Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

SafeBreach researchers developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows ...

The final weeks of 2025 did not arrive quietly. A single software flaw rippled across the internet, healthcare providers disclosed deeply personal data exposures, and millions of everyday devices ...

A cybersecurity researcher at Thales has demonstrated that a single e-book, imported outside official channels, can be enough to exploit a vulnerability that could give hackers full control of the ...

Malicious Chrome and Edge extensions collected browsing history, keystrokes and personal data from millions of users before Google and Microsoft removed them.

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...

A newly uncovered Chinese threat group known as DarkSpectre has been linked to one of the most widespread browser extension ...

ESET researchers offer a deep dive analysis of the CVE 2025 50165 vulnerability and provide their method to reproduce the crash using a simple 12-bit or 16-bit JPG image, and an examination of the ...

In many regards, 2025 proved to be a relatively normal year for the cyber security world as threat actors and security pros continued their long-running cat-and-mouse game, but it was also a stand-out ...

Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more infosec in brief The Trump ...

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.