A small US county paid a $1 million ransom in Bitcoin to prevent the leak of stolen data, marking a shift toward extortion attacks that skip encryption entirely.
The update shifts focus from expanding the toolset to refining system performance and usability for penetration testing workflows.
PamStealer uses a Rust based binary and native macOS APIs to evade detection while stealing passwords, clipboard data, and browser…
The CVE-2026-46242 kernel flaw exploits a race condition and use-after-free in the epoll subsystem, affecting everything from cloud servers to…
Researchers found that modified malware placed inside AI coding assistant plugins bypassed eight major security scanners more than 80 percent…
A novel exfiltration method leverages imperceptible pixel modulation in video cables to transmit data via radio emissions, achieving speeds far…
The vulnerability allowed attackers to silently install malicious browser mods that used CSS injection to reconstruct user email addresses from…
Attackers exploit OpenAI's organization invite system to create poisoned tenants that harvest sensitive prompts, API activity, and corporate data from…
A 15-year-old Japanese student used a ChatGPT-assisted program to cancel over 46,800 accounts on Bandai Channel, forcing a month-long service…
Singapore Land Authority says 70,000 individuals' data including NRIC numbers and property addresses exposed after an IBM-managed testing environment for…
MeetingTV sues Palo Alto Networks and Koi Security over cybersecurity report that allegedly used AI hallucinations to falsely link the video conferencing company to a Chinese cyber espionage operation.
Russian state hackers have updated their Signal phishing campaign to steal Backup Recovery Keys, granting persistent access to encrypted message…
Flipper Devices is implementing voting based feature requests and stricter pull request reviews to manage firmware development for its one…
A researcher discovered a vulnerability in Apple's Hide My Email that can expose real email addresses, and the fix has…
The PolinRider campaign compromises developer workstations through malicious packages and VS Code task files across multiple registries.
Researchers observed an autonomous AI agent conduct a complete ransomware intrusion from reconnaissance to data encryption without human intervention.
The massive FortiBleed credential theft campaign was far larger than initially reported, targeting over 430,000 FortiGate firewalls and directly linked to INC and Lynx ransomware operations.
Law enforcement and industry partners disrupted the NetNut residential proxy network, which compromised millions of home devices to route malicious traffic for cybercriminal and espionage operations.
A public proof-of-concept exploit demonstrates how authenticated low-privileged users can exploit a Microsoft Exchange SSRF vulnerability to read arbitrary files…
Researchers bypassed every security layer in Anthropic's Claude Cowork sandbox using a DLL sideloading technique combined with an unvalidated parameter…
An AI model helped a security researcher bypass a web application firewall and exploit a SQL injection vulnerability in a…
Alibaba plans to block Claude Code from its networks starting July 10 after researchers claim the AI tool silently detects…
Attackers are hiding a Python-based RAT called ChocoPoC in dependency lists rather than exploit code, making malicious GitHub repositories harder…
Seven unpatched vulnerabilities in the widely embedded FatFs library enable memory corruption and code execution through malicious USB drives, SD…
Sign in to your account