The Attack That Requires No Click In June 2025, Microsoft patched a critical vulnerability in Microsoft 365 Copilot — one that its discoverers at Aim Security described as something thatRead More →
A threat operation attributed to actors aligned with Iran’s Ministry of Intelligence and Security (MOIS) has compromised the personal email account of FBI Director Kash Patel, exposing historical communications andRead More →
Iron Mountain Incorporated is a global information management company with a long history in data storage, records management, backup and recovery, and secure shredding, serving a massive worldwide customer base.Read More →
On 23 November 2025, Iberia disclosed a security incident stemming from an unauthorized access to the systems of a third-party supplier / vendor.The airline communicated to impacted customers that certainRead More →
In what is being described as one of the most consequential cyber-espionage operations of the year, US technology vendor F5 Networks has confirmed that nation-state threat actors successfully infiltrated itsRead More →
Google has warned that the recent Salesloft OAuth breach, attributed to threat group UNC6395, is not limited to Salesforce as initially reported. Instead, the attack affects all third-party SaaS integrationsRead More →
A newly discovered phishing campaign is leveraging a Unicode homoglyph trick to impersonate Booking.com and distribute malicious MSI installers capable of delivering infostealers or remote access trojans (RATs). This attack,Read More →
Two previously unknown zero-day vulnerabilities in Microsoft SharePoint Server (on-premises) are being actively exploited in the wild as part of a highly coordinated espionage campaign. Microsoft has linked these attacksRead More →
A newly disclosed pair of critical vulnerabilities in Sudo — the powerful Unix/Linux command-line tool that allows users to run commands as root — poses a significant local privilege escalationRead More →