Apple's macOS Tahoe Faces Early Security Challenge with LPE Vulnerability Discovery
Just four days after Apple announced macOS Tahoe at WWDC 2025, security researcher Csaba Fitzl has uncovered a local privilege escalation (LPE) vulne…
Security
CISA Warns of Ransomware Attacks Targeting SimpleHelp RMM Software
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning organizations about ongoing ransomware attacks expl…
Zero-Click Spyware Attacks Compromised iOS Devices Through iMessage Vulnerability
Security researchers have obtained the first forensic confirmation that Paragon Solutions' Graphite spyware successfully infiltrated iOS devices …
EchoLeak - Zero-Click AI Vulnerability Discovered in Microsoft 365 Copilot
Security researchers at Aim Labs have uncovered a sophisticated zero-click vulnerability dubbed " EchoLeak " that enables attackers to auto…
Stealth Falcon Exploits Zero-Day CVE-2025-33053 Against Middle East Defense Targets
Check Point Research has uncovered a sophisticated cyber espionage campaign orchestrated by the Stealth Falcon APT group, which exploited a previousl…
Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems
Security researchers have uncovered two significant vulnerabilities that can completely bypass Secure Boot protections on UEFI-compatible systems, po…
Critical Signature Verification Flaw Discovered in OpenPGP.js Library
A critical vulnerability in the widely used OpenPGP.js library has been discovered that allows attackers to spoof message signatures, potentially com…
AT&T Data Breach Exposes 86 Million Customer Records
Cyber crooks have leaked the AT&T database, which was reportedly stolen by the ShinyHunters group in April 2024 after they exploited major securi…
Major Data Breach Exposes 3.6 Million Records from App-Building Platform
A security researcher has disclosed a non-password protected database linked to an app-building platform designed for creators, coaches, influencers,…
Cybercriminals Exploit Salesforce Accounts Through Voice Phishing to Steal Corporate Information
Google Threat Intelligence Group has identified a financially motivated cybercrime operation that has successfully compromised multiple organisations…
Critical GPU Flaws Disclosed by Qualcomm and ARM Impact Billions of Mobile Devices
Major semiconductor companies Qualcomm and ARM have simultaneously released urgent security bulletins addressing critical vulnerabilities in their gr…
10-Year-Old Vulnerability Discovered in Roundcube Webmail Affects Millions of Hosts
A critical security vulnerability that remained hidden for nearly a decade has been discovered in Roundcube Webmail, potentially affecting over 53 mi…
Critical Microsoft Scripting Engine Zero-Day Exploited in Wild, PoC Now Public
Microsoft, in its May 2025 patch Tuesday update, addressed 72 vulnerabilities, including five zero-days. One zero-day vulnerability in its Scripting …
Deloitte's GitHub Credentials and Source Code Allegedly Exposed in Dark Web Leak
Global consulting giant Deloitte is confronting new cybersecurity allegations after a threat actor claiming the alias "303" reportedly post…
Critical RCE Flaw Discovered in D-Tale Data Visualization Tool
A critical security vulnerability has been discovered in D-Tale, a popular data visualization tool, allowing attackers to execute arbitrary system c…
Massive Data Breach Exposes 184 Million Login Credentials Across Major Platforms
A cybersecurity researcher has uncovered one of the largest data breaches in recent memory, exposing over 184 million unique login credentials for ma…
Self-Spreading Dero Mining Malware Targets Docker Containers in Zombie-Like Campaign
Cybersecurity researchers at Kaspersky have uncovered a sophisticated malware campaign that spreads through containerized environments like a digital…
Microsoft Exposes New Russian Cyber Espionage Group Targeting NATO Allies
Microsoft Threat Intelligence has identified a sophisticated new Russian-affiliated threat actor called Void Blizzard , also known as LAUNDRY BEAR , …
Global Takedown Disrupts LummaC2 Information-Stealing Malware Operation
Coordinated effort by Microsoft, DOJ, and international partners dismantles infrastructure behind malware that infected nearly 400,000 computers worl…
Critical VM Escape Vulnerability Discovered in Oracle VirtualBox
Security researchers from Google's Security Research team have disclosed a high-severity vulnerability in Oracle's VirtualBox virtualization …