CVE-2025-59718
TRENDING TOPICS JAN 22, 2026 Active Exploitation of FortiGate Firewalls via FortiCloud SSO Patch Bypass (CVE-2025-59718) Arctic Wolf has observed a new cluster of automated malicious activity targeting FortiGate firewalls, involving unauthorized FortiCloud SSO logins, followed by rapid configuration changes and data exfiltration. Attackers leveraged SSO authentication bypass behavior consistent
ShadowV2
CVE-2025-59287 Critical Windows Server Update Services UNSAFE DESERIALIZATION A critical vulnerability in Windows Server Update Services (WSUS) stems from unsafe deserialization of untrusted data over the network, allowing remote attackers to execute arbitrary code on WSUS servers without authentication. Mitigation: Immediately apply Microsoft's security update, restrict WSUS exposure
DPRK
TRENDING TOPICS NOV 24, 2025 Update: DPRK Expands Contagious Interview Operation With Full Fake Job Platform Targeting U.S. AI Talent Researchers have uncovered a highly polished fake recruitment platform built as part of a new variant of the DPRK-linked Contagious Interview operation. Unlike earlier lures that relied on simple
Microsoft
TRENDING TOPICS OCT 02, 2025 Microsoft Investigates Classic Outlook Bug Blocking Access to Mailboxes Microsoft is currently investigating a major issue affecting the classic Outlook desktop client on Windows, which is preventing users from accessing their email accounts. Identified in late September 2025, this issue affects individuals who encounter repeated
PyPI
TRENDING TOPICS SEPT 25, 2025 Renewed Phishing Campaign Puts Python Package Maintainers at Risk A new wave of phishing attacks is circulating across the Python developer community, targeting PyPI maintainers once again. The scheme relies on domain confusion, with attackers registering look-alike websites to lure users into entering their credentials.
PyPI
TRENDING TOPICS SEPT 18, 2025 PyPI Tokens Revoked After GhostAction Supply Chain Attack The Python Software Foundation has confirmed that all PyPI publishing tokens stolen in early September's GhostAction supply chain attack have been invalidated, with no evidence that they were used to publish malicious packages. The incident
AWSDoor
TRENDING TOPICS SEPT 16, 2025 AWSDoor: Post-Compromise Persistence Tool in AWS AWSDoor is a post-compromise tool first identified in recent years, designed to help attackers maintain access inside AWS environments after an initial breach. It does not directly break into accounts but instead abuses AWS-native services and permissions to remain
Python
TRENDING TOPICS AUG 25, 2025 Obfuscated Python Attacks on the Rise Threat actors are increasingly embedding malicious code into Python packages on PyPI, often within projects that appear normal yet still provide the expected features. These trojanized libraries often keep their advertised functionality but quietly execute hidden routines once installed.
PyPI
TRENDING TOPICS AUGUST 18, 2025 Update: Malicious PyPI and npm Packages Fuel Supply Chain Attacks Zscaler researchers uncovered new supply chain threats involving malicious Python and JavaScript packages planted in popular repositories. On PyPI, attackers uploaded a package named termncolor, which relied on a dependency called colorinal to deliver a
Google Gemini
TRENDING TOPICS JULY 29, 2025 Gemini CLI Vulnerability Enables Silent Attacks Through Malicious Code Repos A vulnerability in Google’s Gemini CLI tool allowed attackers to silently run harmful commands on a developer’s machine by hiding instructions inside files, including README[.]md. This flaw was discovered by Tracebit just
Python
TRENDING TOPICS JUNE 27, 2025 Malicious Typosquatted Python Package Triggers Forced Shutdowns on Windows Systems A newly discovered malicious Python package, “psslib,” has been identified on the Python Package Index (PyPI), posing as the widely used “passlib” library in a targeted typosquatting campaign. This fake package exploits the trust developers
GrayAlpha
TRENDING TOPICS JUNE 16, 2025 GrayAlpha Group Leverages Sophisticated Malware and Deceptive Tactics in Ongoing Attacks A newly exposed infrastructure tied to the cybercriminal group GrayAlpha believed to overlap with the notorious FIN7 hacking group, reveals a range of sophisticated tactics targeting the Retail, Hospitality, and Financial sectors. Active since