Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.

A newly uncovered campaign by the Lampion banking malware group has targeted Portuguese organizations in the government, finance, and transportation sectors. Lampion is an info stealer known for stealing sensitive banking credentials.

IBM has disclosed two high-severity vulnerabilities in its Cognos Analytics platform—CVE-2024-40695 and CVE-2024-51466. These flaws allow unauthorized file uploads and remote code execution.

A newly uncovered fraud syndicate named ALTSRUS is exploiting vulnerable segments of the digital economy by stealing and reselling accounts tied to Electronic Benefit Transfer (EBT), pharmacy prescriptions, and consumer rewards programs.

A malicious Python package named discordpydebug was uploaded to PyPI, posing as a debugging tool for Discord bot developers. Despite lacking a README or documentation, it was downloaded over 11,000 times.

Snowflake’s CORTEX Search Service introduces a critical security risk: unintended data exposure. This vulnerability persists even in environments with tightly configured access and masking policies due to the inherent design of the AI service.

Threat actors are actively exploiting critical vulnerabilities in end-of-life (EoL) GeoVision IoT devices and Samsung MagicINFO servers to deploy the Mirai botnet. These attacks leverage command injection and path traversal flaws.

The vulnerability stems from inadequate input validation in the file upload functionality of Samsung MagicINFO 9 Server. Specifically, the server fails to sanitize filename inputs and does not enforce file extension or authentication checks.