Trend Research has revealed that a September 2024 security update by NVIDIA left a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit only partially patched — putting systems at risk of container escape attacks. NVIDIA Patch Falls Short In September 2024, NVIDIA released a security update to fix CVE-2024-0132, a critical vulnerability in the NVIDIA … Continued
RSA Conference has announced the Top 10 Finalists for its 20th annual RSAC™ Innovation Sandbox contest. From securing LLM’s to embedding AI agents into everyday security workflows, these companies are redefining what’s possible. Each finalist will receive a $5 million investment to advance their cybersecurity innovations. These finalists will present their solutions on April … Continued
Adobe has rolled out a big round of security updates addressing more than 20 vulnerabilities-some of them critical-in ColdFusion versions 2025, 2023, and 2021. These vulnerabilities could allow attackers to read arbitrary files or execute malicious code on affected systems. Among the 30 vulnerabilities identified in ColdFusion, 11 have been classified as critical, including: CVE-2025-24446 … Continued
Yesterday, we found that Iran’s geospatial data had been listed for sale on BreachForums, a well-known cybercrime marketplace. The listing, made by a user going bu the alias “natsec”, claims to offer sensitive information related to more than 350 critical infrastructure sites across Iran. The leak comes at a time of escalating tensions between Iran … Continued
A recently discovered vulnerability, tracked as CVE-2025-30401, affected WhatsApp Desktop for Windows. The flaw involved a spoofing problem where the application displayed attachments based on their MIME type but opened them using the system handler associated with the file extension. This allowed attacker to craft malicious files using MIME types and extensions, tricking users into executing harmful … Continued
Today we discovered a post on Breach Forums in which a threat actor known as “placenta” claims to be selling a massive dataset of scraped Discord messages. According to the post, the actor is offering 348,392,718 individual records, allegedly obtained from Discord servers and spanning users primarily in the United States, France, and Russia. 🚨 … Continued
Ukraine’s Computer Emergency Response Team (CERT-UA) has discovered another sophisticated cyber espionage campaign that has been targeting Ukraine’s key national security institutions like military innovation centers, armed forces, Law enforcement agencies, and local governments—particularly in regions along the country’s eastern border. According to CERT-UA, the cyber threat activity, tracked under the identifier UAC-0226, has been … Continued
A new wave of phishing attacks impersonating E-Zpass and other U.S. toll authorities is sweeping across the U.S., tricking mobile users into handing over sensitive personal information to threat actors. Distribution The ongoing campaign, has intensified in recent days, is targeting victims through imessage and SMS text messages. These messages claim to be from popular … Continued
OpenVPN, a popular open-source VPN software, has rolled out an update to address a major vulnerability that could crash server and potentially allow remote code execution in certain situations. The flaw, tracked as CVE-2025-2704, affects OpenVPN servers when configured with specific settings and OpenVPN clients are unaffected. The issue has been fixed in the latest … Continued
As April 15 Tax Day deadline approaches, Microsoft cybersecurity experts have reported a spike in phishing campaigns targeting U.S. taxpayers. These campaigns use tax-related stuffs to lure victims, often using URL shorteners, QR codes, and malicious attachments. How It Happens These campaigns, primarily aimed at individuals and organizations in the United States. The phishing emails … Continued
