July 25, 2024

Cybercriminals are exploiting critical Remote Code Execution (RCE) flaws in ServiceNow, a widely used cloud-based platform, to steal credentials.

July 25, 2024

The Andariel group, also known by other names such as Silent Chollima, Onyx Sleet, and Stonefly, is a North Korean cyber-espionage group that is systematically stealing data from organizations in the US and other countries.

July 25, 2024

Progress Software has alerted its customers to a critical remote code execution (RCE) security flaw in the Telerik Report Server.

July 25, 2024

Cybersecurity researchers have discovered a privilege escalation vulnerability in the Google Cloud Platform's Cloud Functions service, which has been named 'ConfusedFunction'.

July 25, 2024

Docker has issued a warning about a critical vulnerability affecting certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) in certain situations.

July 24, 2024

Docker has implemented security updates to rectify a critical vulnerability that could potentially allow an attacker to bypass authorization plugins under specific circumstances.

July 24, 2024

Cybercriminals are exploiting a vulnerability in Microsoft Defender SmartScreen, CVE-2024-21412, in an ongoing global infostealing campaign.

July 24, 2024

Chinese APT group Daggerfly, also known as Evasive Panda or Bronze Highland, has updated its malware toolkit with a new malware family and an enhanced version of the Macma macOS backdoor.

July 24, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) list with the addition of two more security flaws that have evidence of active exploitation.

July 23, 2024

The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning regarding a spear-phishing campaign aimed at a Ukrainian scientific research institution.