The Hidden Danger of SVG Files with Embedded JavaScript: Zero-Click Execution
SVG files aren’t just images—they can execute JavaScript, load external scripts, and hide malicious code through encoding. In certain contexts,…
Exploit of SVG Files: A Rising Cyber Threat Vector
Cybercriminals are increasingly weaponizing SVG files to deliver hidden JavaScript and phishing payloads, bypassing traditional defenses and posing a serious…
Bouygues Telecom Confirms Massive Cyberattack Impacting 6.4 Million Customers
Bouygues Telecom has confirmed a cyberattack exposing the personal and banking details of 6.4 million customers. The breach, reported to…
The Salesforce Data Breach Tsunami: Pandora, Chanel, and the Rise of OAuth Phishing
Pandora and Chanel hit by Salesforce-related data breaches. ShinyHunters used social engineering to steal customer data, sparking concerns over third-party…
ToolShell Exploitation of SharePoint Vulnerabilities: Threat Landscape, Detection, and Mitigation
A critical zero-day exploit chain named ToolShell is actively targeting on-premises SharePoint servers, enabling remote code execution and persistent access.…
Swiss Cyber AI Conference 2026 in Lugano
Join us at Swiss Cyber AI 2026 in Lugano, where industry leaders will explore the intersection of artificial intelligence and…
New Phishing Technique Exploits “DOWNLOAD All” Excel Interface to Harvest Credentials
A new phishing technique mimics an Excel file interface with a "Download ALL" button. Users are tricked into entering credentials,…
Defending Against Play Ransomware: What Every CISO Must Know in 2025
Play ransomware resurges in 2025 with advanced TTPs and double extortion tactics. This guide equips CISOs with actionable insights for…
Cyber Risk Evaluator (CRE): The Next Standard in Cyber Resilience and Professional Certification
In an era where digital threats grow more advanced by the day, traditional cybersecurity strategies are no longer enough. The…
Global Cybercrime Crackdown: Operation Eastwood Disrupts NoName057(16) Pro-Russian Network
Operation Eastwood dismantled NoName057(16), a pro-Russian DDoS network targeting Ukraine and its allies. Coordinated by Europol and Eurojust, the global…
North Korea Expands Software Supply Chain Attacks with 67 Malicious npm Packages
North Korea’s Lazarus Group escalates its Contagious Interview campaign with XORIndex malware in npm packages, targeting developers and crypto holders…
Fortinet Patches Critical SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)
Fortinet has released a critical security patch for FortiWeb addressing CVE-2025-25257, a high-severity SQL injection vulnerability that allows unauthenticated attackers…