Ionut Arghire

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution.

Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.

The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.

Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.

Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products.

Patches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.

Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.

Horizon3.ai has raised $100 million to expand product capabilities, and to scale its partner ecosystem and federal market presence.

Google and Mozilla have released patches for a combined total of four high-severity memory bugs in Chrome and Firefox.

The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports.

Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation.

SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges.

Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.

iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US.

The US is seeking the forfeiture of $7.74 million in cryptocurrency in frozen wallets tied to North Korean fake IT workers schemes.