Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Muck Stealer Malware Used Alongside Phishing in New Attack Waves

A new report from Cofense reveals that cybercriminals are blending phishing and malware, including Muck Stealer, Info Stealer,…

HackRead
Open in Source
#android#windows#microsoft#intel
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. "

CVE-2025-10201: Chromium: CVE-2025-10201 Inappropriate implementation in Mojo

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

CVE-2025-10200: Chromium: CVE-2025-10200 Use after free in Serviceworker

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

Beaches and breaches

Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.

Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack

US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware…

Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. "Without timely action, Microsoft's culture of negligent cybersecurity, combined with its de facto monopolization of the

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025. SonicWall subsequently revealed the SSL VPN activity aimed at its

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from compromised hosts. "The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to