Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, May 15, 2025: This story, originally published May 14, ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
A new exploit kit for iOS devices and delivery framework dubbed “DarkSword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet apps. DarkSword ...
Chinese state hackers and spyware vendors are fueling a rise in zero-day attacks, which increasingly target enterprise software and devices — security and networking products in particular. Google ...
Update 7/21/25: Added links to the security updates for Microsoft SharePoint 2019. Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been ...
Microsoft patches six Windows zero-days. Across January and February combined, Windows users had already been exposed to a total of five so-called zero-day exploits where attackers had already struck ...
A new iOS exploit chain is being used by attackers around the globe, and it's built for espionage actors and financially motivated attackers alike. Google, iVerify, and Lookout this week published ...