Void Blizzard targeted over 20 NGOs using credential phishing via fake Entra logins, exfiltrating sensitive cloud data.

Luna Moth uses spoofed IT domains and callback phishing to access law firm data, bypassing detection with legitimate tools.

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a ...

TAG-110 abandoned HTA-based payloads in January 2025, using macro-enabled Word templates to target Tajik institutions.

Mobile-focused phishing using SEO poisoning and fake portals hit payroll systems in May 2025, rerouting salaries and evading ...

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools ...

Download the full CISO's guide here. Website Privacy Validation tools shift privacy from reactive to proactive by ...

The Zscaler ThreatLabz 2025 Phishing Report dives deep into the rapidly evolving phishing landscape and uncovers the latest ...

Windows Server 2025 flaw allows any user with dMSA write permissions to escalate privileges and compromise AD.

Latrodectus malware evades detection with ClickFix technique; TikTok and fake Ledger apps expand threat reach.

Nation-state attacks. Supply chain breaches. This week’s cyber recap isn’t just another alert—it’s a red flag.

CISA, which added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog in late April 2025, said it's continuing to ...