Collaborate Disseminate
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known vulnerabilities. Delivering the malware The recently … Continue reading Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 … Continue reading WatchGuard Firebox firewalls under attack (CVE-2025-14733)
When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers… Continue reading Crypto theft in 2025: North Korean hackers continue to dominate
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting user… Continue reading Microsoft 365 users targeted in device code phishing attacks
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that ap… Continue reading Cisco email security appliances rooted and backdoored via still unpatched zero-day
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vu… Continue reading Actively exploited SonicWall zero-day patched (CVE-2025-40602)
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers war… Continue reading Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced today. “The fraudsters used various scams, such as posing as police officers t… Continue reading European police busts Ukraine scam call centers
Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection … Continue reading SoundCloud breached, hit by DoS attacks
Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the release of these updates, Google fixed CVE-2025-14174 in the desktop version of … Continue reading Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)