CISA has added a high-severity VMware vulnerability (CVE-2025-41244) to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation by China-linked […]
CISA Warns of Active Exploitation of Critical VMware Flaw (CVE-2025-41244) Read More »
A new threat report indicates that nearly half of all organizations that pay a ransom to cybercriminals are unable to
Report: Nearly Half of Ransomware Victims Who Pay Cannot Recover Their Data Read More »
Ribbon Communications, a major US firm that provides critical technology for telecom networks (including for government and major carriers), disclosed
US Telecom Firm Ribbon Communications Hacked by Suspected Nation-State Read More »
The Canadian Centre for Cyber Security issued an alert warning that hacktivist groups are actively breaching critical infrastructure. Recent attacks
Canada Warns of Hacktivists Targeting Exposed ICS in Critical Infrastructure Read More »
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The flaws are
CISA Adds Actively Exploited VMware & XWiki Flaws to KEV Catalog Read More »
CISA and the NSA have jointly released “Microsoft Exchange Server Security Best Practices,” a guide to help organizations harden on-premises
CISA & NSA Release Hardening Guide for On-Premises Microsoft Exchange Read More »
A critical unauthenticated arbitrary file upload vulnerability (CVE-2025-5678, CVSS 9.8) has been found in the FormCraft Pro WordPress plugin, installed
Critical Vulnerability in Popular WordPress Plugin “FormCraft Pro” Allows Site Takeover Read More »
The Iranian state-sponsored group Charming Kitten (aka APT35, Phosphorus) has been observed deploying a previously unseen backdoor named “GhostEcho.” The
Iranian APT “Charming Kitten” Uses New Backdoor in Espionage Campaigns Read More »
A new ransomware variant named “DataViper” has emerged, specifically scanning the internet for and targeting publicly exposed, misconfigured databases (like
New “DataViper” Ransomware Targets Misconfigured Databases Read More »
Threat actors are using real-time AI voice modification and deepfake audio to bypass voice biometric authentication and trick human agents
AI-Powered Vishing Attacks Bypass Traditional Call Center Security Read More »
