Ionut Arghire

US representatives and senators have reintroduced a bipartisan bill to support the cybersecurity of small water and wastewater utilities.

A year-old vulnerability in a third-party ChatGPT tool is being exploited against financial entities and US government organizations.

Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.

Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns.

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment.

Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems.

The newly discovered SuperBlack ransomware has been exploiting two vulnerabilities in Fortinet firewalls.

Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs.

Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.

The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play.

CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations.

360 Privacy has raised $36 million in equity investment to scour the surface and dark web for leaked PII and remove it.

FTC says reported losses to fraud exceeded $12.5 billion in 2024, with $5.7 billion lost to investment scams.

Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023.

Hackers used compromised credentials to access PowerSchool’s PowerSource portal months before the December 2024 data breach.

The New York Attorney General sued National General and its parent company Allstate over two data breaches.

SAP released 21 new security notes and updated three security notes on March 2025 security patch day.

South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign.

CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog.