Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.

Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.

The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.

Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.

In an ironic twist, Rockstar Games reportedly uses pirated software cracks to remove its DRM from some games they sell on Steam.

Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.'

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.

The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.

A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service (PhaaS) platform.

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks break browsing on some websites, and new ones will be released soon to address this known issue.

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.