The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The flaws are an authentication bypass in EPMM’s API...

Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs patching. The vendor issued an advisory for CVE-2025-10035 on Thursday, saying successful exploitation can potentially...

Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based managed file transfer tool that helps organizations securely...

Thalha Jubair, one of the two UK teens arrested on Tuesday and accused of being members of the notorious Scattered Spider cybercrime gang, allegedly played a role in bilking more than 100 organizations out of at least $115 million in ransom payments. The cops...

A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide. Dirk-jan Mollema reported the finding to the Microsoft Security Research Center (MSRC) in July. The issue was fixed and confirmed as...

ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email. Deep Research, a tool unveiled by OpenAI in February, enables users to ask ChatGPT to browse the internet or their...

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Key points of this blogpost: In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a...

OpenAI is finally rolling out a toggle that allows you to decide how hard the GPT-5-thinking model can think. This feature is rolling out to Plus and Pro subscribers. OpenAI has been testing the toggle for several weeks now. Previously, OpenAI planned to ship a...

Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser. The vuln, tracked as CVE-2025-10585, is a type confusion flaw in the V8...

Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom. Believed to be members of the notorious Scattered Spider hacking collective, 18-year-old Owen Flowers from Walsall and...