Collaborate Disseminate
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield prove… Continue reading Fake browser crash alerts turn Chrome extension into enterprise backdoor
Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attac… Continue reading Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)
A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an as-yet unknown number of travelers. What data was accessed? Eurail B.V. operates … Continue reading Sensitive data of Eurail, Interrail travelers compromised in data breach
A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising the urgency for organizations to patch immediately. About CVE-2025-64155 CVE-… Continue reading PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)
Browser-in-the-Browser (BitB) phishing attacks are on the rise, with attackers reviving and refining the technique to bypass user skepticism and traditional security controls. BitB phishing: Dangerous and effective For BitB phishing, attackers create a… Continue reading Browser-in-the-Browser phishing is on the rise: Here’s how to spot it
News of a possible Instagram data breach spread over the weekend after Malwarebytes reported that cybercriminals had stolen sensitive information from 17.5 million Instagram accounts, potentially leading to a surge in password reset requests. Users hav… Continue reading There was no data breach, Instagram says
An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inc… Continue reading Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. … Continue reading PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 million) to implement it. Setting up a Government Cyber Unit “Cyber attac… Continue reading UK announces grand plan to secure online public services
Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge… Continue reading Fake Booking.com emails and BSODs used to infect hospitality staff