November 26, 2024

In early October, the Russian APT group RomCom exploited two zero-day vulnerabilities, one in Mozilla software and the other in Windows, to spread their backdoor to anyone visiting an infected website, requiring no clicks from the victim.

November 26, 2024

The Advanced Persistent Threat (APT) group, Salt Typhoon, also known as Earth Estries, is recognized as one of China's most effective cyber threat actors.

November 26, 2024

The U.S. Cyber Defense Agency has identified active exploitation of a critical remote code execution vulnerability in SSL VPN products, specifically Array Networks AG and vxAG ArrayOS.

November 25, 2024

Zyxel, a network hardware manufacturer, has alerted users about a ransomware gang that has been exploiting a recently patched command injection vulnerability in its firewalls.

November 23, 2024

A malicious campaign has been detected that exploits a legitimate but outdated Avast Anti-Rootkit driver to bypass detection and take control of the targeted system by disabling security components.

November 22, 2024

Russian state hackers, known as APT28, have successfully breached a U.S. company's enterprise WiFi network using a novel 'nearest neighbor attack' technique.

November 22, 2024

The South Asian threat actor Mysterious Elephant, also identified as APT-K-47, has been seen deploying an advanced version of the Asyncshell malware.

November 21, 2024

Hackers have breached thousands of Palo Alto Networks firewalls by exploiting two recently patched zero-day vulnerabilities.

November 21, 2024

Google's artificial intelligence (AI)-fueled fuzzing tool, OSS-Fuzz, has been instrumental in detecting 26 vulnerabilities in multiple open-source code repositories.

November 19, 2024

Apple has urgently released security patches to rectify two zero-day vulnerabilities that have been used in attacks on Intel-based Mac systems.