December 16, 2024

The Serbian government has been accused of exploiting Qualcomm zero-day vulnerabilities to infect Android devices with a new spyware named 'NoviSpy,' which has been used to spy on activists, journalists, and protestors.

December 15, 2024

The Clop ransomware group has publicly confirmed its involvement in recent data-theft attacks on Cleo, a company that develops managed file transfer platforms.

December 13, 2024

The Cleo managed file transfer tool is currently under threat from an active ransomware campaign, which is expected to intensify following the public availability of a proof-of-concept exploit for a zero-day flaw in the software.

December 11, 2024

Russian cyber-espionage group Turla, also known as 'Secret Blizzard', is reportedly using the infrastructure of other threat actors to target Ukrainian military devices linked to Starlink.

December 11, 2024

Ivanti has patched a critical vulnerability in its Cloud Services Appliance (CSA) solution that could have allowed an unauthenticated attacker to bypass authentication and gain administrative access.

December 11, 2024

Microsoft's final Patch Tuesday updates for 2024 included fixes for 72 security flaws across its software range, one of which is currently being exploited.

December 11, 2024

On Tuesday, the U.S. government unveiled charges against a Chinese individual named Guan Tianfeng, also known as gbigmao and gxiaomao.

December 10, 2024

The ransomware group known as 'Termite' is believed to be responsible for a string of attacks exploiting a zero-day vulnerability in Cleo's LexiCom, VLTransfer, and Harmony file transfer software.

December 10, 2024

A serious security flaw has been identified in WPForms, a WordPress plugin deployed across more than 6 million websites.

December 9, 2024

A second zero-day vulnerability has been discovered in Windows NTLM, following the one found two months prior, creating a path for potential relay attacks and credential theft.