SolarWinds fixes a series of high-impact flaws in its Web Help Desk platform, releasing a security update that patches six vulnerabilities—four of which attackers could exploit without authentication. These critical issues, identified by researchers from watchTowr and Horizon3.ai, include remote code execution (RCE) risks and authentication bypasses. Among the flaws, CVE-2025-40552 and CVE-2025-40554 allow access […]
The U.S. pushes global AI cybersecurity standards as part of a broader diplomatic initiative aimed at shaping international norms around emerging technologies. American officials are leveraging foreign relations to align global practices with the federal government’s evolving approach to artificial intelligence and digital security. This move ties directly into the forthcoming national cybersecurity strategy, which […]
An ex-Google engineer convicted of stealing over 2,000 confidential documents has been found guilty by a U.S. federal jury, the Department of Justice announced Thursday. Linwei Ding, also known as Leon Ding, faces seven counts of economic espionage and seven counts of trade secret theft. Prosecutors said the stolen information contained critical artificial intelligence data […]
Ivanti has issued emergency updates to address two critical-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) software, as ivanti patches exploited EPMM zero-days actively used in recent attacks. The flaws, which affect certain versions of the platform, could allow unauthenticated remote attackers to execute arbitrary code. That level of access raises serious concerns for organizations […]
A newly discovered exploit known as the WinRAR Zeroplayer flaw has emerged as a high-value tool for state-sponsored actors and cybercriminals. Tracked as CVE-2025-8088, the vulnerability affects one of the world’s most widely used file archivers, making it a prime target for espionage campaigns and covert intrusions. Security researchers recently observed a growing wave of […]
A critical vulnerability dubbed CVE-2026-24002 exposes a powerful attack vector through a Grist sandbox bug, according to researchers at Cyera Research Labs. The flaw in the Grist-Core platform allows malicious spreadsheet formulas to bypass sandbox protections, opening the door to remote code execution (RCE). Attackers could weaponize seemingly harmless spreadsheets to compromise entire systems. This […]
A sophisticated cyberattack struck the Polish power infrastructure in late December, targeting around 30 distributed energy resource sites in what officials are calling a significant poland energy grid attack. The incident disrupted systems at multiple facilities nationwide, including combined heat and power plants, as well as wind and solar energy dispatch centers. Security analysts say […]
Google patches a high-severity vulnerability tracked as CVE-2026-1504 in the latest Chrome Stable update, issued on January 28. The new release—version 144.0.7559.109/110 for Windows and macOS, and 144.0.7559.109 for Linux—targets a flaw involving the Background Fetch API. This security issue could allow malicious actors to exploit browser behavior and potentially compromise user data. The vulnerability […]
Fortinet blocks an exploited FortiCloud single sign-on (SSO) vulnerability as it works to develop and release a permanent fix. The company confirmed that threat actors have already taken advantage of the zero-day flaw, identified as CVE-2026-24858, which allows authentication bypass in FortiCloud SSO. In response, Fortinet has disabled SSO connections from devices running affected firmware, […]
WhatsApp enables a lockdown feature designed to defend high-risk users from sophisticated cyber threats, according to an announcement from Meta. The new “Strict Account Settings” option empowers users to apply the most restrictive privacy controls with just a few taps. Once activated, the feature blocks attachments and silences calls from unknown contacts, limiting potential attack […]
A China-linked cyberespionage group, dubbed Salt Typhoon, is accused of infiltrating mobile devices belonging to aides of UK prime ministers, according to reports. The attackers allegedly gained access to handsets used by senior government personnel, raising alarms over the potential compromise of sensitive communications. Salt Typhoon, suspected to operate under state direction, allegedly conducted the […]
Cybercriminals and advanced threat actors linked to nation-states are actively leveraging a WinRAR defect exploited for over six months to launch targeted attacks. The flaw has become a reliable entry point in espionage campaigns against military, government, and technology organizations, according to new threat intelligence reports. These malicious actors use the vulnerability to gain persistent […]