Microsoft has provided comprehensive guidance for resolving the common Windows error "The process cannot access the file because it is being used by another process." 

Critical security vulnerabilities have been discovered in Gigabyte UEFI firmware that could allow attackers to execute arbitrary code in SMM.

Malware campaign targets Gen Z gamers via fake GTA, Minecraft, and CoD installers—19M+ attempts in a year to steal sensitive data.

Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed.

Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security.…

CISA has issued a critical advisory warning about a severe vulnerability in railway communication systems that could allow attackers to control train brakes remotely. 

Fake Red Bull job emails bypass filters using legit headers, luring users to phishing sites via reCAPTCHA and spoofed Glassdoor pages.

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.

Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems.

DEK: An AI red-teaming company found that xAI’s Grok 4 is “not suitable for enterprises” without substantial security prompting. 

UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

The bipartisan legislation would codify the agency’s position as the one in charge of coordinating responses to incidents like the breach on U.S. telecoms.

BlackSuit, a rebranded Royal/Conti ransomware, unleashes destructive multi-stage attacks. It uses Cobalt Strike, rclone for data exfil, and deletes shadow copies for stealth and speed.

A flaw (CVE-2025-43856) in Immich allows account hijacking via a broken OAuth2 implementation (missing state parameter check). Update to v1.132.0 immediately!

Unit 42 uncovers HazyBeacon, a novel backdoor using AWS Lambda URLs for stealthy C2. It's deployed via DLL sideloading, targeting Southeast Asian govts for trade documents.

North Korean APTs are using XORIndex malware in a new npm supply chain attack, infiltrating developers via 67 malicious packages to steal crypto wallets and credentials.

A flaw (CVE-2025-53101) in ImageMagick allows stack buffer overflows via filename templates, risking memory corruption and remote code execution. Patch now!

CISA adds critical Wing FTP Server RCE flaw (CVE-2025-47812, CVSS 10.0) to KEV. Actively exploited via null byte and Lua code injection; patch to 7.4.4 immediately!

Google officially confirmed plans to unify Android and ChromeOS into a single platform, aiming for seamless cross-device experiences and streamlined development for its AI-driven future.

A critical SSTI flaw (CVE-2025-53833, CVSS 10.0) in LaRecipe allows unauthenticated RCE on affected servers via template injection. Update to v2.8.1 immediately!