Security Intelligence
APT29’s tactics age like a ‘fine wine’
APT29 uses deceptive emails mimicking invitations to wine-tasting events, enticing recipients to download a malicious...
Security Intelligence
Issue in Microsoft's "leaked credentials" feature triggers widespread lockouts
Rollout of new Microsoft leaked credentials feature inadvertently causes widespread account lockouts across various...
Security Intelligence
New ResolverRAT sniffs around healthcare & pharmaceutical organizations
A newly identified remote access trojan (RAT) called ResolverRAT is actively targeting healthcare and pharmaceutical...
Security Intelligence
Dude, where’s my smart car?: Nissan Edition
Researchers uncover significant vulnerabilities in the 2020 Nissan Leaf electric vehicle.
Security Intelligence
Google patches longstanding privacy issue in Chrome
Google addresses longstanding privacy issue in Chrome that allowed websites to detect users' browsing history.
Security Intelligence
Threat actors using new technique to exploit 2023 FortiOS flaw
Threat actors observed leveraging new method to exploit previously patched FortiOS vulnerability.
Security Intelligence
Threat actors likely to exploit U.S. tariff confusion
Field Effect security intelligence warns threat actors likely to leverage U.S. tariff confusion for phishing campaigns.
Security Intelligence
Unpaid toll-themed smishing campaign gives victims no free ‘E-ZPass’
Smishing campaign mimics E-ZPass and other U.S.-based toll agencies and sending fraudulent text messages to individuals.
Security Intelligence
Five Eyes warn threat actors increasing use of ‘fast flux’ technique
Cybercriminals are increasingly using a tactic called “fast flux” to hide their infrastructure and hinder takedown...
Security Intelligence
Zero-day vulnerability in Ivanti Connect Secure exploited for weeks
Ivanti reports suspected Chinese state-sponsored threat actor UNC5221 exploiting zero-day vulnerability in Connect...
Security Intelligence
Max-severity vulnerability discovered in Apache Parquet, patch now
Max severity remote code execution ulnerability, designated CVE-2025-30065, discovered in Apache Parquet.
Security Intelligence
A tale of two CVEs: Dispute over CrushFTP’s recent vulnerability
Confusion ensues after two different CVEs are assigned to the same actively exploited CrushFTP vulnerability.