If you're unaware, web browsers are horribly insecure. They're like a ship with a thousand holes and a thousand sailors with ...

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters ...

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers ...

European officials have confirmed the arrest of the alleged administrator behind XSS.is, one of the longest-running Russian-language cybercrime forums. Per Europol, the alleged administrator was ...

Yesterday, Ukrainian authorities arrested the suspected administrator of a notorious Russian-language crime forum, XSS.is. In an X post, the Paris Prosecutor’s Office announced that Ukrainian ...

Security researchers have urged DevOps teams to patch a high-severity flaw in popular tool Grafana that could be putting them at risk of account takeover attacks. Ox Security warned on Sunday that CVE ...

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, ...

A threat intelligence company called Prodaft is offering users of Dark Web cybercrime forums a new deal: The cyber firm will pay to take accounts off cybercriminals' hands while guaranteeing the ...

While unpatched instances were reduced to half within a month, a huge number of them remain vulnerable even as attackers exploit the flaw in the wild for critical RCE attacks. Businesses around the ...

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an ...