Google says 90 zero-days were exploited in attacks last year
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. The figure is a 15% increase compared to 2024, when 78 zero-days were exploited in the wild, but lower than the record 100 zero days tracked in 2023. Zero-day vulnerabilities are security issues […]
Police dismantles online gambling ring exploiting Ukrainian women
Spanish and Ukrainian law enforcement authorities dismantled a criminal ring that exploited war-displaced Ukrainian women to run an online gambling scheme that laundered nearly €4.75 million in illicit proceeds. The criminal group was formed amid the war in Ukraine and deliberately targeted young women from areas that were under continuous attack. The criminal network’s recruitment […]
Cisco flags more SD-WAN flaws as actively exploited in attacks
Cisco has flagged two Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. Catalyst SD-WAN Manager (formerly vManage) is network management software that enables admins to monitor and manage up to 6,000 Catalyst SD-WAN devices from a single centralized dashboard. “In March 2026, the Cisco PSIRT became […]
Phobos ransomware admin pleads guilty to wire fraud conspiracy
A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. Phobos is a long-running ransomware-as-a-service (RaaS) operation linked to the Crysis ransomware family. Phobos has been widely distributed through many affiliates, accounting for roughly 11% of all submissions to the ID […]
Bitwarden adds support for passkey login on Windows 11
Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager’s vault, enabling phishing-resistant authentication. The new feature is available for all plans, including the free tier, and allows logging into Windows by selecting the security key option and scanning a QR code with a mobile device to confirm access to the passkey […]
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. The flaw is tracked as CVE-2026-28289 and bypasses a fix for another remote code execution (RCE) security issue (CVE-2026-27636) that could be exploited by authenticated users with upload permissions. Researchers at OX Security, a company that […]
Windows 10 KB5075039 update fixes broken Recovery Environment
Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment. The Windows Recovery Environment (WinRE) is a minimal troubleshooting environment used to repair or restore the operating system after it fails to start, to diagnose crashes, or to remove malware. In October […]
Fake LastPass support email threads try to steal vault passwords
Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. The emails impersonate a LastPass representative by spoofing the display name and use subject lines crafted to mimic forwarded internal conversations between attackers and the company’s customer support team about a request to change […]
Cisco warns of max severity Secure FMC flaws giving root access
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. Secure FMC is a web or SSH-based interface for admins to manage Cisco firewalls and configure application control, intrusion prevention, URL filtering, and advanced malware protection. Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication […]
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. The Coruna kit contains five full iOS exploit chains, the most sophisticated leveraging non-public techniques and mitigation bypasses, for iOS versions 13.0 through 17.2.1 (released in December 2023). Google Threat […]