New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime…
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
Dec 12, 2025Ravie LakshmananVulnerability / Server Security The U.S. Cybersecurity and Infrastructure…
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Dec 11, 2025Ravie LakshmananCyber Espionage / Windows Security Cybersecurity researchers have disclosed…
Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
Dec 11, 2025Ravie Lakshmanan This week's cyber stories show how fast the…
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity…
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
Dec 10, 2025Ravie LakshmananEnterprise Security / Web Services New research has uncovered…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various…
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest…
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Dec 09, 2025Ravie LakshmananCybersecurity / Malware Four distinct threat activity clusters have…