1+ hour, 51+ min ago   (479+ words) A critical security flaw has been discovered in the firmware of the TP-Link Archer MR600, a popular 4G+ Cat6 AC1200 Wireless Dual Band Gigabit Router. The vulnerability, identified as a command injection issue, allows authenticated attackers to execute unauthorized system commands on the device....

1+ day, 4+ hour ago   (347+ words) In September 2025, researchers spotted two fresh attacks from a Pakistan-based threat actor. They hit Indian officials with spear-phishing PDFs that trick users into downloading malicious ISO files. These payloads only activate for Indian IP addresses on Windows systems, blocking scanners....

2+ day, 3+ hour ago   (175+ words) CISA emphasizes that cyber intrusions in OT environments can result in physical harm, environmental damage, or disruption of essential services, with consequences far more severe than traditional IT security incidents. The framework establishes principles-based goals for operators of essential services,…...

5+ day, 21+ hour ago   (174+ words) The Akamai Security Intelligence and Response Team (SIRT) has disclosed a critical command injection vulnerability in Vivotek legacy camera firmware that permits remote attackers to execute arbitrary code without authentication. Assigned CVE-2026-22755, the flaw resides in the upload_map.cgi script and…...

1+ week, 1+ day ago   (418+ words) Xiaomi's Redmi Buds series faces critical security flaws that enable unauthenticated attackers to steal sensitive call data and crash devices without user interaction. Two newly disclosed vulnerabilities affect Redmi Buds 3 Pro through 6 Pro, allowing adversaries within Bluetooth range to access…...

1+ week, 6+ day ago   (277+ words) Large language models are fundamentally reshaping ransomware operations, lowering barriers to entry and enabling threat actors to operate with unprecedented speed and efficiency. The LLMs are driving three concurrent structural shifts in the cybercriminal ecosystem: diminishing entry barriers for low-skill…...

2+ week, 3+ hour ago   (290+ words) Researchers Propose Game-Theoretic AI to Guide Cyber Attack and Defense Strategies'Cyber Press Researchers Propose Game-Theoretic AI to Guide Cyber Attack and Defense Strategies A collaborative research team has revealed Generative Cut-the-Rope (G-CTR), a game-theoretic artificial intelligence framework designed to enhance…...

2+ week, 5+ hour ago   (156+ words) Between October and December 2025, CERT-UA and Ukraine's Armed Forces Cyber Response Team documented multiple targeted attacks utilizing the PLUGGYAPE backdoor malware, attributed with moderate confidence to the Void Blizzard group (also tracked as UAC-0190). In October 2025, attackers used ".pdf.exe…...

2+ week, 23+ hour ago   (225+ words) Moxa has released a critical security advisory addressing a severe vulnerability in its Ethernet switches that could allow attackers to execute arbitrary code remotely. The vulnerability, identified as CVE-2023-38408, stems from an incomplete fix to an earlier OpenSSH security issue…...

2+ week, 1+ day ago   (213+ words) Both vulnerabilities stem from stack overflow issues embedded within the device search and discovery feature of affected Hikvision products. An attacker on the same local area network can exploit these weaknesses by sending specially crafted packets to unpatched devices, disrupting…...