Villager, an AI-driven penetration testing tool released on PyPI, has surged past 11,000 downloads by automating network scanning, exploitation, and
Cl0p ransomware is actively exploiting a zero-day in Oracle E-Business Suite (CVE-2025-61882), allowing unauthenticated remote code execution via the BI
Microsoft has revoked over 200 compromised digital certificates to disrupt a ransomware campaign abusing fake Microsoft Teams installers. Threat actor
A critical flaw in WatchGuard Fireware OS (CVE-2025-9242) allows remote, unauthenticated code execution through vulnerable VPN configurations and is already
Attackers have compromised over 100 SonicWall VPN accounts by exploiting stolen credentials, unpatched vulnerabilities, and OTP seed theft to bypass
Cybersecurity researchers have uncovered a stealthy malware campaign abusing Node.js’s Single Executable Application feature to package Stealit malware as fake
A sophisticated Linux rootkit dubbed LinkPro uses eBPF modules and magic TCP packets to stay hidden and activate on demand.
Two critical vulnerabilities in Wondershare RepairIt (CVE-2025-10643 and CVE-2025-10644) allow unauthenticated remote code execution through misconfigured storage tokens. With CVSS
A wave of coordinated supply chain attacks is targeting the NPM ecosystem, with over 400 malicious packages used to deploy
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.