Apple's latest security patches address over two dozen vulnerabilities, primarily in WebKit, that could be chained to steal data or execute malicious code.
Researchers detail a multi-stage attack that uses Blogger pages and PowerShell to deploy the PureLogs information stealer while evading traditional…
Reverse engineering of Anthropic's Claude Code CLI tool reveals hidden code that uses steganography in system prompts to covertly signal…
The integration automatically enriches IP addresses, domains, and URLs with contextual risk scoring, infrastructure relationships, and phishing analysis within the…
Huntress researchers observed a password spraying campaign that used valid credentials from past breaches and an OAuth flaw to compromise…
The FTC alleged that Amazon customer service agents routinely blocked identity theft victims from accessing evidence of fraudulent transactions by…
Attackers are using compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents, leading to the unauthorized installation…
The decision followed an 18 day standoff during which global access to the advanced systems was blocked due to national…
A long standing flaw in Apple's Hide My Email feature, unrepaired over a year after disclosure, lets attackers reverse engineer…
Researchers confirmed that the FortiBleed credential harvesting campaign targeting FortiGate firewalls is directly feeding INC Ransom and Lynx ransomware operations…
A fully functional exploit for a Microsoft Defender privilege escalation flaw works on patched systems and bypasses signature based detection.
CISA warns that attackers are actively exploiting at least one Ubiquiti UniFi OS vulnerability and gives federal agencies until June…
A proof of concept shows how AI-generated code turns a legitimate Chrome file access feature into a weapon for encrypting…
The unauthenticated exploit chain lets attackers move from code execution on the repo-server to poisoning Redis caches and deploying malicious…
India's government has ordered WhatsApp to suspend its new usernames feature, citing risks of untraceable fraud and impersonation by bad actors hiding behind foreign phone numbers.
A campaign dubbed 'Operation Navy Ghost' has been distributing trojanized Pyrogram packages on PyPI since November 2025, giving attackers remote code execution on compromised Telegram bot servers.
BEC is a multistage operation involving reconnaissance, AI powered scams, underground call centers, and mule networks that defenders must understand to preempt attacks.
Attackers are registering fake web addresses hallucinated by AI models before anyone else can, then using them to host phishing pages that steal login credentials and personal data.
Android devices in four countries will block standard installations of apps from unverified developers starting September 30, 2026, pushing open…
The usbliter8 exploit achieves permanent arbitrary code execution inside Apple A12 and A13 SecureROM by exploiting a hardware flaw in…
Microsoft Teams now detects and segregates unknown bots in the meeting lobby, giving organizers clearer visibility and control over automated…
SystemBC malware turns victim computers into stealthy traffic tunnels, enabling ransomware groups to maintain persistent access and evade detection through…
GuardFall exploits a decades-old shell parsing trick to bypass safety filters in open-source AI coding agents, affecting ten out of…
Researchers found that 282 of 444 iOS AI apps leaked credentials through network traffic, with only 28 percent of developers…
Sign in to your account