A ransomware attack on Nichirei Group cold-chain logistics systems disrupted KFC Japan ingredient supply, stopping app and website orders.
Security researchers uncovered state-sponsored operators using Claude Code and DeepSeek models to automate intelligence gathering and maintain persistent access to…
Two members of the Scattered Spider cybercrime gang received 5.
A certificate flaw in Shark robot vacuums allows attackers to command any device in the same AWS region, accessing cameras…
A new infostealer called ClickLock holds macOS desktops hostage by repeatedly killing applications until the user types their login password.
Two chained vulnerabilities give attackers full remote code execution on unpatched SMA 1000 appliances.
A high-severity flaw in RabbitMQ lets attackers steal OAuth secrets from the management interface without authentication.
An Armenian national admitted to deploying Ryuk ransomware on hundreds of corporate servers, collecting over $15 million in Bitcoin ransoms.
Researchers discovered the MemGhost technique, which injects persistent false memories into AI agents via crafted email content, causing long-term manipulation…
Progress Software told ShareFile customers to power down on-premises Storage Zone Controllers over an undisclosed security threat.
The FBI seized domains tied to NetNut, a residential proxy service linked to a botnet of at least two million compromised smart TVs and streaming devices.
The UK and EU formally attributed the December 2025 cyberattack on Poland's power grid to Russia's FSB, issuing fresh sanctions…
Google and Microsoft removed the ModHeader browser extension from their stores after discovering a dormant data collector in a March…
Microsoft uncovered GigaWiper, a destructive Windows backdoor combining disk-wiping, fake ransomware, and espionage capabilities in a single payload.
Jamf Threat Labs discovers new macOS stealer using signed and notarized dropper to bypass Gatekeeper protections
Sysdig documents the first confirmed agentic ransomware operation to autonomously complete the full attack chain.
Microsoft's July 2026 Patch Tuesday fixes 622 CVEs including exploited SharePoint and AD FS zero-days
WP-SHELLSTORM crew exposed after leaving server open, revealing 1.4M site targets and mass webshell operations
Two unpatched Claude for Chrome flaws let rogue extensions forge clicks that access Gmail, Docs, and Calendar data.
A jailbroken Gemini AI performed 90% of a Russian fraudster's botnet operation including spinning up a C2 server in six…
Five AsyncAPI npm packages with 2.9 million weekly downloads were trojanized after a GitHub Actions token theft.
Attackers used 3.7 million spoofed OAuth client IDs to enumerate Entra ID user accounts and map application ecosystems.
A new Rust-based RAT called LabubaRAT disguises itself as NVIDIA software and supports multi-channel C2 communications.
German manufacturer ZEGO-TVZ filed for insolvency after a March cyberattack halted production for nearly six weeks.
Sign in to your account