A newly released tool named Defendnot can effectively disable Microsoft Defender on Windows systems by exploiting an undocumented Windows Security Center (WSC) API. Developed as a security research project by researcher es3n1n, the tool tricks Windows into believing a legitimate antivirus solution is installed, even when no actual security software is present. Under normal conditions, … Continued
A persistent cyber-espionage operation tied to Russia’s military intelligence agency has been targeting high-level Ukrainian officials and foreign defense contractors supplying arms to Kyiv, new research reveals. Security analysts at ESET report that the hacking group fancy bear, widely attributed to Russia’s GRU—has been conducting an aggressive cyberespionage campaign since at least 2023. The operation … Continued
Nova Scotia Power, one of Canada’s largest utility providers, has confirmed it suffered a significant data breach following a cyberattack discovered last month. The Halifax-based company, a subsidiary of Emera Inc., revealed that threat actors gained unauthorized access to portions of its network and servers supporting business operations. While electricity generation and distribution remained unaffected, … Continued
Threat actors are actively exploiting a high-severity zero-day vulnerability in Samsung’s MagicINFO Server 9, a digital signage management platform widely used for content creation and display control. The flaw, tracked as CVE-2025-4632, poses a serious security risk, allowing unauthenticated attackers to achieve remote code execution by uploading malicious files to vulnerable servers. CVE-2025-4632 On April … Continued
Google has issued an urgent security update for its Chrome web browser to address a critical vulnerability that could enable attackers to fully take over user accounts if exploited. The flaw, identified as CVE-2025-4664, is categorized as high-severity and involves insufficient policy enforcement in Chrome’s Loader component. This could allow remote attackers to steal sensitive … Continued
The Australian Human Rights Commission (AHRC) has confirmed it was impacted by a significant data breach that exposed hundreds of sensitive documents uploaded via its website. The breach involved attachments submitted through the Commission’s online complaint webform between March 24 and April 10, 2025. These documents were inadvertently made publicly accessible and were viewed between … Continued
A report by blockchain analytics firm Elliptic has exposed Xinbi Guarantee, a massive Chinese-language Telegram marketplace, as a central player in Southeast Asia’s pig butchering scams and other organized cyberfraud. The platform is also implicated in laundering stolen cryptocurrency linked to North Korean hackers. According to Elliptic, Xinbi Guarantee has facilitated at least $8.4 billion … Continued
Multiple vulnerabilities have been identified in various Adobe products, with the most critical potentially allowing attackers to execute arbitrary code on affected systems. Adobe develops widely-used software for creating and publishing content across graphics, photography, illustration, animation, multimedia, film, and print. If successfully exploited, these vulnerabilities could enable attackers to execute code with the privileges … Continued
ReversingLabs has identified a malicious open-source package on PyPI masquerading as a legitimate tool for Solana blockchain development. The package, named solana-token, appeared to be a utility for developers but was designed to exfiltrate source code from a developer’s machine upon installation. Although the package’s PyPI landing page lacked a description, its name and functions … Continued
Ivanti has issued critical security patches for its Endpoint Manager Mobile (EPMM) product to address two recently discovered vulnerabilities—CVE-2025-4427 and CVE-2025-4428—one rated medium and the other high in severity. When exploited together, these flaws could allow unauthenticated remote code execution on affected systems. Ivanti confirmed that a small number of customers have been impacted by … Continued
