Security
Headlines
HeadlinesLatestCVEs

Latest News

Google fixes two actively exploited zero-day vulnerabilities in Android

Google has issued patches for 62 vulnerabilities in Android, including two actively exploited zero-days.

Malwarebytes
Open in Source
#vulnerability#ios#android#google#linux#zero_day
Agentic AI in the SOC - Dawn of Autonomous Alert Triage

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many

Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics

From Talos' 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year.

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine's eastern border, the agency said. The attacks involve distributing phishing emails

Online Gaming Risks and How to Avoid Them

Online gaming has become an integral part of modern entertainment, with millions of players connecting from all over…

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has

CVE-2025-29819: Windows Admin Center in Azure Portal Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized read-only access to the local file system.