Security News

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
2025-03-30 05:07

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched...

Hijacked Microsoft web domain injects spam into SharePoint servers
2025-03-27 23:11

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]

Vivaldi integrates Proton VPN into the browser to fight web tracking
2025-03-27 13:39

Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech'...

How does your data end up on the dark web?
2025-03-26 05:00

The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing. The deep web is just everything...

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...

UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
2025-03-21 13:54

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be...

Microsoft Exchange Online outage affects Outlook web users
2025-03-19 19:34

​Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes. [...]

Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
2025-03-07 18:53

$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors The Feds today revealed more details about the US Secret Service-led Garantex takedown, a day after seizing...

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
2025-02-10 05:14

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and...

Casio UK site compromised, equipped with web skimmer
2025-02-04 11:19

Japanese electronics maker Casio has had its UK website injected with a web skimmer that collected buyers’ personal and payment card information, Jscrambler has discovered. The company says that...