note

[[{"value":"SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor. The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek."}]] Read More  

 A significant security vulnerability discovered in the widely used Sudo utility has remained hidden for over 12 years, potentially exposing millions of Linux and Unix systems to privilege escalation attacks. …

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

 A hacktivist collective known as Keymous+ has emerged as a significant threat actor in the global cybersecurity landscape, claiming responsibility for over 700 distributed denial-of-service (DDoS) attacks throughout 2025. The…

 A newly disclosed critical vulnerability in Wing FTP Server has been assigned CVE-2025-47812 with a maximum CVSSv4 score of 10.0, allowing unauthenticated attackers to achieve complete server control.  The vulnerability,…

 Windows Shortcut (LNK) files, traditionally used for creating quick access links to applications and files, have emerged as a prominent attack vector in the cybersecurity landscape. These seemingly innocuous files,…

 A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices.  The vulnerability, designated CVE-2025-20309 with a maximum CVSS…

 A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in…

 CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild.  The vulnerability, designated CVE-2025-6554, affects the Chromium V8…

 Cybercriminals have significantly escalated their use of PDF attachments as attack vectors, leveraging the trusted document format to impersonate major brands including Microsoft, DocuSign, Dropbox, PayPal, and Adobe in sophisticated…

 A newly identified security vulnerability in the Cl0p ransomware group’s data exfiltration utility has exposed a critical remote code execution (RCE) flaw that security researchers and rival threat actors could…

 A significant cybersecurity incident at Esse Health has compromised the personal and health information of approximately 263,000 patients, marking one of the most substantial healthcare data breaches of 2025. The…

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

 A sophisticated new macOS malware campaign has emerged targeting Web3 and cryptocurrency platforms, employing advanced techniques rarely seen in Apple’s ecosystem. The malware, designated as NimDoor by security researchers, represents…

 A critical security vulnerability has been discovered in popular Integrated Development Environments (IDEs) that allows malicious actors to bypass trust verification systems and execute code on developer machines while maintaining…