A newly weaponized version of the open-source toolkit RedTiger is actively targeting Discord accounts and gaming credentials. This article examines the malware’s mechanics, why gamers and enterprises should care, and outlines a mitigation roadmap.
CISA has flagged CVE-2025-54253, a maximum-severity (CVSS 10.0) vulnerability in Adobe Experience Manager (AEM), as already under active attack. The root cause lies in how the /adminui/debug servlet misinterprets user-supplied OGNL expressions as Java code without authentication or validation. This flaw lets unauthenticated attackers execute system commands remotely. In this article, you’ll get the full technical breakdown, threat scenarios, detection strategies, mitigation plans, and best practices specific to AEM deployments.
Firefox now narrows high-entropy signals used for browser fingerprinting, so fewer users appear unique across sessions. Consequently, trackers lose stable identifiers while sites keep working. For enterprises, the update simplifies privacy baselines and reduces covert tracking surfaces without heavy configuration or breakage.
Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.
A new campaign runs a clever tech support scam by hijacking Microsoft’s trusted branding. Victims encounter fake emails, CAPTCHA checks, browser-locking overlays, and a bogus phone “helpdesk” all designed to steal credentials or remote access. This article breaks down how the scam works, real indicators, and how you can defend yourself.
Apple has issued a sweeping new round of cyber-threat notifications to users across 84 countries, signaling a global escalation in targeted spyware operations. This analysis explains what triggered the alerts, how attackers operate, and what high-risk users must do immediately.
Cybercriminals are abusing fake OSINT GitHub repos to distribute PyStoreRAT, a JavaScript-based RAT that delivers diverse malware modules through deceptive open-source tools.
SAP has released fixes for three SAP critical vulnerabilities affecting Solution Manager, Commerce Cloud, and the jConnect SDK. These flaws enable remote code execution and unsafe deserialization, posing significant risk to enterprise systems. This article breaks down technical details and offers mitigation guidance.
Akira ransomware has evolved into one of the most disruptive ransomware-as-a-service operations, hitting more than 250 organizations and extorting over $244 million. This article walks through how Akira gains initial access, exploits VPN and firewall weaknesses, moves laterally, and applies double extortion — then outlines practical defenses security teams can deploy now.
UK regulators have fined LastPass for security failures linked to the 2022 breach that exposed vault metadata for 16 million users. The incident revealed significant operational gaps and raised industry-wide questions about password-management safety.