A research team from the Georgia Institute of Technology has discovered several security vulnerabilities in Tile, the Bluetooth tracking device used to locate lost personal items, as recently highlighted in a Malwarebytes security blog post. Tile is one of the most widely used Bluetooth tracking devices on the market, designed to help users locate misplaced

Continue Reading

Broadcom have recently released new security advisories detailing multiple vulnerabilities affecting VMware Aria Operations, VMware Tools, VMware vCenter, NSX, and related products. The advisories warn of several high-severity flaws including local privilege escalation, information disclosure, improper authorization, SMTP header injection, and username enumeration vulnerabilities. Updated patches are now available to mitigate these risks. The first

Continue Reading

Cybersecurity firm Koi Security has identified a malicious version of an npm package used for automated email handling, which was silently forwarding outbound messages to an external domain controlled by the developer. The package, named postmark-mcp, is intended to allow applications—often AI assistants—to send emails through Postmark’s transactional email API. Starting with version 1.0.16, the

Continue Reading

Drupal, the widely-used content management system powering millions of websites globally, has issued important security updates addressing vulnerabilities in six popular contributed modules. Among these, a critical flaw demands immediate attention from site administrators. The security advisories affect modules powering essential website features including e-commerce currency tools, visitor analytics, and user authentication systems across thousands

Continue Reading

Security researchers at Malwarebytes have uncovered a widespread campaign using fake GitHub pages to distribute macOS information-stealing malware. The operation impersonates legitimate software projects and tricks users into installing a strain of Mac infostealer dubbed Atomic Stealer. These counterfeit pages mimic legitimate project repositories and sometimes appear in search results or through paid ads that

Continue Reading

A critical vulnerability has been discovered in Fortra’s GoAnywhere MFT software that demands urgent attention from IT administrators and security teams. On September 18th, 2025, Fortra released a security advisory detailing a severe vulnerability in their popular GoAnywhere Managed File Transfer (MFT) solution. This isn’t just another routine security update – with a maximum CVSS

Continue Reading

A new zero-click vulnerability, dubbed ShadowLeak, has been discovered in OpenAI’s ChatGPT Deep Research agent, according to a report by The Hacker News. The flaw has the potential to expose Gmail inbox data to attackers, without any direct user interaction, simply by sending a malicious email to a victim. This security breach underscores the growing

Continue Reading

In today’s rapidly evolving digital landscape, securing critical infrastructure and applications is more important than ever. Nokia, a global leader in telecommunications, has recently issued two important security advisories for its CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS). These vulnerabilities, tracked as CVE-2023-49564 and CVE-2023-49565, affect some versions of these products, and both

Continue Reading