Aquabot botnet exploits CVE-2024-41710 in Mitel phones, using a public PoC to deploy DDoS malware since January 2025.

Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a ...

Lazarus Group’s Phantom Circuit hit 233 victims with trojanized software, using React and Node.js for control.

Three critical vulnerabilities in PHP Voyager allow remote code execution, XSS, and file deletion, with no patches since disclosure on September 11, 2 ...

SLAP & FLOP attacks exploit Apple M-series speculative execution flaws, leaking emails, location data, and credit cards via ...

CVE-2025-22604 in Cacti (CVSS 9.1) enables authenticated attackers to execute remote code. Upgrade to version 1.2.29 to ...

The Interlock ransomware group begins its attack with a strategic and highly deceptive method known as a Drive-by Compromise.

UAC-0063 was first flagged by the Romanian cybersecurity company in May 2023 in connection with a campaign that targeted government entities in Central Asia with a data exfiltration malware known as ...

VMware Avi Load Balancer flaw (CVE-2025-22217, CVSS 8.6) enables unauthenticated SQL injection. No workarounds exist—Broadcom ...

Critical zero-day vulnerability CVE-2024-40891 in Zyxel CPE devices is under active attack, affecting 1,500+ devices.

DeepSeek’s chatbot app tops Apple’s U.S. free chart, but malicious attacks force registration limits. Privacy concerns arise ...

Long, complex passwords with bcrypt take 27,154 years to crack, but reused or breached credentials remain a top vulnerability ...