In its May 2025 security update, Microsoft has rolled out patches for 78 vulnerabilities spanning its product ecosystem. Most notably, five of these flaws (a.k.a. zero-day exploits) have already been exploited in the wild. May 2025 Patch Tuesday: 78 Vulnerabilities…
ASUS has issued important security updates to its DriverHub software, addressing two critical vulnerabilities, CVE-2025-3462 and CVE-2025-3463, that could allow attackers to execute remote commands on vulnerable systems. These flaws affected the mechanism responsible for driver detection and updates on…
Cybersecurity experts have uncovered a series of high-risk vulnerabilities affecting the on-premise edition of SysAid IT support software. These flaws could allow unauthenticated attackers to remotely execute code with elevated privileges, potentially giving them full control of targeted systems. Overview…
Cybersecurity firm Socket has recently uncovered a set of malicious Go modules capable of delivering a destructive disk-wiping payload. The campaign specifically targets Linux systems by exploiting Go’s decentralized module system, putting countless development environments at risk. How Does the…
A critical security flaw in SAP NetWeaver’s Visual Composer component, identified as CVE-2025-31324, has been actively exploited by threat actors. This vulnerability allows unauthenticated attackers to upload malicious files, leading to potential full system compromise. SAP has released a patch…
Apple has rolled out critical security updates across its ecosystem, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, to address two newly discovered zero-day vulnerabilities that are currently being exploited in real-world attacks. Two Actively Exploited Zero-Day Flaws Patched The…
A threat group believed to have ties with China’s state-sponsored cyber operations, identified as UNC5174, has launched a stealthy and technically advanced cyber campaign aimed at Linux and macOS environments. According to new research published by Sysdig, the group is…
Phishing attacks are becoming increasingly sophisticated, but one emerging tactic is setting a new bar for precision and deception. Known as Precision-Validated Phishing, this method uses real-time credential validation to enhance the success rate of phishing campaigns. A recent report…
After two decades of persistent concern among privacy advocates and web security researchers, Google is finally rolling out a fix for a long-standing vulnerability in Chrome that has silently exposed users’ browsing history. The issue stems from how browsers have…
On April 8, 2025, Microsoft released its monthly security updates, addressing a total of 121 vulnerabilities across various products. Among these, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System (CLFS) Driver, has been actively exploited in ransomware…
In my first interview with cybersecurity expert and author Scott Schober, we explored his personal experiences with being hacked and the eye-opening insights from his book Hacked Again. Now, we’re reconnecting with Scott to go deeper. Because the threat landscape…
Overview of the Vulnerability Ivanti has recently disclosed a significant security vulnerability, identified as CVE-2025-22457, affecting its Connect Secure, Policy Secure, and ZTA Gateway products. While specific details are pending, such vulnerabilities typically involve issues such as remote code execution,…
Cybersecurity researchers have uncovered a new vulnerability in Google’s Quick Share data transfer tool for Windows, potentially allowing attackers to crash the application or send files to a user’s device without their consent. The vulnerability, tracked as CVE-2024-10668 with a…
Security researchers at Elastic Security Labs have released an in-depth analysis of a long-running Linux malware campaign known as Outlaw. Despite its unsophisticated code and crude attack methods, Outlaw remains remarkably persistent. This malware is a great example of how…
Small and medium-sized businesses (SMBs) are continuously becoming prime targets for cybercriminals. Recent statistics reveal that 61% of SMBs were targeted by cyberattacks, with 46% of all cyber breaches affecting companies with fewer than 1,000 employees. The consequences of such…
In early 2025, cybersecurity researchers uncovered a zero-day vulnerability in Microsoft’s Management Console (MMC), tracked as CVE-2025-26633 and nicknamed MSC EvilTwin. This critical flaw is being actively exploited by a threat group dubbed Water Gamayun and represents a dangerous vector…
A new report from Forescout’s Vedere Labs reveals alarming cybersecurity vulnerabilities in solar power systems produced by some of the industry’s biggest names – Sungrow, Growatt, and SMA. These flaws, collectively named SUN:DOWN, could potentially open the door for cyberattacks…
In a recent Q&A with Dr. Mansur Hasib, he emphasized that one of the most effective ways to equip non-technical leaders, like CEOs and COOs, with the right mindset to view cybersecurity as a strategic asset is by attending high-quality…
In our previous conversation with Dr. Mansur Hasib, we explored his powerful vision of cybersecurity as a “people-powered perpetual innovation” – a leadership-first approach that continues to inspire professionals across the industry. Read Part 1 here: Dr. Mansur Hasib: Cybersecurity…
Google Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves…
