Application Security

NordVPN Denies Salesforce Server Breach Claims, Clarifying Access to Dummy Data

January 6, 2026

NordVPN denied allegations of a breach on its Salesforce development servers, clarifying that the accessed data was from a third-party

Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government

January 6, 2026

Russia-aligned threat actor UAC-0184 employs Viber messaging platform, delivering malicious ZIP archives aimed at the Ukrainian military and government sectors,

Adobe ColdFusion Cyberattacks Surge During Holiday Period

January 5, 2026

GreyNoise detected a significant surge in attack attempts targeting Adobe ColdFusion vulnerabilities over Christmas 2025, revealing a coordinated effort exploiting

‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers

December 31, 2025

Over 2.2 million Chrome, Firefox, and Edge users are compromised by ‘Zoom Stealer’, a campaign targeting online meeting data via

Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk

December 31, 2025

The Cyber Security Agency of Singapore warns of a dangerous remote code execution vulnerability in SmarterTools SmarterMail, CVE-2025-52691, with a

CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed

December 31, 2025

A vulnerability in MongoDB, known as MongoBleed, is actively exploited, prompting CISA to direct U.S. federal agencies to patch this

Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis

December 31, 2025

Mustang Panda leverages a kernel-mode rootkit and a new TONESHELL backdoor variant in a mid-2025 cyber attack on an Asian

Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems

December 28, 2025

Rainbow Six Siege faces a security breach allowing hackers to manipulate in-game systems, impacting player bans and economic balance, compromising

Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials

December 28, 2025

The malicious NPM package ‘Lotusbail’ covertly stole WhatsApp credentials through a backdoor. With more than 56,000 downloads over a six-month

LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity

December 28, 2025

Critical LangChain Core flaw may enable data theft and LLM response manipulation, impacting system security and integrity.

NordVPN Denies Salesforce Server Breach Claims, Clarifying Access to Dummy Data

Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government

Adobe ColdFusion Cyberattacks Surge During Holiday Period

‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers

Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk

CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed

Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis

Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems

Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials

LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity

NordVPN Denies Salesforce Server Breach Claims, Clarifying Access to Dummy Data

Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government

Adobe ColdFusion Cyberattacks Surge During Holiday Period

‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers

Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk

CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed

Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis

Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems

Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials

LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity

Feds Seize Database Targeting $28 Million Bank Account Theft

Arrests in Nigeria Reveal Cyberattack Links to Raccoon0365 and Microsoft 365

Phishing Attacks by Operation ForumTroll in Russia: A Closer Look at October 2025 Campaign

Phishing Attacks in 2026: Evolution Beyond Email and Its Implications

Email Scam Exploits PayPal’s Subscriptions Billing Feature

New Wave of Phishing Kits Target Credential Theft at Scale

Spiderman Phishing Kit Poses New Threat to European Banks and Crypto Holders

Intense Surge in Phishing Campaigns with New Malicious Domains

Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme

Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks

Daily Briefing Newsletter