​Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a… Read More »Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

​A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host.… Read More »New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

​The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. “This organization has… Read More »Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

​The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. “Key actors involved in the Kimwolf… Read More »Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

​The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong… Read More »⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

​Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from… Read More »The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations 

​Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he… Read More »Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

​Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens. The stealer is… Read More »New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

​The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that… Read More »Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

​Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There… Read More »The ROI Problem in Attack Surface Management