Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula
Information Security Magazine
PeckBirdy Framework Tied to China-Aligned Cyber Campaigns
2 months 2 weeks ago
PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs
Over 80% of Ethical Hackers Now Use AI
2 months 2 weeks ago
Bugcrowd study reveals 82% of security researchers now use AI, a big increase from 2023 figures
Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
2 months 2 weeks ago
Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected
World Leaks Ransomware Group Claims 1.4TB Nike Data Breach
2 months 2 weeks ago
Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump
eScan Antivirus Supply Chain Breach Delivers Signed Malware
2 months 2 weeks ago
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates
CISA Releases List of Post-Quantum Cryptography Product Categories
2 months 3 weeks ago
CISA released initial list of PQC-capable hardware and software to guide companies amid quantum threats
Researchers Uncover “Haxor” SEO Poisoning Marketplace
2 months 3 weeks ago
Fortra researchers have discovered a new SEO poisoning operation known as “HaxorSEO”
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
2 months 3 weeks ago
The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach
Okta Flags Customized, Reactive Vishing Attacks Which Bypass MFA
2 months 3 weeks ago
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm
2 months 3 weeks ago
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers
2 months 3 weeks ago
Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
2 months 3 weeks ago
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Critical Appsmith Flaw Enables Account Takeovers
2 months 3 weeks ago
Critical vulnerability in Appsmith allows account takeover via flawed password reset process
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
2 months 3 weeks ago
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites
Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure
2 months 3 weeks ago
VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
2 months 3 weeks ago
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
2 months 3 weeks ago
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
Over 160,000 Companies Notify Regulators of GDPR Breaches
2 months 3 weeks ago
DLA Piper finds 22% increase in breached firms notifying European GDPR regulators
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
2 months 3 weeks ago
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
Checked
10 hours 51 minutes ago