More results...
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname()…
A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The te…
Cybercriminals are leveraging reports of Venezuelan President Nicolás Maduro’s arrest on January 3, 2025, to distribute backdoor malware through a sophisticated social engineering campaign. Security researchers at Darktrace have uncovered a malic…
Microsoft is expanding its administrative capabilities in Teams by introducing a new built-in role called Teams External Collaboration Administrator. This specialized RBAC role enables organizations to delegate external colla…
A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked as CV…
CrowdStrike has announced its agreement to acquire SGNL, a leading identity-first security company, for $740 million. The acquisition will strengthen CrowdStrike Falcon® Next-Gen Identity Security by adding continuous, context-aware authorization capab…
Trend Micro has issued a critical security update for Apex Central to address multiple remotely exploitable vulnerabilities, including a bug that allows unauthenticated attackers to execute code with SYSTEM-level privileges. Organizations running vuln…
Microsoft is tightening security for its cloud customers by making multi-factor authentication mandatory for anyone accessing the Microsoft 365 admin center, effectively ending password-only logins for high-privilege admin portals.&…
New research has uncovered a sophisticated phishing campaign that abuses DocuSign’s brand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access…
President Donald Trump has strongly hinted that the United States used offensive cyber capabilities to help plunge Caracas into darkness during the operation to capture Venezuelan leader Nicolás Maduro an unusually public nod to U.S. cyb…