404
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…
SaaS Security Essentials: Reducing Risks in Cloud Applications
As organizations increasingly rely on SaaS applications to run their operations, securing them has become a necessity. Without…
BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability (CVSS 9.8 – CVE-2025-27520) in BentoML (v1.3.8–1.4.2) lets attackers execute remote code without…
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers
ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching.
Google Eyes User Browsing Data Search in New Patent Filing
Tech giant Google may soon help users find content they've previously seen, not by searching the web but by scanning their own digital history.
Smokeloader Users Identified and Arrested in Operation Endgame
Authorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more.
Hacker Claims WooCommerce Data Breach, Selling 4m User Records
Article updated with a statement from Automattic, the parent company of WooCommerce.
Protecting Your Business on the Move: A Modern Cybersecurity Guide
Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software…
New AkiraBot Abuses OpenAI API to Spam Website Contact Forms
Cybersecurity researchers have identified a new spam campaign driven by ‘AkiraBot,’ an AI-powered bot that targets small business…
Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users
Another day, another data breach claim involving a high-profile company!