adobe in sophisticated phishing campaigns. These attacks exploit the widespread trust users place…
A newly identified security vulnerability in the Cl0p ransomware group’s data exfiltration utility has exposed a critical remote code execution (RCE) flaw that security researchers and rival threat actors could potentially exploit. The vulnerability, designated as GCVE-1-2025-0002, was published on…
A significant cybersecurity incident at Esse Health has compromised the personal and health information of approximately 263,000 patients, marking one of the most substantial healthcare data breaches of 2025. The Missouri-based healthcare provider discovered suspicious network activity on April 21,…
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.
The vulnerability, tracked as CVE-2025-20309, carries a CVSS score
.webp)
A sophisticated new macOS malware campaign has emerged targeting Web3 and cryptocurrency platforms, employing advanced techniques rarely seen in Apple’s ecosystem. The malware, designated as NimDoor by security researchers, represents a significant evolution in macOS threats through its use of…
.webp)
A critical security vulnerability has been discovered in popular Integrated Development Environments (IDEs) that allows malicious actors to bypass trust verification systems and execute code on developer machines while maintaining the appearance of legitimate, verified extensions. The flaw affects some…
Passengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info. Read More
Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls. Read More
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network. Read More
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer. Read More
