Microsoft Confirms Windows Is Under Attack — Update Now

Attackers have not waited for Exploit Wednesday; the Microsoft Windows zero-day attacks have already started. Here’s what you need to know and do.

The Rise of Credential Stuffing Attacks

Credential stuffing attacks use stolen passwords to log in at scale. Learn how they work, why they’re rising, and how to defend with stronger authentication.
Infosecurity-magazine.com

BYOVD Attacks Exploit Zero-Day in Paragon Partition Manager

Ransomware actors have been observed exploiting a zero-day Bring Your Own Vulnerable Driver (BYOVD) flaw in Paragon Partition Manager. The CERT Coordination Center (CERT/CC) issued a security update ...

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
Hosted on MSN

Cetus Protocol $220M+ Exploit Explained: Token Spoofing & Overflow Attack on Sui

Cetus lost over $220 million after an attacker exploited a flaw in a smart contract math library. The attacker used spoof tokens and overflow bugs to trick the system into giving away real assets.
Que.com on MSN

Supply-chain extortion attacks surge as hackers exploit weak links

Supply-chain cyberattacks have entered a more aggressive phase: extortion. Instead of quietly stealing data or slipping malware into a software ...
Dark Reading

Analyzing Zero-Day Exploits Without Exposure

With the popularity of the Netflix series Zero Day among cybersecurity experts and others, the show has evolved into an interesting reference for comprehending the far-reaching effects of zero-day ...
Forbes

Telegram Zero-Day App Attack Worth $4 Million Says Russian Broker

Russians offer $4 million for Telegram Messenger hack attack. Update, March 23, 2025: This story, originally published March 22, has been updated with a statement from Telegram. When it comes to ...
Dark Reading

Browser Exploits Wane as Users Become the Attack Surface

Browser exploits continue to haunt enterprise security. In May, Microsoft patched a browser vulnerability that could allow attackers to force Edge users into Internet Explorer compatibility mode, ...
CSOonline

What are zero-day attacks and why do they work?

Zero-day attacks have become a significant concern in the realm of cybersecurity, posing a formidable challenge to individuals and organizations alike. These attacks exploit vulnerabilities that are ...
BGR

AirPlay Devices At Risk: Hackers Exploit 'Airborne' Flaws To Hijack iPhones And More

Another day, another hacker trying to steal your data. Researchers at Oligo Security reveal that flaws are being exploited to hijack Apple mobile devices and smart home gear. This new set of ...
9to5Mac

HomeKit exploit used for spyware attacks on iPhones, says Amnesty International

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers ...