Ionut Arghire

Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.

Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.

CISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow.

Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.

CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released.

The DragonForce ransomware group has claimed responsibility for the recent cyberattacks on UK retailers Co-op, Harrods, and M&S.

PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog.

The US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations.

Major UK retailers Co-op, Harrods, and M&S are scrambling to restore services that were affected by cyberattacks.

Microsoft is prioritizing passwordless sign-in and sign-up methods, and is making new accounts passwordless by default.

Ukrainian national Artem Stryzhak was extradited to the US and charged with using Nefilim ransomware in attacks on large businesses.

Commvault provides indicators of compromise and mitigation guidance after a zero-day exploit targeting its Azure environment lands in CISA’s KEV catalog.

ESET has analyzed Spellbinder, the IPv6 SLAAC spoofing tool Chinese APT TheWizards uses to deploy its WizardNet backdoor.

SonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild.

Ascension is notifying over 100,000 people that their personal information was stolen in a data breach potentially linked to the Cleo hack.

Meta has released new Llama protection tools to help the open source AI community build more secure applications.

France says the Russian state-sponsored group APT28 is responsible for targeting or compromising a dozen French entities.

Vulnerabilities in Apple’s AirPlay protocol could have allowed attackers to execute code remotely without user interaction.

Chrome 136 and Firefox 138 were released in the stable channel with patches for multiple high-severity vulnerabilities.

Cybersecurity awareness training platform Pistachio has raised $7 million in a Series A funding round led by Walter Ventures.