Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads…

The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet. AUG. 28 GOOD NEWS: FIX IS NOW DEPLOYED IN STABLE REPOS FOR AFFECTED SUPPORTED VERSIONS, INCLUDING…

Check Point Research exposes ZipLine, an advanced phishing campaign targeting U.S. manufacturing with MixShell malware and AI-themed lures

WhatsApp Security Advisories 2025 - List of security fixes for WhatsApp products

Microsoft Teams phishing is rising fast. See how attackers bypass defenses—and get practical detection logic and hunting queries for your SOC.

On August 21, GreyNoise observed a sharp surge in scanning against Microsoft Remote Desktop (RDP) services.

Contribute to mistymntncop/CVE-2025-5419 development by creating an account on GitHub.

VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF an...

Clear NDR - Community by Stamus Networks is a free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM) and threat hunting implementation created and maintained by Stamus Networks.…

Discover its origin, how it compromises macOS and more importantly, how the JTL detected this malicious threat to keep Jamf customers safe.

ESET Research has discovered HybridPetya, a copycat of the infamous Petya/NotPetya malware that adds the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.

Kawa4096 Ransomware: Leveraging Brand Mimicry for Psychological Impact ASEC

How One Token Could Have Compromised Every Microsoft Entra ID Tenant on Earth, And Why It’s Time for Authorityless SecurityRecently, security researcher Dirk-Ja

CVE-2025-56383-Proof-of-Concept. Contribute to zer0t0/CVE-2025-56383-Proof-of-Concept development by creating an account on GitHub.

Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications.

CloudSEK uncovered a large-scale Loader-as-a-Service botnet distributing RondoDoX, Mirai, and Morte payloads through SOHO routers, IoT devices, and enterprise apps. Exploiting weak credentials, unsanitized inputs, and old CVEs, the campaign surged 230% in…

Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.