Attackers are exploiting a verified X ad to deliver Mac malware and using a new ConsentFix technique to steal Microsoft 365 account tokens.
Attackers impersonate corporate IT support via Microsoft Teams voice calls to trick employees into installing the EtherRAT remote access trojan,…
Chinese APT group UAT-7810 deploys LONGLEASH, DOGLEASH, and JARLEASH malware to compromise networking devices and expand a relay network used…
The Nebula platform integrates large language models directly into the penetration tester's command line interface, enabling automated vulnerability assessments and…
Researchers uncovered a Dialogflow CX vulnerability that lets attackers inject persistent malicious code, potentially exfiltrating conversations and enabling phishing campaigns.
CERT/CC warns that an unpatched backdoor in multiple Tenda router models grants full admin access without requiring a valid username.
The theft of source code and access credentials follows previous security incidents involving the same threat actor and the LockBit…
A single GitHub Issue can force an AI agent to leak private repository data by exploiting a prompt injection flaw…
An independent researcher discovered a function in Claude Code's JavaScript bundle that covertly encoded user time zone data, prompting Anthropic…
Microsoft will enable its Windows settings backup tool by default on eligible enterprise devices starting with Windows 11 version 26H2,…
Attackers are exploiting Microsoft's Device Authorization Grant feature to steal account tokens without using a fake login page, bypassing traditional phishing warnings.
The Java-based trojan uses a modular architecture with encrypted plugins that can be dynamically loaded and updated from its command-and-control…
Two newly disclosed PHP vulnerabilities enable attackers to crash web services through TLS handling errors and memory corruption in the…
Law enforcement and industry partners seized domains and disabled backend infrastructure used by the NetNut residential proxy botnet, cutting off…
Iranian state hackers are using a modular C2 framework called Cavern to infiltrate Israeli organizations through compromised IT supply chains.
The RustDuck botnet uses a two-stage infection chain and sophisticated evasion techniques to hijack routers and servers for DDoS attacks, while its operators are actively rewriting the malware in Rust.
A repository-carried config file in Amazon Q Developer could execute commands with a developer's live cloud session, but a patch now requires explicit user consent before MCP servers launch.
Consumer advocates warn that reusing Instagram or Facebook usernames on WhatsApp can link identities across Meta's platforms and increase social engineering risks.
The new release closes a remote memory exhaustion attack vector and adds experimental post quantum signature support while breaking some…
Unit42 discovered a layered phishing chain that uses authentication passing emails and geo cloaked redirectors to steal personal and payment…
A small US county paid a $1 million ransom in Bitcoin to prevent the leak of stolen data, marking a…
The update shifts focus from expanding the toolset to refining system performance and usability for penetration testing workflows.
PamStealer uses a Rust based binary and native macOS APIs to evade detection while stealing passwords, clipboard data, and browser…
The CVE-2026-46242 kernel flaw exploits a race condition and use-after-free in the epoll subsystem, affecting everything from cloud servers to…
Sign in to your account