CrowdStrike links Oracle EBS CVE-2025-61882 (CVSS 9.8) to Cl0p with moderate confidence; CISA adds to KEV, patch by Oct 27, 2025.

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year.

A single malicious URL can hijack Comet AI browser, exfiltrating emails, calendar, and user memory via encoded payloads.

Perplexity's Comet browser could until recently be hijacked by malicious links, causing it to siphon personal information and send it to mock attackers.

In a new security advisory, CISA said it was tipped off on cybercriminals using CVE-2025-4427, and CVE-2025-4428 - both affecting Ivanti’s Endpoint Manager Mobile (EPMM) solutions - to obtain initial ...

CISA releases detailed analysis of malware exploiting Ivanti EPMM vulnerabilities CVE-2025-4427 and CVE-2025-4428, providing detection signatures and response.

A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and ...

OS users are being tricked in the ongoing campaign with fake GitHub pages that deliver the Atomic infostealer.

CVE-2025-4427 is an authentication bypass vulnerability and CVE-2025-4428 is a post-authentication remote code execution (RCE) flaw. The two can be chained to run malware on - and hijack - vulnerable ...

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a self-replicating worm infiltrated the npm registry and compromised more than 180 ...

Researchers have uncovered two backdoors planted on compromised WordPress websites that were designed to generate administrator accounts ...