A researcher discovered a vulnerability in Apple's Hide My Email that can expose real email addresses, and the fix has been delayed for over a year despite the company's promises.
The PolinRider campaign compromises developer workstations through malicious packages and VS Code task files across multiple registries.
Researchers observed an autonomous AI agent conduct a complete ransomware intrusion from reconnaissance to data encryption without human intervention.
The massive FortiBleed credential theft campaign was far larger than initially reported, targeting over 430,000 FortiGate firewalls and directly linked…
Law enforcement and industry partners disrupted the NetNut residential proxy network, which compromised millions of home devices to route malicious…
A public proof-of-concept exploit demonstrates how authenticated low-privileged users can exploit a Microsoft Exchange SSRF vulnerability to read arbitrary files…
Researchers bypassed every security layer in Anthropic's Claude Cowork sandbox using a DLL sideloading technique combined with an unvalidated parameter…
An AI model helped a security researcher bypass a web application firewall and exploit a SQL injection vulnerability in a…
Alibaba plans to block Claude Code from its networks starting July 10 after researchers claim the AI tool silently detects…
Attackers are hiding a Python-based RAT called ChocoPoC in dependency lists rather than exploit code, making malicious GitHub repositories harder…
Seven unpatched vulnerabilities in the widely embedded FatFs library enable memory corruption and code execution through malicious USB drives, SD cards, or firmware updates.
PamStealer uses a fake Maccy website and PAM based password validation to steal macOS login credentials and browser data.
Kubota North America is notifying employees that their personal data including Social Security numbers and bank account details were exposed…
Cisco Talos discovered a new PhaaS platform with over 80 exposed API endpoints, revealing deep integration with the EvilTokens toolkit…
Three mobile apps that allowed unauthorized users to remotely disable moving e-rickshaws have been banned by Indian authorities after videos showed them being used to stop vehicles mid-journey.
The FBI has identified a coordinated supply chain campaign where TeamPCP compromises trusted developer tools to steal credentials and extort victims at scale.
OpenAI's staggered preview of GPT-5.6 Sol, Terra, and Luna under government oversight introduces enhanced cybersecurity capabilities with strict guardrails against offensive misuse.
Attackers can embed hidden commands in tool descriptions that trick AI agents into sending sensitive data to external servers without triggering alerts.
The StrikeShark campaign packages the SharkLoader malware inside fake installers for Cisco AnyConnect and Google Update to infiltrate government and…
Attackers are hiding malicious instructions in invisible HTML and structured data to trick AI browsing agents into making fraudulent payments…
JFrog published the first working exploit for CVE-2026-43503, a Linux kernel flaw that lets local attackers overwrite file backed memory…
Forensic analysis reveals the lawmaker's iPhone was infected using the PWNYOURHOME zero-click exploit during sensitive committee deliberations on spyware abuses.
Attackers can chain authentication bypass flaws with remote code execution vulnerabilities across JetBrains Hub, YouTrack, TeamCity, and IDEs to take…
With Netskope and Rubrik proving the public markets are receptive, PitchBook identifies nine VC-backed cybersecurity startups most likely to follow…
Sign in to your account