The vulnerability in TeamT5 ThreatSonar Anti-Ransomware allows remote attackers with administrator privileges to upload malicious files, potentially leading to arbitrary command execution on the server.

The cybersecurity landscape is increasingly threatened by state-sponsored groups, particularly from China and Russia, targeting critical infrastructure in the US. Notably, the Volt Typhoon group has been embedding malware in US energy networks.

Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.

Keenadu is a sophisticated backdoor targeting Android devices by embedding itself into the firmware. It mirrors the behavior of the Triada backdoor, allowing attackers to control devices remotely and exfiltrate data.

The SmartLoader campaign involves a sophisticated attack using a trojanized Oura MCP server to deploy the StealC infostealer. Threat actors have invested months in building credibility by creating fake GitHub accounts and repositories.

A cyberespionage campaign targets supporters of Iran's anti-government protests, focusing on Farsi-speaking Iranians, activists, and journalists. The campaign exploits the ongoing internet blackout in Iran and is linked to Iranian-aligned hackers.

A recent study by academic researchers uncovered 27 vulnerabilities in popular cloud-based password managers: Bitwarden, LastPass, Dashlane, and 1Password. These vulnerabilities allow attackers to view and change passwords.

OpenClaw, formerly known as ClawdBot and MoltBot, is a widely adopted AI assistant framework that has become a target for infostealer malware. This malware is capable of stealing sensitive configuration files.

Academic Urology & Urogynecology of Arizona has notified over 73,000 individuals of a data breach that compromised sensitive personal, financial, and medical information. The breach is attributed to the ransomware group Inc.

CVE-2026-1731, a critical unauthenticated OS command injection vulnerability, is being actively exploited in self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments.