A campaign dubbed 'Operation Navy Ghost' has been distributing trojanized Pyrogram packages on PyPI since November 2025, giving attackers remote code execution on compromised Telegram bot servers.
BEC is a multistage operation involving reconnaissance, AI powered scams, underground call centers, and mule networks that defenders must understand…
Attackers are registering fake web addresses hallucinated by AI models before anyone else can, then using them to host phishing…
Android devices in four countries will block standard installations of apps from unverified developers starting September 30, 2026, pushing open…
The usbliter8 exploit achieves permanent arbitrary code execution inside Apple A12 and A13 SecureROM by exploiting a hardware flaw in…
Microsoft Teams now detects and segregates unknown bots in the meeting lobby, giving organizers clearer visibility and control over automated…
SystemBC malware turns victim computers into stealthy traffic tunnels, enabling ransomware groups to maintain persistent access and evade detection through…
GuardFall exploits a decades-old shell parsing trick to bypass safety filters in open-source AI coding agents, affecting ten out of…
Researchers found that 282 of 444 iOS AI apps leaked credentials through network traffic, with only 28 percent of developers…
Attackers manipulated Bing search results to deliver a trojanized ManageEngine OpManager installer, leading to network wide encryption by Akira ransomware…
Attackers are abusing Chrome Native Messaging to deploy a malicious extension that steals session cookies and bypasses MFA protections.
The breach exposed email addresses and passwords for up to 14.22 million customers across six Japanese ISPs, though some passwords…
The new release cuts VM boot times by three times while adding tools for credential brute forcing and social media…
Researchers found a technique that tricks AI browsers into treating credential theft as a game objective, bypassing safety controls.
Security researchers demonstrated that AI agent skills can bypass multiple scanners by hosting malicious instructions on external websites that are only fetched after the skill passes initial review.
Blackfield ransomware demands $2 million from Nidec Corporation after compromising its Taiwanese subsidiary, threatening to leak stolen data if payment is not made.
Salesforce disabled Klue's app integration after attackers used a legacy credential to steal OAuth tokens and extract CRM data from multiple customer environments.
GitHub's advisory database hit a record 1,560 advisories in May 2026, but review delays now stretch to weeks due to an overwhelming surge in vulnerability submissions.
The Hague-based Eye Security secured €60 million in Series C funding led by Sofina to fuel European expansion and AI-powered…
Nissan Americas confirmed a data breach after attackers exploited CVE-2026-35273 in Oracle PeopleSoft, exposing employee data across four countries.
The latest version of this malware is harder to detect and spreads through disguised files and a Telegram based command…
Google's latest Chrome update fixes 18 vulnerabilities, including two critical WebGL use-after-free bugs that could allow sandbox escape attacks.
Microsoft discovered 119 malicious Edge extensions using steganography and selective activation to steal credentials and session cookies from 2.6 million…
The bounty targets UNC5792 and UNC4221, groups linked to Russia's FSB and military that have compromised thousands of messaging app…
Sign in to your account