According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action Committee (PAC) affiliates.

Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day.

OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10 years ago.

The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.

Following the introduction of international sanctions against Zservers, Russian ‘bulletproof’ hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.

Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed back in December 2024.

The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking credentials for a wide range of network devices belonging to such companies as Palo Alto Networks, Ivanti, and SonicWall.