A new Windows zero-day vulnerability has been identified in the Remote Access Connection Manager (RasMan) service, enabling a local user to deliberately cause a denial-of-service (DoS) condition. While the bug is currently confirmed as a service-crash issue, it significantly increases the risk of chained attacks that may lead to privilege escalation to SYSTEM. Microsoft has … Read more
Apple has released a series of unscheduled security updates to address two zero‑day vulnerabilities in the WebKit browser engine. According to the company, both flaws were already being used in a highly sophisticated targeted attack against a limited set of users, which makes installing the patches a priority for anyone using Apple devices. Technical details … Read more
A new password-stealing malware called SantaStealer has appeared on underground markets, heavily promoted in Telegram channels and on hacking forums as a “memory-only stealer” designed to evade antivirus and endpoint detection. However, technical analysis by Rapid7 shows that the malware’s real stealth and sophistication fall far short of the aggressive marketing claims, highlighting a familiar … Read more
One of the most sensitive privacy incidents in recent years has hit the adult platform Pornhub after the cybercriminal group ShinyHunters claimed access to detailed analytics data on Pornhub Premium subscribers. According to information shared with BleepingComputer, the attackers linked their campaign to the compromise of analytics provider Mixpanel in November 2025 and then began … Read more
The final quarterly release of Kali Linux 2025.4 marks a strategic shift for the leading penetration testing distribution. In addition to the traditional refresh of offensive and forensic tools, this version makes a clear push toward a more secure and comfortable daily workstation, with expanded Wayland support, major desktop environment upgrades and a significantly enhanced … Read more
A new critical vulnerability in Apache Tika, tracked as CVE-2025-66516, has been disclosed with the maximum CVSS score of 10.0. The flaw impacts the way Tika processes PDF documents containing XFA forms and opens the door to XML External Entity (XXE) injection, creating a high risk of data exfiltration and potential server-side remote code execution. … Read more
International law enforcement agencies have taken down Cryptomixer, one of Europe’s longest-running cryptocurrency mixing services, in a coordinated operation targeting large-scale bitcoin laundering. The service, active since 2016, is believed to have processed more than €1.3 billion in bitcoin (around $1.5 billion), much of it linked to cybercrime and dark web markets. Operation Olympia: Coordinated … Read more
The FBI is warning about a growing wave of AI‑powered virtual kidnapping scams in which criminals use manipulated photos and videos to convince families that a loved one has been abducted. In most cases, no real kidnapping occurs; the objective is to create intense panic and pressure victims into sending money within minutes. How AI … Read more
Google has released an out-of-band security update for Google Chrome to close a new zero-day vulnerability that is already being exploited in real-world attacks. This is the eighth actively exploited 0-day in Chrome since the beginning of 2025, underscoring the browser’s status as a prime target for attackers. Urgent Chrome security update: affected versions and … Read more
Three newly disclosed vulnerabilities in the PCI Express Integrity and Data Encryption (PCIe IDE) mechanism highlight that even modern hardware encryption layers are not immune to design and implementation flaws. The issues affect IDE as defined in the PCI Express Base Specification Revision 5.0 and later, via a dedicated Engineering Change Notice (ECN). While exploitation … Read more
