A high-severity flaw in RabbitMQ lets attackers steal OAuth secrets from the management interface without authentication.
An Armenian national admitted to deploying Ryuk ransomware on hundreds of corporate servers, collecting over $15 million in Bitcoin ransoms.
Researchers discovered the MemGhost technique, which injects persistent false memories into AI agents via crafted email content, causing long-term manipulation…
Progress Software told ShareFile customers to power down on-premises Storage Zone Controllers over an undisclosed security threat.
The FBI seized domains tied to NetNut, a residential proxy service linked to a botnet of at least two million…
The UK and EU formally attributed the December 2025 cyberattack on Poland's power grid to Russia's FSB, issuing fresh sanctions…
Google and Microsoft removed the ModHeader browser extension from their stores after discovering a dormant data collector in a March…
Microsoft uncovered GigaWiper, a destructive Windows backdoor combining disk-wiping, fake ransomware, and espionage capabilities in a single payload.
Jamf Threat Labs discovers new macOS stealer using signed and notarized dropper to bypass Gatekeeper protections
Sysdig documents the first confirmed agentic ransomware operation to autonomously complete the full attack chain.
July 2026 Patch Tuesday sets a new record with 622 fixes, including two privilege escalation zero-days in SharePoint Server and AD FS exploited in active attacks.
WP-SHELLSTORM crew exposed after leaving server open, revealing 1.4M site targets and mass webshell operations
Two unpatched Claude for Chrome flaws let rogue extensions forge clicks that access Gmail, Docs, and Calendar data.
A jailbroken Gemini AI performed 90% of a Russian fraudster's botnet operation including spinning up a C2 server in six…
Five AsyncAPI npm packages with 2.9 million weekly downloads were trojanized after a GitHub Actions token theft.
Attackers used 3.7 million spoofed OAuth client IDs to enumerate Entra ID user accounts and map application ecosystems.
A new Rust-based RAT called LabubaRAT disguises itself as NVIDIA software and supports multi-channel C2 communications.
German manufacturer ZEGO-TVZ filed for insolvency after a March cyberattack halted production for nearly six weeks.
Grok Build CLI caught uploading entire Git repositories to xAI cloud storage exposing secrets
FBI identifies Popa Android botnet infecting millions of TV boxes through NetNut residential proxy service
Chinese espionage group exploits Roundcube webmail vulnerabilities to target US and Canadian universities
Windows BitLocker zero-day CVE-2026-50661 lets attackers bypass full disk encryption with physical access
US Treasury sanctions First VPN Service for enabling ransomware groups in historic first
Fortinet patches seven vulnerabilities including a critical FortiSandbox VNC exposure flaw
Sign in to your account