A sophisticated cryptocurrency mining campaign has been identified targeting AWS customers. The attackers leverage compromised IAM credentials to deploy crypto miners, using advanced persistence techniques to evade detection and maintain operations.

Multiple critical vulnerabilities have been identified in the FreePBX platform, including SQL injection, arbitrary file upload, and an authentication bypass flaw. These vulnerabilities can lead to remote code execution (RCE) if exploited.

A Chrome extension, Urban VPN Proxy, with over six million users, has been found intercepting and exfiltrating user data from AI chatbots like OpenAI ChatGPT and Microsoft Copilot.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2018-4063, affecting Sierra Wireless AirLink ALEOS routers, to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2025-58360, affecting OSGeo GeoServer, to its Known Exploited Vulnerabilities (KEV) catalog.

A critical vulnerability, known as "SOAPwn," has been identified in the .NET Framework, allowing attackers to achieve remote code execution by exploiting WSDL imports and HTTP client proxies.

The JS#SMUGGLER campaign leverages compromised websites to deploy the NetSupport RAT, that allows attackers full control over victim systems. The campaign targets enterprise users through a sophisticated multi-stage web-based malware operation.

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday formally added a critical security flaw impacting React Server Components to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.

GoldFactory, a financially motivated cybercriminal group, has launched a new wave of attacks in Southeast Asia, targeting mobile users in Indonesia, Thailand, and Vietnam. The group uses modified banking apps to distribute Android malware.