Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional… Read More »DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI)… Read More »Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research… Read More »China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to… Read More »Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information… Read More »The First 90 Seconds: How Early Decisions Shape Incident Response Investigations
Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.… Read More »Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it… Read More »CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository… Read More »Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could… Read More »Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular “@react-native-community/cli” npm package. Cybersecurity company VulnCheck said it first observed exploitation of… Read More »Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package