Daily information technology
Experts at Expel have uncovered a novel tactic employed by the cybercriminal group known as Atlas Lion, which has been targeting large retail chains, clothing brands, and restaurant franchises. Rather than attacking from the...
The Australian Securities and Investments Commission (ASIC) has announced the liquidation of 95 companies suspected of involvement in fraudulent schemes tied to fake investment platforms and romance scams. The decision to dissolve these entities...
Hackers are actively exploiting a zero-day vulnerability to compromise secure Gladinet CentreStack file-sharing servers. According to a security advisory from Gladinet, the flaw stems from improper handling of cryptographic keys responsible for maintaining the...
Hackers have begun exploiting a critical vulnerability in the widely used WordPress plugin OttoKit (formerly known as SureTriggers) just hours after it was publicly disclosed. The flaw allows attackers to bypass authentication and gain...
Software supply chain attacks are becoming increasingly sophisticated, with malicious actors disguising harmful code as legitimate libraries and embedding it into developers’ environments. A recent example is the malicious npm package named “pdf-to-office,” discovered...
In September 2024, NVIDIA released a security update addressing the critical vulnerability CVE-2024-0132 in its Container Toolkit. The issue stemmed from a time-of-check to time-of-use (TOCTOU) race condition, which enabled attackers to orchestrate a...
The days when obtaining credentials using Mimikatz was trivially easy are rapidly becoming a thing of the past. Microsoft continues to harden its defenses against credential theft, while EDR systems grow ever more astute....
Fortinet has addressed a critical vulnerability in its FortiSwitch devices that allowed remote attackers to change administrator passwords without authentication. The flaw, discovered by the developer of the FortiSwitch web interface, has been assigned...
March 2025 witnessed a renewed surge in cybercriminal activity, concentrated along two principal vectors: mass scanning of legacy vulnerabilities in popular web applications and a new wave of attacks targeting AWS infrastructure via Server-Side...
Small businesses in the United Kingdom lose approximately £3.4 billion ($4.35 billion) annually due to insufficient cybersecurity measures, according to a recent study by Vodafone Business. Nearly one in three entrepreneurs encounters cyber incidents,...
The Lovable platform—designed to generate web applications from textual prompts—has unexpectedly become a boon for aspiring cybercriminals. According to research by Guardio Labs, Lovable has been identified as the most vulnerable to so-called jailbreak...
Google’s security team has uncovered a critical vulnerability in the microcode of AMD processors, designated as EntrySign (ID: AMD-SB-7033). This flaw affects the entire Zen processor lineup—from the original Zen 1 to the latest...
A new release of OpenSSL 3.5—one of the foundational libraries enabling secure communications over the internet—has officially arrived. Designated as a Long Term Support (LTS) version, this update significantly fortifies the integrity of network...
A critical vulnerability in the CrushFTP product, actively exploited by malicious actors, has now been added to the Known Exploited Vulnerabilities (KEV) catalog maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The...
As part of its April Patch Tuesday update, Microsoft has addressed 134 vulnerabilities, including a critical zero-day flaw that had already been actively exploited in the wild. The majority of the patches target privilege...
