New AITM phishing wave hijacks TikTok Business accounts

A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of... Read more »

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Aquasecurity Trivy... Read more »

China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has... Read more »

U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw,... Read more »

Coruna exploit reveals evolution of Triangulation iOS exploitation framework

Kaspersky found Coruna iOS exploits reuse updated code from the 2023 Operation Triangulation attacks, suggesting a possible link. Kaspersky researchers discovered that the Coruna iOS exploit kit uses an... Read more »

Researchers uncover WebRTC skimmer bypassing traditional defenses

Researchers found a new skimmer using WebRTC to steal and send payment data, bypassing traditional security controls. Sansec researchers discovered a new payment skimmer that uses WebRTC data channels instead... Read more »

Russian authorities arrest alleged LeakBase admin behind stolen data marketplace

Russian authorities arrested the alleged LeakBase admin for running a marketplace selling stolen data since 2021. Russian law enforcement has arrested the suspected administrator of LeakBase, a cybercrime forum... Read more »

Russian national convicted for running botnet used in attacks on U.S. firms

A Russian hacker got 2 years in prison, $100K fine, and $1.6M judgment for running a botnet used in ransomware attacks on U.S. firms. Russian national Ilya Angelov (40)... Read more »

Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX... Read more »

Recent Navia data breach impacts HackerOne employee data

A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that a data breach at Navia Benefit Solutions exposed the... Read more »
Subscribe to our Newsletter