Threats
North Korea's Lazarus Group is targeting software developers through fake job recruiters on LinkedIn, Fiverr, and UpWork, delivering a three-stage malware attack via a malicious npm package. Security researchers at OpenSourceMalware uncovered the campaign, which uses the package tailwindcss-forms-kit - disguised as a legitimate Tailwind CSS utility -
Threats
The identity behind one of the most prolific cybercriminal personas of recent years has been revealed. IntelBroker, the hacker who haunted major corporations and government agencies, is Kai Logan West - a 25-year-old British national and former National Crime Agency trainee. West was arrested in France in February 2025 and
Threats
Check Point Research has documented what they believe is the first truly advanced malware framework built almost entirely by artificial intelligence, developed by a single individual in under a week. The discovery of VoidLink marks a significant shift in the threat landscape, demonstrating how AI can enable lone actors to
A high-severity vulnerability in Windows Admin Center's Azure AD Single Sign-On implementation allows attackers to escalate privileges and move laterally across an entire Azure tenant without valid credentials. Cymulate Research Labs discovered the flaw and reported it to Microsoft in August 2025. Microsoft released a patch on January
Alerts
A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers at FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origin servers even when WAF rules explicitly blocked all other traffic. How
Alerts
A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online. Vulnerability Details CVE IDCVSS ScoreTypeAffected VersionsCVE-2025-600219.8 (Critical)Remote Command InjectionAll versions prior to 1.15.0 The flaw exists in the heap profiler's extra_options parameter. Attackers
Alerts
Two significant security vulnerabilities have been discovered in Deno, the modern JavaScript and TypeScript runtime known for its "secure by default" architecture. The flaws could expose sensitive server secrets and allow command injection on Windows systems. Vulnerabilities CVE IDCVSS ScoreTypeImpactCVE-2026-228639.2 (Critical)Missing Cryptographic StepSecrets exposureCVE-2026-22864HighCommand InjectionArbitrary code
Alerts
ConnectWise has released a security update for its Professional Services Automation (PSA) platform, addressing two vulnerabilities that could allow stored script execution and session cookie theft. The company recommends upgrading to version 2026.1 as soon as possible. Vulnerabilities CVE IDTypeCVSS ScoreImpactCVE-2026-0695Cross-Site Scripting (XSS)8.7 (High)Stored script executionCVE-2026-0696Sensitive
Threats
A 40-year-old Jordanian man has pleaded guilty in U.S. federal court to operating as an "access broker," selling unauthorized network access to at least 50 victim companies. Feras Khalil Ahmad Albashiti, who operated under the alias "r1z," entered his plea before U.S. District Judge
Threats
Ukrainian and German law enforcement have identified members of a Russian-affiliated ransomware group responsible for hundreds of millions of euros in damages, with searches conducted in Ukraine and the alleged organizer placed on INTERPOL's international wanted list. The Operation Cyber police officers from Ukraine's National Police,
Breaches
The Canadian Investment Regulatory Organization (CIRO) has confirmed that approximately 750,000 investors were impacted by a data breach following a phishing attack detected in August 2025. CIRO, which oversees all investment and mutual fund dealers in Canada alongside trading activity on the country's debt and equity markets,
Alerts
Security researchers at Trail of Bits have discovered a critical vulnerability in Electron-based applications that allows attackers to inject persistent backdoors into Signal, 1Password, Slack, and Chrome by tampering with V8 heap snapshot files. Tracked as CVE-2025-55305, the flaw bypasses code integrity checks in nearly all applications built on the