Cybersecurity Flash Notices

Notepad++ Supply Chain Attack: Undetected Chains and Evolving Payloads

Kaspersky researchers uncovered multiple undocumented infection chains in a supply chain attack targeting Notepad++ users from July to October 2025.

Kraken Ransomware Group: Big-Game Hunting and Double Extortion Tactics

This report provides a detailed investigation into the Kraken ransomware group - their operations, methods, and the broader implications for cybersecurity.

Vulnerability in Simple User Capabilities Plugin Exposes WordPress Sites

CVE-2025-12158 is a critical privilege escalation vuln. affecting the Simple User Capabilities WordPress plugin (all versions up to + including 1.0).

Critical Vulnerability in Dataphone A920: CVE-2025-61235 Exposed

CVE-2025-61235 is a critical vulnerability affecting the Dataphone A920 firmware arising from improper validation of network packet input.

Critical Remote Code Execution in Oracle Marketing (E-Business Suite)

CVE-2025-53072 is a critical unauthenticated RCE vulnerability affecting the Marketing Admin module of Oracle Marketing, part of Oracle E-Business Suite.

Attackers Exploit Velociraptor in Sophisticated Ransomware Campaigns

Cisco Talos has confirmed that ransomware operators are weaponizing Velociraptor, an open-source DFIR tool, to aid in the deployment of ransomware attacks.

Google Salesforce Breach: UNC6040's Vishing and OAuth Attack Analysis

In June 2025, Google’s internal Salesforce instance, used for managing SMB data, was breached in a cyberattack orchestrated by the UNC6040 threat group.

AI vs. AI: Microsoft's Battle Against AI-Obfuscated Phishing Campaigns

Microsoft Threat Intelligence recently shut down a credential phishing campaign employing AI to obfuscate attack payloads and evade conventional defenses.

Google Urgently Patches Sixth Chrome Zero-Day Vulnerability of 2025

Google has urgently released a security update to address a critical zero-day vulnerability (CVE-2025-10585) in its Chrome web browser.

Hackers Hijack NPM Packages in Major Supply Chain Attack

A major software supply chain attack has shaken the open-source JavaScript ecosystem, as attackers hijacked several high-profile npm packages.

Prev 1 2 3 4 Next