An independent researcher discovered a function in Claude Code's JavaScript bundle that covertly encoded user time zone data, prompting Anthropic to remove the feature and call it an experiment.
Microsoft will enable its Windows settings backup tool by default on eligible enterprise devices starting with Windows 11 version 26H2,…
Attackers are exploiting Microsoft's Device Authorization Grant feature to steal account tokens without using a fake login page, bypassing traditional…
The Java-based trojan uses a modular architecture with encrypted plugins that can be dynamically loaded and updated from its command-and-control…
Two newly disclosed PHP vulnerabilities enable attackers to crash web services through TLS handling errors and memory corruption in the…
Law enforcement and industry partners seized domains and disabled backend infrastructure used by the NetNut residential proxy botnet, cutting off…
Iranian state hackers are using a modular C2 framework called Cavern to infiltrate Israeli organizations through compromised IT supply chains.
The RustDuck botnet uses a two-stage infection chain and sophisticated evasion techniques to hijack routers and servers for DDoS attacks,…
A repository-carried config file in Amazon Q Developer could execute commands with a developer's live cloud session, but a patch…
Consumer advocates warn that reusing Instagram or Facebook usernames on WhatsApp can link identities across Meta's platforms and increase social…
The new release closes a remote memory exhaustion attack vector and adds experimental post quantum signature support while breaking some automation scripts with configuration output changes.
Unit42 discovered a layered phishing chain that uses authentication passing emails and geo cloaked redirectors to steal personal and payment…
A small US county paid a $1 million ransom in Bitcoin to prevent the leak of stolen data, marking a…
The update shifts focus from expanding the toolset to refining system performance and usability for penetration testing workflows.
PamStealer uses a Rust based binary and native macOS APIs to evade detection while stealing passwords, clipboard data, and browser credentials.
The CVE-2026-46242 kernel flaw exploits a race condition and use-after-free in the epoll subsystem, affecting everything from cloud servers to Android smartphones.
Researchers found that modified malware placed inside AI coding assistant plugins bypassed eight major security scanners more than 80 percent of the time.
A novel exfiltration method leverages imperceptible pixel modulation in video cables to transmit data via radio emissions, achieving speeds far beyond typical air-gap covert channels.
The vulnerability allowed attackers to silently install malicious browser mods that used CSS injection to reconstruct user email addresses from…
Attackers exploit OpenAI's organization invite system to create poisoned tenants that harvest sensitive prompts, API activity, and corporate data from…
A 15-year-old Japanese student used a ChatGPT-assisted program to cancel over 46,800 accounts on Bandai Channel, forcing a month-long service…
Singapore Land Authority says 70,000 individuals' data including NRIC numbers and property addresses exposed after an IBM-managed testing environment for…
MeetingTV sues Palo Alto Networks and Koi Security over cybersecurity report that allegedly used AI hallucinations to falsely link the…
Russian state hackers have updated their Signal phishing campaign to steal Backup Recovery Keys, granting persistent access to encrypted message…
Sign in to your account