JFrog published the first working exploit for CVE-2026-43503, a Linux kernel flaw that lets local attackers overwrite file backed memory through cloned network packets to gain root access without leaving disk traces.
Forensic analysis reveals the lawmaker's iPhone was infected using the PWNYOURHOME zero-click exploit during sensitive committee deliberations on spyware abuses.
Attackers can chain authentication bypass flaws with remote code execution vulnerabilities across JetBrains Hub, YouTrack, TeamCity, and IDEs to take…
With Netskope and Rubrik proving the public markets are receptive, PitchBook identifies nine VC-backed cybersecurity startups most likely to follow…
Opera's new Paste Protect feature blocks malicious clipboard commands before they can be pasted into terminals, countering the growing ClickFix…
Medtronic is notifying customers after the ShinyHunters extortion group accessed corporate IT systems containing personal and health information.
A dual US and Estonian citizen has been extradited from Finland to face charges for his alleged role in the…
Anubis ransomware affiliates exploit Citrix Bleed 2 and VPN credentials, using legitimate RMM tools to persist while The Gentlemen and…
Attackers are using a new OAuth token theft technique called ConsentFix that hijacks Microsoft 365 sessions by tricking users into…
Google disrupted a network of 2 million home devices used as proxies for cybercriminal traffic, including password-guessing attacks and espionage…
A researcher demonstrated a four step exploit chain using social engineering and path traversal to access restricted system files in ChatGPT's sandboxed environment.
Apple's latest security patches address over two dozen vulnerabilities, primarily in WebKit, that could be chained to steal data or…
Researchers detail a multi-stage attack that uses Blogger pages and PowerShell to deploy the PureLogs information stealer while evading traditional…
Reverse engineering of Anthropic's Claude Code CLI tool reveals hidden code that uses steganography in system prompts to covertly signal…
The integration automatically enriches IP addresses, domains, and URLs with contextual risk scoring, infrastructure relationships, and phishing analysis within the OpenCTI knowledge graph.
Huntress researchers observed a password spraying campaign that used valid credentials from past breaches and an OAuth flaw to compromise 78 Microsoft 365 accounts across 64 organizations.
The FTC alleged that Amazon customer service agents routinely blocked identity theft victims from accessing evidence of fraudulent transactions by citing privacy and security reasons.
Attackers are using compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents, leading to the unauthorized installation of remote management software.
The decision followed an 18 day standoff during which global access to the advanced systems was blocked due to national…
A long standing flaw in Apple's Hide My Email feature, unrepaired over a year after disclosure, lets attackers reverse engineer…
Researchers confirmed that the FortiBleed credential harvesting campaign targeting FortiGate firewalls is directly feeding INC Ransom and Lynx ransomware operations…
A fully functional exploit for a Microsoft Defender privilege escalation flaw works on patched systems and bypasses signature based detection.
CISA warns that attackers are actively exploiting at least one Ubiquiti UniFi OS vulnerability and gives federal agencies until June…
A proof of concept shows how AI-generated code turns a legitimate Chrome file access feature into a weapon for encrypting…
Sign in to your account