Collaborate Disseminate
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of bounds read and write vulnerability in V8, the JavaScript and WebAssembly en… Continue reading Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional su… Continue reading Attackers breached ConnectWise, compromised customer ScreenConnect instances
Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup f… Continue reading Microsoft unveils “centralized” software update tool for Windows
A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MD… Continue reading Attackers hit MSP, use its RMM software to deliver ransomware to clients
The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in Europe and North America, and they dubbed it Laundry Bear. “Compared to … Continue reading Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec … Continue reading Vulnerabilities found in NASA’s open source software
CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that … Continue reading Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, seem AI-m… Continue reading TikTok videos + ClickFix tactic = Malware infection
Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service … Continue reading DanaBot botnet disrupted, QakBot leader indicted
Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service … Continue reading DanaBot botnet disrupted, QakBot leader indicted