A recently disclosed security vulnerability in Unity has prompted security updates and, in some cases, game removals across platforms like Steam. The issue affects Unity versions 2017.1 and later, spanning a wide range of games and applications released over the last several years. According to Unity, this Unity show more ...
Oracle has issued a security alert warning users of a zero-day vulnerability in its widely used Oracle E-Business Suite. Tracked as CVE-2025-61882, this flaw allows unauthenticated, remote attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8, making it one of show more ...
To evade detection by security solutions, cybercriminals employ various techniques that mask their malicious activity. One of the methods increasingly seen in recent years in attacks on Windows systems is DLL hijacking: replacing dynamic-link libraries (DLLs) with malicious ones. And traditional security tools often show more ...
The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.
The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.
A threat actor purporting to be from the Libyan Navy's Office of Protocol targeted Brazil's military earlier this year using the rare tactic.
Outwardly neutral Chinese institutions have been collaborating with Western orgs and researchers for the benefit of PRC state intelligence.
Brazilian WhatsApp users should be aware of malware that hijacks contact lists to spread itself and potentially serve as a gateway for other malicious code that targets financial information, researchers said.
The head of the Signal Foundation raised concerns around Germany now refusing to say whether it will support Chat Control in an upcoming vote.
Hackers believed to be linked to China have targeted a Serbian government department overseeing aviation, as well as other European institutions, according to new research.
An advisory from Unity — which makes the software behind dozens of popular games — warns developers to patch a vulnerability that could allow an attacker to execute code via an affected app.
Cybercriminals are using the Medusa ransomware strain during exploitation of a vulnerability in Fortra's GoAnywhere file transfer tool.
FBI Assistant Director Brett Leatherman said “this is ‘stop-what-you’re-doing and patch immediately’ vulnerability.”
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these highlights help you spot what’s coming
In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help
Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand
A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the
Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog.
Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money.
