Attackers are hiding a Python-based RAT called ChocoPoC in dependency lists rather than exploit code, making malicious GitHub repositories harder to detect.
Seven unpatched vulnerabilities in the widely embedded FatFs library enable memory corruption and code execution through malicious USB drives, SD…
PamStealer uses a fake Maccy website and PAM based password validation to steal macOS login credentials and browser data.
Kubota North America is notifying employees that their personal data including Social Security numbers and bank account details were exposed…
Cisco Talos discovered a new PhaaS platform with over 80 exposed API endpoints, revealing deep integration with the EvilTokens toolkit…
Three mobile apps that allowed unauthorized users to remotely disable moving e-rickshaws have been banned by Indian authorities after videos…
The FBI has identified a coordinated supply chain campaign where TeamPCP compromises trusted developer tools to steal credentials and extort…
OpenAI's staggered preview of GPT-5.6 Sol, Terra, and Luna under government oversight introduces enhanced cybersecurity capabilities with strict guardrails against…
Attackers can embed hidden commands in tool descriptions that trick AI agents into sending sensitive data to external servers without…
The StrikeShark campaign packages the SharkLoader malware inside fake installers for Cisco AnyConnect and Google Update to infiltrate government and…
Attackers are hiding malicious instructions in invisible HTML and structured data to trick AI browsing agents into making fraudulent payments and trusting fake websites.
JFrog published the first working exploit for CVE-2026-43503, a Linux kernel flaw that lets local attackers overwrite file backed memory…
Forensic analysis reveals the lawmaker's iPhone was infected using the PWNYOURHOME zero-click exploit during sensitive committee deliberations on spyware abuses.
Attackers can chain authentication bypass flaws with remote code execution vulnerabilities across JetBrains Hub, YouTrack, TeamCity, and IDEs to take…
With Netskope and Rubrik proving the public markets are receptive, PitchBook identifies nine VC-backed cybersecurity startups most likely to follow with IPOs of their own.
Opera's new Paste Protect feature blocks malicious clipboard commands before they can be pasted into terminals, countering the growing ClickFix social engineering attack trend.
Medtronic is notifying customers after the ShinyHunters extortion group accessed corporate IT systems containing personal and health information.
A dual US and Estonian citizen has been extradited from Finland to face charges for his alleged role in the Scattered Spider hacking group, which is accused of extorting millions…
Anubis ransomware affiliates exploit Citrix Bleed 2 and VPN credentials, using legitimate RMM tools to persist while The Gentlemen and…
Attackers are using a new OAuth token theft technique called ConsentFix that hijacks Microsoft 365 sessions by tricking users into…
Google disrupted a network of 2 million home devices used as proxies for cybercriminal traffic, including password-guessing attacks and espionage…
A researcher demonstrated a four step exploit chain using social engineering and path traversal to access restricted system files in…
Apple's latest security patches address over two dozen vulnerabilities, primarily in WebKit, that could be chained to steal data or…
Researchers detail a multi-stage attack that uses Blogger pages and PowerShell to deploy the PureLogs information stealer while evading traditional…
Sign in to your account