A critical security vulnerability has been disclosed in ManageEngine’s Exchange Reporter Plus, a popular enterprise solution for monitoring and reporting on Microsoft Exchange environments.
Tracked as CVE-2025-3835, this flaw exposes organizations to remote code execution (RCE) risks, enabling attackers to execute arbitrary commands on affected...
A critical security vulnerability recently uncovered in Google’s account recovery process could have led to the exposure of users’ phone numbers even those who thought themselves protected.
This issue emerged when a security researcher, testing Google’s resilience against JavaScript-disabled attacks, found that an endpoint...
Silent Push Threat Analysts have uncovered a large-scale and technically sophisticated scam campaign dubbed GhostVendors, involving over 4,000 fraudulent domains impersonating dozens of major retail, apparel, and specialty brands globally.
This fake marketplace scam exploits social media advertising platforms primarily Facebook Marketplace to promote counterfeit...
Kettering Health, a leading healthcare provider in Ohio, recently announced that five of its medical centers have earned “A” grades in hospital safety for the spring rating period from The Leapfrog Group, an independent national watchdog.
However, concurrently, the health system shared concerning news: confirmation...
Security researchers have recently uncovered a new wave of cyberattacks targeting TBK DVR devices through the exploitation of a critical vulnerability known as CVE-2024-3721.
This campaign is being conducted by a variant of the infamous Mirai botnet, which has been adapted and repurposed by...
Security researchers have identified an advanced Windows-based malware dubbed Blitz, which is being used to compromise servers and desktops for cryptocurrency mining and data exfiltration.
Technical Analysis of the Blitz Malware Attack
Blitz’s Two-Stage Architecture
Blitz is a modular malware that operates in two distinct phases:
Stage 1:...