News

Apache Tomcat CVE-2025-24813 Under Attack

CISA Warns of Supply Chain Compromise of tj-actions/changed-files GitHub Action

CISA Adds Apple CVE-2025-24201 to KEV Catalog

Microsoft Disrupts Huge Malvertising Campaign

Executives Receive Fake Snail Mail BianLian Ransomware Notes

Executives are receiving something strange from scammers claiming to be linked to the BianLian group: Fake ransomware letters delivered via snail mail

Microsoft Patches Critical RCE Flaw in Windows KDC Proxy

Microsoft has patched CVE-2024-43639, a critical remote code execution (RCE) vulnerability in Windows KDC Proxy.

Highly Targeted Polyglot Malware Campaign Hits UAE Aviation and Satellite Firms

A sophisticated cyber espionage campaign, dubbed UNK_CraftyCamel, is targeting aviation and satellite organizations in the UAE. Attackers use polyglot files, a custom Go-based backdoor (Sosano), and compromised business accounts to evade detection.

Notorious Spam Host "Prospero" Now Routing Through Kaspersky Lab Networks

Prospero OOO, a major bulletproof hosting provider linked to malware and phishing operations, has started routing through Kaspersky Lab’s network. This shift raises concerns over cybersecurity risks and Kaspersky’s role.

Microsoft Details Silk Typhoon’s IT Supply Chain Attacks

Downstream victims of Silk Typhoon's supply-chain attacks were largely focused in the state and local government as well as the IT sector.

VMware Patches Three Actively Exploited Bugs

FBI: North Korea Behind $1.5 Billion Bybit Cryptocurrency Exchange Heist

More details behind the Bybit $1.5 billion hack, which occurred on Feb. 21 and is the largest digital heist in the history of cryptocurrency, continued to emerge this week.

Google Reports Uptick in Higher Education Phishing Attacks

The attacks, which started to increase around August 2024, have used an array of tactics to trick students, faculty and staff