Security News

A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.…

Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and...

Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time,...

MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi...

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a...

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users'...

An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. [...]

A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their...

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. [...]

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain...