Government agencies warn that hackers are exploiting vulnerabilities in internet connected fuel tank monitoring systems to alter settings and disable safety alerts.
HexStrike v6.0 turns Claude and GPT into autonomous red team operators with 127 tools and a multilayered antivirus evasion engine…
Dashlane confirms attackers brute-forced 2FA tokens to download encrypted password vaults from fewer than 20 users, but encrypted data remains…
Researchers found that basic obfuscation and packaging tricks can defeat AI skill detection systems from ClawHub, Cisco, and Vercel, enabling…
A critical API flaw on a bank's third party mortgage portal exposed data for all institutions on the platform, revealing…
Attackers accessed a UN food agency's registration system in mid-May, stealing sensitive personal information from hundreds of thousands of Palestinian…
A popular underground forum tutorial is teaching novice hackers a complete workflow for scanning, exploiting, and monetizing software vulnerabilities using…
Attackers are using Google Tag Manager and Stripe's API to host both the skimmer code and stolen payment data, bypassing…
Two high severity vulnerabilities in Android and Linux kernel are now under active exploitation, forcing federal agencies to patch by…
SafeBreach researcher Or Yair discovered that Google Gemini on Android can be hijacked through poisoned notifications from WhatsApp, Slack, SMS,…
A critical SSRF vulnerability in Cisco's Unified Communications Manager gives attackers a path to root privileges through arbitrary file writes, with exploit code now publicly available.
Government deployment of agentic AI on classified networks demands rigorous data inspection, access governance, and activity monitoring to prevent exploitation…
Attackers are actively exploiting a PAN OS authentication bypass in GlobalProtect VPN appliances to gain unauthorized access to internal corporate…
The IronWorm campaign uses compromised npm packages to steal developer credentials and automatically spread malware through GitHub repositories.
The Phantom Gyp technique exploits npm's automatic node gyp rebuild process to execute malicious code during package installation, bypassing standard security scanners.
Researchers found that the Windows Search URI handler can be tricked into leaking NTLMv2 hashes to attackers via malicious links, and Microsoft has declined to patch the issue.
Nearly half of enterprise identity activity operates outside centralized IAM visibility, driving the emergence of a new platform category to detect and manage hidden risk.
Attackers route phishing victims through Google's DoubleClick domain to evade detection before deploying the DesckVB RAT trojan.
Attackers manipulate AI chatbot responses to steer users toward malicious download sites that deliver cryptojacking malware, targeting systems with high-performance…
The JavaScript based threat uses obfuscation that bypasses signature detection tools, leaving organizations reliant on behavioral monitoring.
A single malicious link in VSCode's webview can trigger theft of GitHub OAuth tokens, bypassing cross-origin isolation protections in the…
Attackers spent five months copying a stock exchange executive's Outlook mailbox in small batches using cloud storage services to evade…
Microsoft publicly opposes a researcher who published zero-day exploit code for Windows Defender and BitLocker, saying the disclosures put users…
Attackers are using counterfeit DMCA takedown notices with personalized extension details to steal Google developer credentials and potentially push malicious…
