The two vulnerabilities can be chained together to gain RCE
The new malware is called LOSTKEYS and is designed to steal files from a number of different directories
In a new advisory, the agencies–including the Environmental Protection Agency and Department of Energy–said that they are seeing an uptick in the number of attacks against OT networks by non-APT teams
Microsoft alerted the company to the issue in February
The vulnerability is in the AiCloud feature in some ASUS routers, which is designed to enable users to share and manage their files across devices
The vulnerability has a CVSS score of 9.8 and is obviously rated as critical.
The vulnerability affects many versions of Ivanti appliances and is being exploited by a Chinese actor
Threat actors are exploiting the 2025 tax season with phishing campaigns delivering malware like BRc4, Latrodectus, Remcos, and more. Here's how attackers are using IRS lures, QR codes, and PhaaS platforms to breach U.S. organizations.
A phishing operation tied to Russian intelligence mimics Ukrainian paramilitary recruitment pages to unmask citizens opposing the war. Search engines helped rank the fakes — exposing users to surveillance, arrest, or worse.