OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few…
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed…
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing…
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that…
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a…
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at…
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in…
Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software…
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited…
CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack…