What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Ea
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, a
ExamOnline's compliance posture - ISO 27001, ISO 9001, GDPR-compliant, and CERT-In certified - speaks directly to the kind of trust infrastructure ...
CERT-In continues to provide threat advisories and mitigation guidance for critical infrastructure sectors. This move reflects IRDAI's focus on ...
While an independent firm investigates, initial assessments indicate no material impact on business continuity or operations, with CERT-in also ...
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”
By Niall Browne, CEO and Founder, AIBound Shadow AI is accelerating alongside artificial intelligence (AI) adoption at a pace that has outgrown most enterprise governance models. Artificial intelligence (AI) adoption is accelerating at a pace that has outgrown most enterprise governance models. Acco
The UK’s National Cyber Security Centre (NCSC) has warned organizations to take a measured approach toward adopting agentic AI, highlighting the growing cyber and operational risks associated with highly autonomous AI systems. In a new guidance document co-authored with international partners, the N
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]
A critical remote code execution (RCE) vulnerability has been discovered in Anthropic’s Claude Code CLI tool, allowing attackers to execute arbitrary commands on a victim’s machine by tricking them into clicking a specially crafted deeplink. The flaw, now patched in Claude Code version 2.1.118, was
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek.
Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is not just encrypting data, but also running a business-like operation that sells access, leaks stolen files, and recruits partners to spread
Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection. Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working kernel local pr
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]
A. India's cybersecurity framework has evolved significantly over the past decade, from having virtually no legal structure in 2000 to introducing ...
CERT-In (2025) Annual Report on Cybersecurity Incidents in India 2025. New Delhi: Ministry of Electronics and Information Technology. Cihon, P ...
The European Union is facing renewed criticism over its failure to stop the export of surveillance technology to governments accused of human rights violations, according to a new report released by Human Rights Watch. The report claims that despite the EU’s landmark Dual-Use Regulation introduced i