A Pune-based automobile parts manufacturer fell victim to a sophisticated man-in-the-middle (MITM) cyber attack, resulting in a loss of ₹2.35 crore. 

A former U.S. Air Force employee has pleaded guilty to charges of sharing classified military information about Russia's war in Ukraine.

A sophisticated zero-click attack methodology called RenderShock that exploits passive file preview and indexing behaviors.

KongTuke threat actors now use a PHP-based Interlock RAT via stealthy web injections, marking a shift from older JavaScript-based tactics.

Innovative forensic methods to track sophisticated attackers who exploit Remote Desktop Protocol (RDP) for lateral movement within enterprise networks.

Defendnot is a research tool that disables Microsoft Defender by tricking Windows security.

Microsoft has provided comprehensive guidance for resolving the common Windows error "The process cannot access the file because it is being used by another process." 

Critical security vulnerabilities have been discovered in Gigabyte UEFI firmware that could allow attackers to execute arbitrary code in SMM.

Malware campaign targets Gen Z gamers via fake GTA, Minecraft, and CoD installers—19M+ attempts in a year to steal sensitive data.

Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed.

Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security.…

CISA has issued a critical advisory warning about a severe vulnerability in railway communication systems that could allow attackers to control train brakes remotely. 

Fake Red Bull job emails bypass filters using legit headers, luring users to phishing sites via reCAPTCHA and spoofed Glassdoor pages.

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.

Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems.

DEK: An AI red-teaming company found that xAI’s Grok 4 is “not suitable for enterprises” without substantial security prompting. 

UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

The bipartisan legislation would codify the agency’s position as the one in charge of coordinating responses to incidents like the breach on U.S. telecoms.

BlackSuit, a rebranded Royal/Conti ransomware, unleashes destructive multi-stage attacks. It uses Cobalt Strike, rclone for data exfil, and deletes shadow copies for stealth and speed.

A flaw (CVE-2025-43856) in Immich allows account hijacking via a broken OAuth2 implementation (missing state parameter check). Update to v1.132.0 immediately!