CVE-2024-3400 Critical Palo Alto PAN-OS EXPLOITED BY SALT TYPHOON A command injection as a result of an arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to
Android
TRENDING TOPICS JULY 30, 2025 Chrome Vulnerability Impacts Multiple Platforms Including Apple Devices Google’s Threat Analysis Group (TAG) has identified CVE-2025-6558, a high-severity zero-day vulnerability (CVSS 8.8) affecting the Chrome browser’s ANGLE and GPU components. This flaw occurs when Chrome fails to properly
Google Gemini
TRENDING TOPICS JULY 29, 2025 Gemini CLI Vulnerability Enables Silent Attacks Through Malicious Code Repos A vulnerability in Google’s Gemini CLI tool allowed attackers to silently run harmful commands on a developer’s machine by hiding instructions inside files, including README[.]md. This flaw was discovered by Tracebit just
ARC Platform
TRENDING TOPICS JULY 28, 2025 ARC Intelligence Portal Breach Compromises CIA-Linked Contractor Data The Acquisition Research Center (ARC), a key contracting portal used by the CIA and other U.S. intelligence agencies, was recently breached by unidentified hackers, resulting in the exposure of sensitive data tied to multiple high-
Koske
CVE-2025-25257 Critical FortiClientEMS SQL injection vulnerability in FortiClientEMS versions 7.2.0–7.2.2 and 7.0.1–7.0.10, allowing unauthenticated attackers to perform SQL injection via crafted HTTP requests. Exploitation could lead to unauthorized access, data manipulation, or full system compromise in centralized endpoint
ACRStealer
TRENDING TOPICS JULY 24, 2025 Update: ACRStealer Evolves into AmateraStealer with Advanced Evasion and C2 Techniques ACRStealer, an information-stealing malware that has been active since 2024, underwent significant enhancements in 2025, including upgrades to its stealth and command-and-control (C2) capabilities. Noted initially for abusing services like Google
Windows UI Automation
TRENDING TOPICS JULY 23, 2025 Update: Coyote Banking Trojan Becomes First to Exploit Windows UI Automation for Credential Theft A newly identified variant of the Coyote banking trojan is the first known malware to exploit Microsoft’s UI Automation (UIA) framework for real-world credential theft, marking a major shift
Global Group
TRENDING TOPICS JULY 22, 2025 GLOBAL GROUP Ransomware Surfaces with Cross-Platform Reach and Roots in Legacy Threats A new Ransomware-as-a-Service offering called GLOBAL GROUP is being marketed by a threat actor known as “Dollar Dollar Dollar” on the Ramp4u forum, aiming to recruit affiliates with promises
Microsoft
TRENDING TOPICS JULY 21, 2025 Microsoft AppLocker Mis-Config Settings Could Let Bad Apps Slip Through Security experts at Varonis found a flaw in Microsoft’s AppLocker, a tool used by businesses to control which apps can run on company computers. AppLocker works by checking specific rules, including the version
Salt Typhoon
CVE-2025-49596 Critical MCP Inspector A remote code execution vulnerability in MCP Inspector due to improper validation of serialized input during inspection routines. This vulnerability can be exploited over the network without authentication. Impact: Users should immediately upgrade to MCP Inspector version 3.9.2 or later to remediate
UNG0002
TRENDING TOPICS JULY 17, 2025 UNG0002 Deploys ClickFix Technique with Custom RAT Arsenal in Multi-Campaign Operations Cybersecurity researchers at Seqrite Labs have attributed two distinct, technically advanced cyber-espionage campaigns—Operation Cobalt Whisper (May–Sept 2024) and Operation AmberMist (Jan–May 2025)—to a state-aligned Southeast Asian threat
SVG Smuggling
TRENDING TOPICS JULY 16, 2025 SVG Smuggling Emerges as a Stealthy Tactic in Phishing Campaigns A newly observed phishing campaign is abusing SVG (Scalable Vector Graphics) files to execute browser-native redirects, allowing attackers to bypass traditional email security and malware detection systems. While SVGs are widely used and typically