Threats

A significant surge in sophisticated recruitment scams has emerged, with cybercriminals exploiting economic vulnerabilities and the competitive job market to target desperate job seekers. These scams employ increasingly refined social engineering tactics that blend legitimate...

A critical remote code execution vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324) is being actively exploited by a Chinese threat actor to compromise enterprise systems worldwide. The vulnerability allows attackers to achieve remote code execution...

Cybersecurity experts have uncovered a sophisticated attack campaign targeting IT administrators through search engine optimization (SEO) poisoning tactics. Threat actors are leveraging advanced SEO techniques to push malicious versions of commonly used administrative tools to...

A seemingly innocent Python package has been unmasked as a sophisticated remote access trojan (RAT) targeting the Discord developer community. On March 21, 2022, a package named 'discordpydebug' appeared on the Python Package Index (PyPI)...

A sophisticated supply chain attack targeting the popular npm package 'rand-user-agent' was discovered on May 5, 2025. The compromise affects a legitimate JavaScript library used to generate randomized user-agent strings for web scraping operations, inserting...

Cybersecurity experts have identified an escalating campaign by the notorious hacker collective Scattered Spider, which continues to evolve its sophisticated attack methods in 2025. The group, active since at least 2022, has shifted focus to...

Cybercriminals have developed sophisticated vishing techniques that leverage multimedia file formats to bypass security systems and target unsuspecting victims. These new attack vectors, observed in early 2025, represent an evolution in social engineering tactics where...

A sophisticated multilayered email attack campaign has emerged, utilizing weaponized PDF invoices as the initial vector to deliver remote access trojan (RAT) malware across multiple platforms. The attack primarily targets Windows systems but can also...

A sprawling phishing operation dubbed "FreeDrain" has emerged as an industrial-scale cryptocurrency theft network that systematically targets and drains digital wallets. This sophisticated campaign leverages search engine manipulation and free-tier web hosting services to create...

Cybersecurity researchers have identified a growing threat vector targeting artificial intelligence systems through a technique known as indirect prompt injection. Unlike traditional attacks that directly manipulate an LLM's user interface, these sophisticated attacks embed malicious...