Attack Campaign OverviewA North Korean advanced persistent threat group known as Kimsuky has been linked to a series of cyberattacks in early 2026 focused on South Korean military and corporate targets. The attacks, observed between March and April, relied on tailored social engineering to compromise victims. Researchers at ENKI documented…
A flaw in OpenVPN Connect's macOS privileged helper allows local attackers to execute commands as root via the IPC channel,…
A local privilege escalation bug in the Linux kernel's CIFS client allows unprivileged users to gain full system root access…
The lawsuit alleges 23andMe failed to implement basic security measures against credential stuffing attacks, exposing sensitive genetic and health data…
Over 2,000 corporate applications built by non developer employees using AI platforms were found exposed on the open internet with…
A Russian-linked group is using generative AI to develop custom malware and targeting Ukrainian organizations through phishing emails and fake…
Attackers are abusing Microsoft Teams external collaboration features to pose as IT helpdesk staff, bypassing email security filters through voice…
Attackers exploit FortiClient EMS to push previously undetected EKZ infostealer malware through trusted administrative scripts.
India's cybersecurity agency mandates that organizations patch actively exploited vulnerabilities in internet-facing systems within 12 hours, citing the rise of…
A fraudulent Sicoob.Sdk NuGet package steals client IDs and PFX certificates, potentially allowing attackers to impersonate Brazilian banking API integrations.
Microsoft warns that recent public disclosure of several zero-day vulnerabilities without prior notification has increased user risk by giving attackers time to exploit unpatched systems.
Researchers uncovered a fake RVTools installer signed with a legitimate Sectigo certificate that bypasses Windows SmartScreen and delivers a remote…
The Chrome 148 update addresses 151 vulnerabilities, including 22 critical flaws in graphics, networking, and rendering components that could enable…
A newly discovered npm package masquerades as a deployment tool while covertly extracting files from Claude AI's dedicated user data…
A new report finds that most employees use AI tools rarely, but a small group of power users generates the vast majority of enterprise AI activity and data exposure.
The JINX-0164 group uses fake LinkedIn recruiter profiles and malicious meeting invitations to deliver the AUDIOFIX trojan, which then pivots to CI/CD infrastructure for cryptocurrency theft.
A newly discovered browser attack uses SSD timing measurements from the Origin Private File System to fingerprint websites and applications without any special permissions.
An LLM agent dynamically exploited a notebook server vulnerability, harvested cloud credentials, and exfiltrated a full database in under one hour.
Authenticated users can exploit the vulnerability by creating pull requests with specially crafted branch names that Git interprets as command…
Anthropic's new security-guidance plugin for Claude Code reviews code edits, model outputs, and commits across three checkpoints to catch vulnerabilities…
The world's largest cruise company confirmed that attackers stole personal data including Social Security numbers from roughly 6 million customers…
Automated scans across the internet find exposed RDP ports on port 3389, giving attackers direct access to business networks without…
A hardcoded private GitHub token left inside an AI generated npm infostealer package allowed researchers to track the attacker's file…
The new capability automatically cuts network access to compromised workstations during ransomware attacks while preserving the device's connection to Microsoft's…
