23+ hour, 15+ min ago  (619+ words) Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare. A threat actor has been abusing the internet infrastructure top-level domain (TLD) .arpa to host phishing content on domains that should not resolve to…...

22+ hour, 30+ min ago  (484+ words) Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. A new variant of the ClickFix attack evades detection by instructing victims to use Windows Terminal instead of the Run dialog, Microsoft…...

23+ hour, 39+ min ago  (538+ words) Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. A new variant of the ClickFix attack relies on cloned webpages for popular development tools to distribute information-stealing malware, Push Security reports. As part of the campaign,…...

1+ day, 23+ hour ago  (502+ words) Exposure management company WatchTowr reports that a recent Cisco Catalyst SD-WAN vulnerability, initially exploited as a zero-day, is now being used more frequently by threat actors. The in-the-wild exploitation of four Cisco Catalyst SD-WAN vulnerabilities came to light in recent…...

2+ day, 23+ hour ago  (449+ words) A new information stealer has been distributed through a network of more than 100 GitHub repositories, Trend Micro reports. Dubbed BoryptGrab, the malware can harvest browser and cryptocurrency wallet data, along with system information and user files. Additionally, certain iterations of…...

3+ day, 17+ hour ago  (476+ words) The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1. The US cybersecurity agency CISA on Thursday expanded the Known Exploited Vulnerabilities (KEV) list with five flaws, including three bugs targeted by the nation-state-grade Coruna iOS exploit kit. Coruna contains…...

4+ day, 23+ hour ago  (471+ words) The networking giant has added the recently patched CVE-2026-20128 and CVE-2026-20122 to the list of exploited vulnerabilities. Cisco is warning customers that two recently patched Catalyst SD-WAN vulnerabilities are being exploited in the wild." The networking giant informed customers on…...

4+ day, 21+ hour ago  (728+ words) Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead." Google's Threat Intelligence Group (GTIG) reported on Thursday that 90 zero-day vulnerabilities were exploited in the wild in…...

5+ day, 3+ hour ago  (490+ words) Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products. Cisco on Wednesday announced fixes for 50 vulnerabilities across its products, including 48 affecting Firewall ASA, Secure FMC, and Secure FTD appliances. The first of them,…...

5+ day, 23+ hour ago  (663+ words) Employees seeking free versions of paid software may unknowingly install malware-laced "cracked" apps that can steal credentials, deploy cryptominers, or open the door to ransomware. Getting your hands on free software may seem attractive, but is often dangerous." Employees welcome…...