A joint law enforcement operation has dismantled the NetNut botnet, which hijacked millions of consumer devices to route malicious traffic through residential IP addresses.
Ubiquiti released patches for seven critical flaws across its UniFi product line, including a command injection vulnerability rated CVSS 10.0.
The sudden proliferation of vulnerability clearinghouses reflects a fundamental shift in how pre-disclosure exploits are discovered and managed across shared…
The HalluSquatting technique allows attackers to poison AI coding assistants by registering fake resources that LLMs hallucinate, enabling remote code…
New EU regulations requiring driver monitoring cameras in all vehicles spark privacy and security debates over biometric data collection and…
Mount Royal University revealed that attackers stole data from student and employee file storage drives and wiped additional departmental data,…
KDDI confirmed that attackers exploited a previously unknown flaw in third party software to steal login credentials from five Japanese…
Seventeen counterfeit SDK packages on NPM and PyPI impersonate Paysafe, Skrill, and Neteller libraries to steal credentials from developer environments.
A Telegram based malware rental service called RedWing lets criminals build custom Android banking trojans on demand, bypassing the need…
An attacker can rewrite a signed Git commit's hash without changing its content or breaking its verified badge, undermining hash…
DuckDuckGo's browser now strips YouTube video ads by default using open source filter lists and proprietary rules.
The SCMBANKER malware toolkit uses a fake Google CAPTCHA page to trick Mexican bank customers into running a command that…
Pentera Labs showed how a compromised email inbox can lead to remote code execution on a target machine by hijacking…
Claude's Cowork feature now enables task execution and monitoring across mobile and desktop devices, with offline capabilities and real time…
An exposed backend server is actively generating new, polymorphic versions of the Banana RAT banking trojan, complicating detection for defenders.
Attackers are now embedding malicious instructions within data consumed by autonomous AI agents, enabling indirect attacks that can hijack system behavior.
A race condition in Linux kernel futex operations, present since 2011, allows unprivileged local attackers to craft control flow hijacking and achieve root access with high reliability.
Attackers are exploiting a verified X ad to deliver Mac malware and using a new ConsentFix technique to steal Microsoft 365 account tokens.
Attackers impersonate corporate IT support via Microsoft Teams voice calls to trick employees into installing the EtherRAT remote access trojan,…
Chinese APT group UAT-7810 deploys LONGLEASH, DOGLEASH, and JARLEASH malware to compromise networking devices and expand a relay network used…
Researchers uncovered a Dialogflow CX vulnerability that lets attackers inject persistent malicious code, potentially exfiltrating conversations and enabling phishing campaigns.
CERT/CC warns that an unpatched backdoor in multiple Tenda router models grants full admin access without requiring a valid username.
The theft of source code and access credentials follows previous security incidents involving the same threat actor and the LockBit…
A single GitHub Issue can force an AI agent to leak private repository data by exploiting a prompt injection flaw…
Sign in to your account