SmarterTools SmarterMail RCE

Blog

Byadmblake January 29, 2026

An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).

Blog

DeepSeek, Deep Research Mean Deep Changes for AI Security

Why securing the inference chain is now the top priority for AI applications and infrastructure.

Read More DeepSeek, Deep Research Mean Deep Changes for AI Security
Blog

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. “Apple is aware of a report that…

Read More Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Blog

Counterfeit Phones Carrying Hidden Revamped Triada Malware

The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.

Read More Counterfeit Phones Carrying Hidden Revamped Triada Malware
Blog

Hacked Routers Linger on the Internet for Years, Data Shows

While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.

Read More Hacked Routers Linger on the Internet for Years, Data Shows
Blog

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” Blackfog researcher Brenda Robb said in a Thursday report….

Read More Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Blog

‘Spearwing’ RaaS Group Ruffles Feathers in Cyber Threat Scene

The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.

Read More ‘Spearwing’ RaaS Group Ruffles Feathers in Cyber Threat Scene

Related