Cyber Security

A critical remote code execution vulnerability in Erlang/OTP's SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit. The vulnerability, tracked as CVE-2025-32433 and assigned...

In today's hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology that helps organizations systematically identify, evaluate, and prioritize potential security...

The future of GRC (Governance, Risk, and Compliance) is being reshaped as organizations navigate complex challenges at the crossroads of sustainability, digital security, and regulatory oversight. Traditional GRC frameworks that treated these domains as separate...

A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT).  First identified in 2021 during an investigation into the CVE-2021-40449 zero-day vulnerability, MysterySnail RAT had...

Chinese Ambassador to Russia Zhang Hanhui has officially announced Beijing's intention to strengthen strategic cooperation with Moscow in cybersecurity, signaling a significant expansion of the two nations' digital partnership.  The announcement comes as both countries...

Harvest SAS, a leading French fintech company specializing in wealth management software, has fallen victim to a sophisticated ransomware attack.  The ransomware attack was first detected on February 27, 2025, but Harvest publicly disclosed the...

A critical vulnerability in the Erlang/Open Telecom Platform (OTP) SSH implementation that allows attackers to execute arbitrary code without authentication.  The flaw, tracked as CVE-2025-32433, has been assigned the maximum CVSS score of 10.0, indicating...

Cybercriminals are capitalizing on the explosive growth of generative AI tools, deploying sophisticated campaigns that impersonate popular software like CapCut, Adobe Express, and Canva to distribute malware and hijack devices. ESET warns that content...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority advisory following reports of unauthorized access to a legacy Oracle Cloud environment.  While Oracle disputes claims of a significant breach, CISA warns that the...

A critical vulnerability in PHP's extract() function enables attackers to trigger memory corruption that can lead to arbitrary native code execution across multiple PHP versions.  The vulnerability stems from a memory management issue that can...