Category: Security

The trajectory of RomCom RAT from financial crime tool to instrument of state-aligned cyber espionage is worth understanding not as a story about malware evolution but as evidence of how the threat landscape that businesses operate in has fundamentally changed. What began as a relatively conventional remote access trojan used for credential theft and account […]

Continue Reading

The same conditions that make the holiday season valuable for retailers make it attractive for attackers: high transaction volumes, elevated customer account activity, staff attention stretched across operational priorities, and the organizational pressure to keep orders moving that makes careful security review feel like a luxury. The RH-ISAC 2025 Holiday Season Cyber Threat Trends report […]

Continue Reading

Google has released a security update addressing 107 vulnerabilities across the Android ecosystem, and the detail that makes this patch more urgent than the volume alone suggests is that two of those vulnerabilities are not theoretical risks. CVE-2025-48633, an information disclosure flaw, and CVE-2025-48572, an elevation of privilege vulnerability, are both being actively exploited in […]

Continue Reading

Security researchers at Koi Security have documented a campaign called ShadyPanda that represents a meaningful departure from how most malware operations work and why it matters for businesses that have not yet taken browser extension security seriously. More than 100 browser extensions, available through both the Chrome Web Store and the Microsoft Edge Add-ons marketplace, […]

Continue Reading

Cisco has patched a security vulnerability in its Identity Services Engine and ISE Passive Identity Connector that could have allowed attackers with valid administrator credentials to access sensitive data stored within the system. The vulnerability is rated medium severity, which in practical terms means it is not the kind of flaw that allows an unauthenticated […]

Continue Reading

The volume of fraudulent texts, fake bank alerts, and counterfeit delivery notices landing on business owners’ phones has increased sharply to start the year, and the timing is not accidental. Scammers operate with the same seasonal awareness that legitimate businesses do, targeting periods when inboxes are full, attention is divided, and the combination of post-holiday […]

Continue Reading

The cybersecurity conversation in most businesses focuses on the perimeter: the defenses that keep attackers from getting in through the front door. What that conversation frequently misses is that modern software does not have a single front door. It has hundreds of them, in the form of third-party libraries, open-source components, cloud services, and automated […]

Continue Reading

Two U.S.-based cybersecurity professionals have pleaded guilty to participating in ransomware attacks carried out under the ALPHV BlackCat affiliate program, including at least one successful extortion and multiple attempted ones. A third individual remains under investigation. These were not outsiders who stumbled into the cybersecurity industry as cover. They were trained practitioners with the kind […]

Continue Reading

Business email servers sit at the center of daily operations, which makes them a high-value target. When a maximum-severity flaw surfaces in widely deployed email software, the window between disclosure and active exploitation can close fast. That is the situation with CVE-2025-52691, a critical remote code execution vulnerability in SmarterMail that earned a perfect 10.0 […]

Continue Reading