A critical security vulnerability has been discovered in the popular SureForms WordPress plugin, putting over 200,000 active installations at risk of complete website takeover.
The flaw, designated CVE-2025-6691 with a high CVSS rating of 8.8, allows unauthenticated attackers to delete arbitrary files from affected...
Security researchers have identified a new variant of the macOS.ZuRu malware that specifically targets developers and IT professionals through a trojanized version of the popular SSH client Termius.
This latest evolution of the malware, which first emerged in July 2021, demonstrates increasingly sophisticated techniques...
Cybercriminals have successfully orchestrated a sophisticated attack targeting blockchain developers, stealing $500,000 in cryptocurrency from a Russian developer through a malicious code extension designed for AI-powered development environments.
This incident highlights the growing threat of weaponized open-source packages in the cryptocurrency ecosystem.
The Sophisticated Deception
In...
Cybersecurity researchers at ANY.RUN has uncovered sophisticated new techniques employed by an advanced Android packer dubbed "Ducex," discovered within samples of the notorious Triada malware family.
The packer, found embedded in a fake Telegram application, represents a significant evolution in mobile malware obfuscation capabilities...
Schneider Electric has disclosed multiple critical security vulnerabilities in its EcoStruxure IT Data Center Expert software that could allow attackers to execute remote commands and compromise data center operations.
The vulnerabilities, affecting all versions 8.3 and prior of the monitoring software, include a maximum...
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) today sanctioned Song Kum Hyok, a North Korean cyber actor linked to the Democratic People's Republic of Korea (DPRK) Reconnaissance General Bureau's hacking group Andariel, along with a Russia-based network of individuals and entities...