Malware & Threats
Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild.
Hi, what are you looking for?
SecurityWeek
Malware & Threats
Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.
Malware & Threats
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.
Government
Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.
Malware & Threats
Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.
Malware & Threats
Cato Networks has analyzed a new IoT botnet named Ballista, which targets TP-Link Archer routers.
Malware & Threats
Binance is being spoofed in an email campaign using free TRUMP Coins as a lure leading to the installation of the ConnectWise RAT.
Malware & Threats
GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers.
IoT Security
Multiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution.
Malware & Threats
Microsoft has uncovered a malvertising campaign that redirected users to information stealers hosted on GitHub.
Malware & Threats
The $1.4 billion ByBit cryptocurrency heist combined social engineering, stolen AWS session tokens, MFA bypasses and a rigged JavaScript file.
IoT Security
A second iteration of the BadBox botnet that affected over one million Android devices has been partially disrupted.
Malware & Threats
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
IoT Security
The Eleven11bot botnet has been described as one of the largest known DDoS botnets observed in recent years.
Malware & Threats
CrowdStrike has published its 2025 Global Threat Report, which warns of faster breakout time and an increase in Chinese activity.
Malware & Threats
New Linux malware named Auto-Color, which allows full remote access to compromised devices, targets North America and Asia.
Malware & Threats
A China-linked botnet powered by 130,000 hacked devices has targeted Microsoft 365 accounts with password spraying attacks.
Cloud Security
Seattle startup building technology to mitigate lateral movement and block “living off the land” techniques wins interest from investors.
Malware & Threats
ESET says hundreds of freelance software developers have fallen victim to North Korean hackers posing as recruiters.
Cybercrime
China-linked cyberespionage toolkits are popping up in ransomware attacks, forcing defenders to rethink how they combat state-backed hackers.
Malware & Threats
A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.
Malware & Threats
Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations.
Malware & Threats
A newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server.
Malware & Threats
Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.
(Etay Maor)
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.
(Joshua Goldfarb)
AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind.
(Trevin Edgeworth)
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.
(Marc Solomon)
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
(Torsten George)