17 Jul, 2026

Microsoft: December security updates cause Message Queuing failures

Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. This known issue affects Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems that have installed the KB5071546, KB5071544, and KB5071543 security updates released during this month’s Patch Tuesday. On impacted systems, users […]

2 mins read

Beware: PayPal subscriptions abused to send fake purchase emails

An email scam is abusing abusing PayPal’s “Subscriptions” billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. Over the past couple of months, people have reported [1, 2] receiving emails from PayPal stating, “Your automatic payment is no longer active.”  The email includes a customer service URL field […]

5 mins read

CyberVolk’s ransomware debut stumbles on cryptography weakness

The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. According to SentinelOne researchers who examined the new ransomware family, the encryptor uses a hardcoded master key in the binary, which is also written in plaintext in a hidden file on […]

3 mins read

Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks

Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174 and were both issued in response to the same reported exploitation. “Apple is aware of a report that this issue may have been exploited in an […]

2 mins read

Coupang data breach traced to ex-employee who retained system access

A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. This was shared by the Seoul Metropolitan Police Agency with local news outlets, following an investigation that included a raid on the firm’s offices earlier […]

2 mins read

Fake ‘One Battle After Another’ torrent hides malware in subtitles

A fake torrent for Leonardo DiCaprio’s ‘One Battle After Another’ hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. The malicious torrent file was discovered by Bitdefender researchers while investigating a spike in detections related to the movie. One Battle After Another is a highly rated […]

3 mins read

Kali Linux 2025.4 released with 3 new tools, desktop updates

Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. Kali Linux is a distribution designed for cybersecurity professionals and ethical hackers to perform red-teaming, penetration testing, security assessments, and network research. The distribution is […]

4 mins read

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. RasMan is a critical Windows system service that starts automatically, runs in the background with SYSTEM-level privileges, and manages VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections. ACROS Security […]

2 mins read

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing threat actors to launch denial-of-service attacks, access confidential data, or perform […]

2 mins read

MITRE shares 2025’s top 25 most dangerous software weaknesses

MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. The list was released in cooperation with the Homeland Security Systems Engineering and Development Institute (HSSEDI) and the Cybersecurity and Infrastructure Security Agency (CISA), which manage and sponsor the […]

3 mins read