Latest News
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop. While malvertising campaigns have become commonplace in recent years, the latest activity gives it a little twist of its own: Embedding a GitHub commit into a page URL containing
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…
Organizations are seeking assistance to fix critical vulnerabilities. Solutions that orchestrate and automate network device protection put us on the right path.
Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.
Paris, France, 2025 – iExec has announced the deployment of its privacy framework on Arbitrum, enabling the creation…
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…
The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the
Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.
There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.