Security

New Browser Security Report Highlights Emerging Enterprise Threats

A new Browser Security Report 2025 reveals a fundamental shift in the corporate threat landscape. The user’s browser has become the central hub where identity, SaaS, and AI-related risks converge. Traditional security tools, operating at a lower level, are failing to protect this new, parallel attack surface where unmanaged extensions, personal AI accounts, and stolen […]

New Browser Security Report Highlights Emerging Enterprise Threats Read More »

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach

Network security giant SonicWall has officially confirmed that a sophisticated state-sponsored threat actor was responsible for a September security incident. The breach resulted in the unauthorized access of firewall configuration backup files from a specific cloud environment, though the company has assured customers that its core products and firmware remain unaffected. Isolated Breach in a

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach Read More »

New Business Email Protection Method Blocks Phishing Attack Behind NPM Breach

A highly sophisticated phishing campaign successfully targeted high-profile developers on the NPM registry in September 2025, leading to one of the most significant supply chain attacks in its history. The attackers combined convincing social engineering with technical precision to steal credentials and inject malicious code into widely used packages, ultimately aiming to hijack cryptocurrency transactions.

New Business Email Protection Method Blocks Phishing Attack Behind NPM Breach Read More »

CISA and NSA Release Critical Security Guidance for WSUS and Microsoft Exchange Servers

In a joint cybersecurity advisory, U.S. and international agencies have released critical guidance to help organizations fortify their on-premise Microsoft Exchange Server environments against persistent threats. The guidance emphasizes that unprotected and misconfigured instances remain prime targets for malicious actors and outlines a comprehensive strategy to secure these vital communication hubs. A Unified Call to

CISA and NSA Release Critical Security Guidance for WSUS and Microsoft Exchange Servers Read More »

AI-Targeted Cloaking Attack Tricks Crawlers Into Citing False Information as Verified Facts

A novel cybersecurity threat is targeting the very foundation of agentic AI browsers, a development that could allow malicious actors to poison the information these systems retrieve and present as undeniable truth. This sophisticated “cloaking” technique exploits the trust AI models place in their web crawlers, creating a ripe opportunity for widespread misinformation and manipulation.

AI-Targeted Cloaking Attack Tricks Crawlers Into Citing False Information as Verified Facts Read More »

TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A team of academic researchers from Georgia Tech, Purdue University, and Synkhronix has developed TEE.Fail, a practical side-channel method that can extract secrets from processor-based trusted execution environments, including Intel SGX, Intel TDX, AMD SEV-SNP, and Ciphertext Hiding. The technique uses inexpensive, off-the-shelf electronics to inspect DDR5 memory traffic, exposing weaknesses in current CPU TEE

TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves Read More »

CISA Confirms Active Exploitation of Critical Lanscope Endpoint Manager Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog. According to the agency, the flaw has been actively exploited in the wild, posing a significant risk to organizations using unpatched versions. Identified as CVE-2025-61932 and rated 9.3 (CVSS

CISA Confirms Active Exploitation of Critical Lanscope Endpoint Manager Vulnerability Read More »

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025

The first day of Pwn2Own Ireland 2025 concluded with remarkable results, as security researchers discovered 34 distinct zero-day vulnerabilities across a variety of smart devices. Every single exploit attempt succeeded, resulting in a total prize payout of $522,500. The event, taking place in Cork, Ireland, from October 21 to 24, brings together elite hackers to

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025 Read More »

CISA Adds Five Actively Exploited Vulnerabilities to Catalog Targeting Oracle and Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. This update officially confirms that a newly disclosed flaw in Oracle E-Business Suite (EBS) has been weaponized in real-world attacks, posing serious risks to organizations using affected systems. Oracle E-Business Suite Flaws Under Attack

CISA Adds Five Actively Exploited Vulnerabilities to Catalog Targeting Oracle and Microsoft Read More »

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams

Meta has announced a new set of security tools aimed at strengthening protection for WhatsApp and Messenger users against online scams. According to Meta, these new updates are designed to help users identify and prevent fraudulent attempts that target personal data, financial information, and digital identities. Screen-Sharing Warnings on WhatsApp WhatsApp is rolling out new

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams Read More »