A critical zero-day vulnerability in Gladinet’s CentreStack file-sharing software is being actively exploited by attackers, allowing full remote system access and potential data exfiltration. Enterprises are urged to apply temporary mitigations until an official patch becomes available.
Attackers abused a Chrome zero-day to install Memento spyware in targeted operations. This analysis explains the chain, highlights reliable signals to hunt, and outlines a focused 72-hour action plan.
A sophisticated cyber campaign used DLL side‑loading to deliver a hybrid PlugX variant and the Bookworm backdoor to telecom and ASEAN networks, revealing renewed tactics by China‑linked threat actors.
Aardvark is OpenAI’s GPT-5–powered security agent that reads repositories like a human, validates exploitability in a sandbox, and proposes precise patches. Consequently, teams can cut detection and remediation time without slowing delivery.
Microsoft’s emergency out-of-band update (KB5070773) fixes a USB input failure in the Windows Recovery Environment that impacted Windows 11 and Server 2025 devices. This article explains the bug, affected platforms, and recommended actions for IT professionals.
A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.
The Rhysida ransomware gang claims to have breached Maryland’s Department of Transportation, leaking personal data and demanding a $3.3 million ransom. Officials confirmed data loss affecting Maryland Transit Administration systems but said core services remain operational.
Threat actors are increasingly poisoning AI tools and assistants embedding dangerous prompts or corrupting the data they rely on to turn defenses against organizations.
A sophisticated mobile-fraud campaign dubbed the Smishing Triad is spoofing toll-agency alerts and flooding users with fake unpaid-toll texts. Read on for how the scam works and how to defend your devices.
Investigators suspect Russian-linked cyber actors may be behind the recent attack on Jaguar Land Rover (JLR) that disrupted operations and compromised corporate data. The findings align with a growing pattern of state-aligned cyber interference targeting the automotive sector in Europe.