Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
ThreatsDay Bulletin covers this week’s cyber threats, from phishing and ransomware to exposed AI systems, sandbox flaws, and ...
CISA added CVE-2026-45659 SharePoint Server RCE to KEV following confirmed exploitation, requiring U.S. agencies to patch by ...
Arctic Wolf says Anubis affiliates abused RMM tools, VPN logins, RDP, PsExec, and cloud-transfer tools before ransomware ...
GTIG says 316 threat clusters used suspected NetNut exit nodes in one June week to hide locations and run password-guessing ...
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this ...
Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...
Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
Symantec and Carbon Black link Mistic backdoor attacks to KongTuke, using ClickFix lures and in-memory execution for stealthy ...
Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
Peter Stokes, 19, faces U.S. charges tied to at least four alleged intrusions, including a 2025 jewelry retailer hack.
AIR says its fake AI skill passed scanner checks by using a mutable external link, exposing a blind spot in agent skill ...