2025Ravie

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

AndyC 1 December 2025

Nov 30, 2025Ravie LakshmananHacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities...

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

AndyC 29 November 2025

Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave...

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

AndyC 29 November 2025

Nov 28, 2025Ravie LakshmananSupply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued...

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

AndyC 29 November 2025

Nov 28, 2025Ravie LakshmananEmail Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows...

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

AndyC 28 November 2025

Nov 27, 2025Ravie LakshmananMalware / Social Engineering The threat actor known as Bloody Wolf has been attributed to a cyber...

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

AndyC 28 November 2025

Nov 27, 2025Ravie LakshmananWeb Security / Zero Trust Microsoft has announced plans to improve the security of Entra ID authentication...

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

AndyC 28 November 2025

Nov 27, 2025Ravie LakshmananCybersecurity / Hacking News Hackers have been busy again this week. From fake voice calls and AI-powered...

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

AndyC 28 November 2025

Nov 27, 2025Ravie LakshmananRansomware / Cloud Security Gainsight has disclosed that the recent suspicious activity targeting its applications has affected...

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

AndyC 27 November 2025

Nov 26, 2025Ravie LakshmananBrowser Security / Cryptocurrency Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store...

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

AndyC 27 November 2025

Nov 26, 2025Ravie LakshmananMalware / Cyber Espionage The threat actors behind a malware family known as RomCom targeted a U.S.-based...

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

AndyC 26 November 2025

Nov 25, 2025Ravie LakshmananData Exposure / Cloud Security New research has found that organizations in various sensitive sectors, including governments,...

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

AndyC 26 November 2025

Nov 25, 2025Ravie LakshmananMalware / Vulnerability The threat actor known as ToddyCat has been observed adopting new methods to obtain...

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

AndyC 26 November 2025

Nov 25, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender...

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

AndyC 25 November 2025

Nov 25, 2025Ravie LakshmananSpyware / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert...

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

AndyC 25 November 2025

Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight...

2025Ravie

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

What is secrets sprawl and how does it impact NHIs

I am not a robot: ClickFix used to deploy StealC and Qilin

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed