Latest News

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%.  As attacks rise

Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email

I checked out the European vulnerability database, EUVD, which was officially launched yesterday. Its usefulness is questionable for now. 🤷‍♂️ 🔹 Basically, they pull data from public sources (MITRE CVE DB, CISA KEV, GHSA, EPSS, and a few others), map it under their own EUVD identifier (everything is mapped by CVE 😉), and provide a […]

Cary, North Carolina, 14th May 2025, CyberNewsWire

Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies—along with photos of men allegedly involved in the schemes.

Scammers impersonate government agencies on WhatsApp to target job seekers with fake offers, phishing sites, and identity theft…

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials

May Microsoft Patch Tuesday. A total of 93 vulnerabilities – about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation: 🔻 EoP – Microsoft DWM Core Library (CVE-2025-30400)🔻 EoP – Windows CLFS Driver (CVE-2025-32701, CVE-2025-32706)🔻 EoP – Windows […]