Sitecore flaw was being used to deploy reconnaissance malware as well as numerous legitimate tools.

The Share and Defend service was introduced last year and is defending UK netizens from scammers.

Virtual disk files allow cybercriminals to bypass security protections.

Kaspersky found a threat actor abusing the popular EPP solution in BYOVD attacks.

A workaround and a patch are already available but many firms have already been breached.

SVG files used to trick people into downloading malicious DLLs.

GoAnywhere bug was discovered and patched weeks ago, but crooks are still using it to drop encryptors.

Sophos is cutting 6% of its jobs following its $859 million acquisition of Secureworks.

Sophos patched three flaws it found in its firewall, including two critical issues.

A NAKIVO bug patched in November 2024 has been added to CISA's KEV catalog, so update now.

Microsoft Trusted Signing is being abused to grant malware short-lived certificates and help it bypass endpoint protection.

HP research highlights rise in the abuse of verification tests.

This was not a ransomware attack, BeyondTrust confirms, but users should still be wary.

A stealthy malware campaign uses Google OAuth URLs to inject dynamic JavaScript attacks that bypass antivirus software.

The hackers are using custom malware to target foreign governments.

A patch is already available, so SonicWall users should update immediately.

There's been an uptick in malicious VPN logins lately, but no one knows how they happened yet.

Microsoft's native support for additional archive formats increases bypass risks, Cofense claims.

Citrix urges users to apply the patch without delay to stay protected.

Hackers started abusing GoAnywhere MFT bug a week before the patch was released.

Cisco bug was also added to CISA's KEV.

Advanced phishing exploits blend social engineering with trusted platforms to breach defences.

Data Splicing Attacks expose the inability of current DLP tools to detect insider-driven data leaks through browsers.

Google unveils AI-powered Drive features to detect ransomware, highlighting Microsoft vulnerabilities, antivirus shortcomings, and layered protection.

DigiCert acquires Valimail to integrate zero-trust email authentication, targeting phishing and spoofing threats.

North Korean hacker intensifies cyber-espionage efforts by targeting media organizations and experts in South Korean affairs.

Security researchers found six flaws in popular Rsync tool including a critical-severity RCE bug.

Researchers criticize the way Veeam handled deserialization flaws.

Synology swiftly patched critical zero-click vulnerabilities in its NAS devices.

The Visual Studio Marketplace and the Open VSX Registry users are targeted once again with infostealing malware.