Your blog category
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows – ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate…
The notorious Russian state-sponsored group relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. “As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)
What is the Vulnerability? CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form content types, allowing attackers to override internal request parsing state. This allows unauthenticated attackers to: – Read arbitrary files from the server filesystem – Extract…
The CrowdStrike-SGNL deal underscores how identity security has become a critical component of enterprise cybersecurity as companies add cloud services and deploy AI-driven tools.
Exploitation of CVE-2025-37164 can enable remote code execution on HPE’s IT infrastructure management platform, leading to devastating consequences.
Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server.
The “ZombieAgent” exploit makes use of ChatGPT’s long-term memory and advanced capabilities.
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. “The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact…