Microsoft has announced a serious security flaw in its on-premise Exchange Server that could let attackers gain unauthorized access to cloud systems without leaving obvious signs of their actions. The flaw, known as CVE-2025-53786, has a severity rating of 8.0 out of 10. It was reported by Dirk-jan Mollema from Outsider Security. In hybrid environments […]
SonicWall has announced that recent attacks targeting its firewalls, which protect networks and allow remote work through VPNs, are due to an old security flaw that has already been fixed. These attacks are not caused by a new, unknown vulnerability. The company explained that the attacks are related to a security issue called CVE-2024-40766, which […]
The U.S. National Nuclear Security Administration (NNSA), the agency responsible for maintaining and designing the nation’s nuclear weapons, was among the organizations affected by a recent cyberattack exploiting a vulnerability in Microsoft’s SharePoint document management software. The breach was reported on July 22, 2025, citing anonymous sources familiar with the matter. While the NNSA has […]
Security experts have uncovered a new wave of malware targeting Apple Mac users, delivered through a clever trick involving fake CAPTCHA pop-ups. When someone visits a compromised website, they’re greeted with a seemingly harmless “I’m not a robot” checkbox. But clicking it secretly copies a dangerous command into their clipboard and prompts them to open […]
Google has recently identified a dangerous security flaw in its Chrome browser that hackers are actively using to attack unsuspecting users. This type of flaw is known as a “zero-day vulnerability,” meaning it was discovered by bad actors before the company had a chance to fix it. The specific weakness lies in Chrome’s Visuals component, […]
On July 22, 2025, the U.S. government issued an urgent warning after discovering that foreign hackers had found a way to break into Microsoft SharePoint, a popular tool used by many businesses and government agencies to share documents and collaborate online. The Cybersecurity and Infrastructure Security Agency (CISA), which helps protect the country from cyberattacks, […]
Cybersecurity experts have uncovered a sprawling scam operation involving more than 17,000 fabricated news websites, operating across some 50 countries. This criminal network—referred to as “BaitTrap”—specializes in luring unsuspecting individuals into investment fraud schemes, cleverly disguised behind the façade of legitimate news outlets like CNN, BBC, and CNBC. The scam begins with professional-looking fake news […]
Hackers have stepped up a new phishing method that uses malicious PDF attachments to impersonate well-known companies like Microsoft and DocuSign. These fake PDFs encourage recipients to call phone numbers controlled by the attackers, pretending to be customer support representatives. This technique, called callback phishing or Telephone-Oriented Attack Delivery (TOAD), is becoming increasingly common. During […]
Cybercriminals are using fake identities and websites to trick people in the cryptocurrency community into downloading harmful software. Disguising themselves as legitimate AI, gaming, and Web3 companies, these attackers have created an elaborate scam that targets both Windows and macOS users. Their goal is to steal valuable data and drain digital wallets. The operation begins […]
AMD has issued a warning about a newly discovered class of microarchitectural vulnerabilities, dubbed Transient Scheduler Attacks (TSA), that affect a broad range of its processors, including desktop, mobile, and server chips. These flaws arise from speculative scheduling behavior within the CPU, where timing differences during instruction execution can allow attackers to infer sensitive data […]