Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.

CVE-2025-27007 exploited in OttoKit WordPress plugin before v1.0.83 enables admin creation without authentication.

All four vulnerabilities have been rectified by SysAid with the release of on-premise version 24.4.60 b16 in early March 2025 ...

The exploitation of CVE-2025-29824 also points to the trend of ransomware actors using zero-days to infiltrate targets. Last ...

A new report Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection analyzing gaps in SSE implementations ...

PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary ...

Third-party breaches doubled to 30% in 2025 + ungoverned machine accounts fueled major attacks + unified identity strategy is ...

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) ...

Microsoft warns default Helm charts expose Kubernetes apps by prioritizing ease over security, risking data leaks.

Human Error Happens: Misconfigurations, accidental deletions, or improper access changes can disrupt critical identity ...

The vulnerabilities, in a nutshell, could enable zero- or one-click remote code execution (RCE), access control list (ACL) and user interaction bypass, local arbitrary file read, information ...