Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for ...

Four Android banking malware campaigns are targeting more than 800 apps by abusing overlays, Accessibility permissions, and ...

Developers and traders warn of structural risks as a cross-chain exploit spreads fear and prompts billions to flee DeFi ...

PCWorld reports on the ‘BlueHammer’ zero-day vulnerability that allows attackers to potentially take over Windows computers through privilege escalation. A frustrated security researcher published the ...

A prolific cybercrime group has been weaponizing n-day and zero-day exploits in high-tempo Medusa ransomware attacks over the past three years, Microsoft has revealed. Storm-1175 is a financially ...

Microsoft is dealing with a newly disclosed zero-day vulnerability in Windows that could allow attackers to gain full system control, with no official fix available yet. The flaw, called BlueHammer, ...

Threat actors have started to exploit a critical vulnerability in Flowise that allows them to execute arbitrary code remotely, VulnCheck warns. Flowise is an open source development platform that ...

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed ...

A global cross-industry credential theft campaign is exploiting public-facing Web applications vulnerable to React2Shell and then deploying an automated collection tool to steal credentials and other ...

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. At least 766 hosts across various cloud ...

A six-month intelligence operation preceded the $270 million exploit of Drift Protocol and was carried out by a North Korean state-affiliated group, according to a detailed incident update published ...