A New Critical PHP Composer Bug Could Enable Widespread Supply-Chain Attacks — PATCH it Now!

In a supply chain attack, users of Passwordstate Password Manager are attacked with malware.

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications.

Hackers Flood the Internet With 100,000 Malicious PDF Documents

This new WhatsApp bug could have allowed attackers to hack into your phone remotely.

Hackers can now use a JavaScript exploit to trigger Rowhammer attacks remotely on modern DDR4 RAM cards.

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and install additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM.

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO).

A new Chinese hacking attack aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered.

New Matryosh DDoS Botnet Targeting Android-Based Devices

Critical Full Takeover Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Software Supply‑Chain Attack Distributed Spyware to Millions of Android Emulator Users

Security researchers uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan.