Six security flaws in AirDrop and Quick Share let nearby attackers crash file sharing services and bypass session protections across billions of Apple and Android devices.
OpenAI's GPT-5.6 models demonstrate improved vulnerability discovery capabilities, while the companion ChatGPT Work platform introduces enterprise security considerations for agentic…
This malware campaign uses deceptive software prompts to steal sensitive data from Macs across more than 100 countries.
Attackers are using networks of dormant GitHub accounts to map corporate development teams and steal source code.
AI assisted attackers exploited stolen credentials and cloud misconfigurations to chain overlapping attack waves across AWS environments, compressing traditional intrusion…
A global operation across 97 countries arrested over 5,800 suspects and seized $293 million in assets linked to social engineering…
A contributor to the OpenMandriva Linux project deleted years of repository work and pushed a potentially harmful empty package after…
The Forg365 phishing platform combines adversary-in-the-middle and device-code attack methods with AI-assisted lure creation and a cookie-stealing browser extension for…
Attackers compromised a GitHub contributor account to inject malware that steals cryptographic credentials from developers building on the Injective blockchain.
MDASH uses over 100 AI agents to scan critical Windows binaries, achieving 100% recall on some historical vulnerabilities and finding…
The GodDamn ransomware variant uses a signed PoisonX kernel driver to disable endpoint protection at the operating system level before encryption begins.
The advanced persistent threat group uses steganography to conceal shellcode in image pixels, then loads a C# backdoor entirely in…
Attackers use password-protected archives and legitimate software like AnyDesk to evade detection while targeting Russian aerospace organizations for espionage.
A joint law enforcement operation has dismantled the NetNut botnet, which hijacked millions of consumer devices to route malicious traffic…
Ubiquiti released patches for seven critical flaws across its UniFi product line, including a command injection vulnerability rated CVSS 10.0.
The HalluSquatting technique allows attackers to poison AI coding assistants by registering fake resources that LLMs hallucinate, enabling remote code execution and botnet creation.
New EU regulations requiring driver monitoring cameras in all vehicles spark privacy and security debates over biometric data collection and potential misuse.
Mount Royal University revealed that attackers stole data from student and employee file storage drives and wiped additional departmental data, prompting an ongoing recovery effort.
KDDI confirmed that attackers exploited a previously unknown flaw in third party software to steal login credentials from five Japanese…
Seventeen counterfeit SDK packages on NPM and PyPI impersonate Paysafe, Skrill, and Neteller libraries to steal credentials from developer environments.
A Telegram based malware rental service called RedWing lets criminals build custom Android banking trojans on demand, bypassing the need…
An attacker can rewrite a signed Git commit's hash without changing its content or breaking its verified badge, undermining hash…
DuckDuckGo's browser now strips YouTube video ads by default using open source filter lists and proprietary rules.
The SCMBANKER malware toolkit uses a fake Google CAPTCHA page to trick Mexican bank customers into running a command that…
Sign in to your account