Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since… Read More »From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.… Read More »175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how… Read More »The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1),… Read More »From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG)… Read More »CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known… Read More »From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google… Read More »New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every… Read More »ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. “The files contain encrypted credentials and configuration… Read More »Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most… Read More »SaaS Breaches Start with Tokens – What Security Teams Must Watch