Fortinet patches critical zero-day vulnerability under active attack
A critical authentication bypass flaw in FortiClient EMS, CVE-2023-35616, allows for remote code execution and is being actively exploited by attacker
China-linked Storm-1175 exploits zero-days to rapidly deploy Medusa ransomware
A China-linked threat actor, Storm-1175, is using zero-day exploits to deploy Medusa ransomware in high-velocity attacks against internet-facing syste
Russia's 'Fancy Bear' APT continues its global onslaught with familiar tactics
Russia's 'Fancy Bear' (APT28) continues its global cyber-espionage campaigns, relying on spear-phishing and unpatched vulnerabilities to succeed.
Iranian cyber campaign places nearly 4,000 U.S. critical infrastructure devices at risk
A Censys report warns nearly 4,000 U.S. critical infrastructure devices in the energy and water sectors are exposed online, making them targets for Ir
Adobe Reader zero-day was exploited for months before patch
A critical zero-day in Adobe Reader was actively exploited by a state-sponsored actor for months, allowing system takeover via malicious PDFs. Patch n
Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine
Russia's FSB accuses a former RFE/RL journalist of aiding Ukrainian cyberattacks, a move that weaponizes cybersecurity language to criminalize reporti
'BlueHammer' Windows zero-day exploit signals Microsoft bug disclosure issues
A researcher, citing a dispute with Microsoft, released a zero-day exploit for Windows that allows for full system takeover, highlighting ongoing tens
Apple Intelligence AI guardrails bypassed in new attack
Researchers from Luta Security have successfully bypassed Apple Intelligence's AI guardrails using a novel prompt injection technique called "Neural E
Bitter-linked hack-for-hire group expands espionage campaign to MENA journalists
A joint investigation reveals that the Bitter APT group, with suspected ties to India, has expanded its operations, targeting journalists and activist
A fragile ceasefire won't halt Iran-linked cyberattacks
A fragile ceasefire on the physical battlefield is unlikely to stop Iran-linked hackers, who see digital warfare as a persistent, ingrained part of co
Critical vulnerability in Ninja Forms exposes over a million WordPress sites
A critical flaw in the popular Ninja Forms WordPress plugin allows unauthenticated attackers to upload malicious files, leading to full site compromis
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Researchers discovered a flaw in Grafana's AI that lets attackers steal corporate data by hiding commands in dashboards, turning the AI into a spy.