Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already ...

It has been seen spreading cryptojacking malware and in attempts to steal cloud credentials from compromised machines.

Microsoft quietly patched CVE-2025-9491, a Windows LNK flaw abused by state actors since 2017 for malware attacks ...

Iran's top state-sponsored APT tried out some interesting evasion tactics in a recent spate of attacks, delving into Snake, ...

Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime ...

Water Saci has upgraded its self-propagating malware to compromise banks and crypto exchanges by targeting enterprise users ...

Microsoft has silently mitigated CVE-2025-9491, a Windows vulnerability exploited to distribute malware via LNK files ...

Researchers found a fake Ethereum helper package on crates.io that secretly downloaded OS-specific payloads and executed them on developer machines.

MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook.

Microsoft has retired its standalone Mesh platform as of Dec. 1 and moved its 3D meeting capabilities into Teams through a new immersive events feature, now generally available.

Large language models are no longer just productivity tools or coding assistants; they are rapidly becoming force multipliers for cybercrime. As guardrails on mainstream systems tighten, a parallel ...

A new cyberattack is using cloned adult websites and a convincing full-screen Windows Update display to trick users into running malicious commands that install multiple password-stealing malware, ...