A fraudulent Sicoob.Sdk NuGet package steals client IDs and PFX certificates, potentially allowing attackers to impersonate Brazilian banking API integrations.
Microsoft warns that recent public disclosure of several zero-day vulnerabilities without prior notification has increased user risk by giving attackers…
Researchers uncovered a fake RVTools installer signed with a legitimate Sectigo certificate that bypasses Windows SmartScreen and delivers a remote…
The Chrome 148 update addresses 151 vulnerabilities, including 22 critical flaws in graphics, networking, and rendering components that could enable…
A newly discovered npm package masquerades as a deployment tool while covertly extracting files from Claude AI's dedicated user data…
A new report finds that most employees use AI tools rarely, but a small group of power users generates the…
The JINX-0164 group uses fake LinkedIn recruiter profiles and malicious meeting invitations to deliver the AUDIOFIX trojan, which then pivots…
A newly discovered browser attack uses SSD timing measurements from the Origin Private File System to fingerprint websites and applications…
An LLM agent dynamically exploited a notebook server vulnerability, harvested cloud credentials, and exfiltrated a full database in under one…
Authenticated users can exploit the vulnerability by creating pull requests with specially crafted branch names that Git interprets as command…
Anthropic's new security-guidance plugin for Claude Code reviews code edits, model outputs, and commits across three checkpoints to catch vulnerabilities before they reach production.
The world's largest cruise company confirmed that attackers stole personal data including Social Security numbers from roughly 6 million customers…
Automated scans across the internet find exposed RDP ports on port 3389, giving attackers direct access to business networks without…
A hardcoded private GitHub token left inside an AI generated npm infostealer package allowed researchers to track the attacker's file…
The new capability automatically cuts network access to compromised workstations during ransomware attacks while preserving the device's connection to Microsoft's security telemetry service.
The update patches three flaws including two critical arbitrary code execution vulnerabilities that could let attackers silently run malicious programs.
ISC has documented multiple BIND 9 flaws including a critical memory corruption vulnerability in the DNS-over-HTTPS implementation that could allow remote code execution.
Modern SAST tools analyze uncompiled code for vulnerabilities and integrate into CI/CD pipelines, helping security teams catch flaws early without slowing development.
Cox Media Group was fined after marketing a fake AI listening service that claimed to capture smartphone conversations for targeted…
Modern Active Directory password policies can improve security by replacing complex rules with longer passphrases and blocking compromised credentials at…
The optional KB5089573 update delivers 30 changes including faster app launches, improved Windows Hello defaults, and foundational updates for expiring…
Organizations can close the shadow AI gap by auditing OAuth connections, browser extensions, and API integrations to create a safe…
The actively exploited LiteSpeed cPanel plugin flaw allows any authenticated user to gain root-level control over affected servers, posing severe…
A revived Windows zero-day exploit bypasses existing patches to give attackers full system control through a cloud files driver flaw.
