Live Feeds
-
“Lighthouse” Phishing Kit Powers Global Smishing Attacks
The ‘Lighthouse’ Phishing-as-a-Service (PhaaS) is a sophisticated cybercrime operation that enables extensive SMS phishing (smishing) attacks, impacting millions globally by illegally obtaining sensitive user credentials and banking details.
-
CitrixBleed: Critical Flaw Leads to Session Hijacking and MFA Bypass
CitrixBleed is a critical information-disclosure vulnerability affecting Citrix NetScaler ADC and Gateway systems. Attackers exploit this flaw to steal session tokens, hijack user sessions, and bypass multi-factor authentication, leading to data breaches, system compromise, and digital espionage by APT groups and cybercriminals.
-
Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency
Microsoft Exchange servers 2016 and 2019 are nearing end-of-life this October, posing an imminent threat due to critical vulnerabilities. This advisory follows the Storm-0558 breach, prompting CISA and NSA to issue security best practices. Organizations must migrate and implement robust defenses amidst Microsoft’s Secure Future Initiative.
-
UK Tests Response to Malicious Use of Hazardous Substances
The United Kingdom tested its response to large-scale chemical, biological, radiological, nuclear, or explosive (CBRNE) incidents.
-
Lavrov Urges US to Accept New START Extension
Russian Foreign Minister Sergei Lavrov urged the United States to accept Moscow’s offer: extend the New START nuclear arms reduction treaty for one year.
-
U.S. Army Certifies Rapid Anti-Drone Response Team
U.S. Army Northern Command certified a new rapid response team to neutralize drone threats against domestic military installations, marking a significant operational shift in homeland defense.
-
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library
Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control over hundreds of affected projects.
-
Military Veterans Strengthening Cybersecurity
Military veterans are increasingly filling critical cybersecurity roles, leveraging their discipline and problem-solving skills to address the global talent shortage.
-
Russia’s Ulyanovsk Region Imposes Permanent Mobile Internet Blackout
Russia’s Ulyanovsk region imposed the country’s first permanent mobile internet blackout, citing security concerns related to the ongoing “special military operation” in Ukraine.
-
OWASP Updates Top 10 Risks, Highlights Supply Chain and Systemic Flaws
OWASP has updated its Top 10 list of web application security risks, highlighting supply chain and systemic design weaknesses, marking its first major revision since 2021.