​Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE… Read More »Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

​Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges.… Read More »Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

​SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.… Read More »New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

​Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The… Read More »Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

​Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error… Read More »What AI Reveals About Web Applications— and Why It Matters

​Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other… Read More »New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

​Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging… Read More »RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

​Every October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the… Read More »Moving Beyond Awareness: How Threat Hunting Builds Readiness

​Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on… Read More »npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

​Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research… Read More »Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain