Attackers are exploiting a decade-old EnCase driver to disable 59 endpoint security products. The driver's certificate, issued on December 15, 2006, allows it to load on modern Windows systems due to Microsoft's backward compatibility policies.

The Ilevia EVE X1 Server has been found to contain multiple critical vulnerabilities that could allow attackers to execute arbitrary commands, disclose sensitive information, and escalate privileges.

Marco Stealer is a sophisticated information stealer targeting browser data, cryptocurrency wallets, and sensitive files. It employs advanced anti-analysis techniques and uses AES-256 encryption for secure C2 communication.

The AISURU/Kimwolf botnet has launched a record-setting DDoS attack, peaking at 31.4 Tbps. This attack is part of a significant increase in DDoS activity in 2025, with Cloudflare mitigating over 47.1 million attacks throughout the year.

CISA has added two vulnerabilities, CVE-2025-11953 and CVE-2026-24423, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited and pose significant risks to federal enterprises.

A recent Android malware campaign has been identified, exploiting the Hugging Face platform to distribute thousands of malicious APK variants. The malware, disguised as a security tool named TrustBastion.

Two critical vulnerabilities, collectively known as "LookOut," have been identified in Google Looker, a business intelligence platform used by over 60,000 organizations globally.

CISA issued a warning regarding a five-year-old GitLab vulnerability that is actively being exploited. CISA has urged all organizations, including those in the private sector, to prioritize securing their devices against these ongoing attacks.

CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab, posing significant security risks to affected systems.

Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud and Foxit eSign. These vulnerabilities could allow attackers to execute arbitrary JavaScript within a user's browser.