-
W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials
Cybersecurity researchers have recently uncovered a sophisticated phishing campaign leveraging the notorious W3LL Phishing Kit. Originally …
-
Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features
Tor Project has launched Tor Browser 14.5.2, a significant update addressing security vulnerabilities, refining cross-platform …
-
CampusGuard ScriptSafe prevents unauthorized script execution
CampusGuard introduced ScriptSafe, a software data security and privacy compliance solution. ScriptSafe identifies and mitigates risks …
-
Commvault enhances cyber resilience for Red Hat OpenShift Virtualization workloads
Commvault is extending its Kubernetes protection to support virtual machines (VMs) running on Red Hat OpenShift Virtualization. This new …
-
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker …
-
Critical pfSense Firewall Flaws Enable Attackers to Inject Malicious Code
Security researchers have uncovered three critical vulnerabilities in pfSense firewall software that could allow attackers to inject …
-
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Cybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager …
-
Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials
A new wave of targeted phishing campaigns, linked to the Tycoon2FA group, has been identified specifically targeting Microsoft 365 users. …
-
Closing security gaps in multi-cloud and SaaS environments
In this Help Net Security interview, Kunal Modasiya, SVP, Product Management, GTM, and Growth at Qualys, discusses recent Qualys research …
-
Containers are just processes: The illusion of namespace security
In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that …
-
Why legal must lead on AI governance before it’s too late
In this Help Net Security interview, Brooke Johnson, Chief Legal Counsel and SVP of HR and Security, Ivanti, explores the legal …
-
AI voice hijacking: How well can you trust your ears?
How sure are you that you can recognize an AI-cloned voice? If you think you’re completely certain, you might be …
●●●
NVD
- CVE-2025-4322 – The Motors theme for WordPress is vulnerable to privilege escalation via account takeover …
- CVE-2025-3079 – A passback vulnerability which relates to office/small office multifunction printers and …
- CVE-2025-2929 – The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a …
- CVE-2025-4971 – Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low ...
- CVE-2025-3078 – A passback vulnerability which relates to production printers and office multifunction …
EXPLOITS
- CrushFTP 11.3.1 – Authentication Bypass
- Zyxel USG FLEX H series uOS 1.31 – Privilege Escalation
- Invision Community 5.0.6 – Remote Code Execution (RCE)
- WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
- RDPGuard 9.9.9 – Privilege Escalation
SECURELIST
- Threat landscape for industrial automation systems in Q1 2025
- Using a Mythic agent to optimize penetration testing
- State of ransomware in 2025
- Outlaw cybergang attacking targets worldwide
- Triada strikes back