Leaked SIM and PUK data heighten SIM-swapping risks as critics fault Orange’s response; company says no passwords, emails or banking data were taken. Orange Belgium disclosed...
Attackers use CVE-2023-46604 to breach Linux cloud hosts, drop “DripDropper” malware, and quietly fix the flaw to lock in access, researchers say. Threat actors are abusing...
Russian-linked group EncryptHub is impersonating IT staff on Microsoft Teams, walking victims into remote sessions, then abusing CVE-2025-26633 (“MSC EvilTwin”) to execute rogue .msc consoles and...
Law enforcement seized four servers, nine domains, and about $1.09M in crypto linked to the Royal/BlackSuit operation, following a July 24 takedown coordinated with eight countries....
Broadcom/VMware patches CVE-2025-41236 in ESXi 7.x/8.x, but Shadowserver counts show slow remediation as thousands of internet-reachable hosts remain on vulnerable builds. A critical integer-overflow flaw (CVE-2025-41236)...
Phone, email, and website went dark as investigators probe links to widely exploited Citrix NetScaler flaws. The Pennsylvania Attorney General’s Office says a cyberattack disabled its...
Cisco Talos warns of a modular PowerShell/C# threat stealing wallets, logging keystrokes, and persisting without writing payloads to disk. A new malvertising campaign is delivering PS1Bot,...
Hackers claim “full system compromise,” say all servers were encrypted and backups wiped; company has not confirmed the incident as investigators assess potential operational impact Royal...
Cyber threat actors orchestrated a massive, two-wave brute-force assault on Fortinet SSL VPNs, shifting mid-campaign to FortiManager—raising alarm as such patterns often precede critical CVE disclosures....
Morocco’s Directorate General of Information Systems Security (DGSSI) issues a dire warning: a zero-day vulnerability in WinRAR is being actively exploited, putting countless users at risk...