Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
ClickFix, the trick that fools people into running malware by ha…
ClickFix, the trick that fools people into running malware by ha…
Citrix on Tuesday released security updates to address multiple …
A new two-stage malware family called RustDuck is hijacking home…
A critical vulnerability in Progress Kemp LoadMaster can let an …
Apple on Monday released security updates for iOS, macOS, and th…
A critical security flaw impacting Oracle E-Business Suite has c…
Microsoft has found a malicious Chrome extension that posed as t…
A Russian advanced persistent threat (APT) group has continued t…
Microsoft has shut down a long-running malicious extension opera…
A public proof-of-concept is now out for CVE-2026-55200, a criti…
Cybersecurity researchers have uncovered two hijacked npm packag…
The Security Service of Ukraine (SSU) said it, together with the…
OpenAI on Friday released three versions of GPT-5.6, called Sol,…
The FBI and CISA have updated their March warning about Russian …
A newly discovered cyber attack campaign has been observed deliv…
Cybersecurity researchers have flagged yet another evolution of …
An active phishing campaign has been targeting hotel and other h…
Russian authorities used Cellebrite's UFED forensic tools to…
The Russian state-sponsored threat actor known as Turla has been…
A previously undocumented Rust-based macOS implant and informati…
A new, stealthy backdoor named Mistic has been deployed as part …
An unknown threat actor exploited a recently disclosed high-seve…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
We are standing at the end of an era we never thought to mourn: …
The U.S. Department of Justice (DoJ) on Tuesday announced the se…
Threat actors have begun to exploit a recently disclosed critica…
A Russian-speaking initial access broker (IAB) driven by financi…
Cybersecurity researchers have discovered a set of malicious npm…
Direct messages sent via WhatsApp are being used to distribute m…
OpenAI on Monday said it's releasing an improved version of …
Multiple WordPress plugins from ShapedPlugin were compromised in…
It’s Monday again. This week’s threat list looks painfully fami…
Canada's spy service got a judge's permission to reach i…
A new malware family is turning forgotten home routers into a di…
A new report from INTERPOL has revealed a "dramatic increas…
Threat actors are exploiting a recently patched security flaw im…
The Gentlemen ransomware-as-a-service (RaaS) operation is active…
The first wave of enterprise AI concern was straightforward. It …
Salesforce has revealed that it disabled the Klue Battlecards ap…
Apple has updated its Beats Studio Buds wireless earbuds to patc…
F5 has released security updates to address two critical securit…
If an autonomous AI agent interacts with your company's core…
An independent PCI assessor tested Reflectiz against the new PCI…
Microsoft has formally disclosed that it's working to releas…
As many as 144 npm packages associated with the Mastra namespace…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
A flaw in the Google Cloud Vertex AI SDK for Python let an attac…
Cybersecurity researchers have flagged multiple ClickFix campaig…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
A China-linked espionage group hid inside North American medical…
Cybersecurity researchers have flagged two malicious cyber campa…
An attacker tampered with trusted JavaScript files used by WordP…
Palo Alto Networks has revealed that it has observed "activ…
Attackers took over more than 400 packages in the Arch User Repo…
Instead of hiding on the laptops and servers defenders watch mos…
Authorities in Europe have disrupted AudiA6, a cryptocurrency la…
The ShinyHunters extortion crew exploited an unpatched flaw in O…
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and M…
It's been one of those weeks. You expect the usual noise: re…
For thirty years, vulnerability management ran on a buffer: the …
The Vietnam-aligned threat actor known as OceanLotus has been at…
GitHub has announced what it said are "breaking changes&quo…
The anonymous security researcher going by the name Chaotic Ecli…
Cybersecurity researchers have flagged half a dozen vulnerabilit…
Veeam has released security patches to address a critical flaw i…
The Miasma supply chain campaign has sparked a fresh attack wave…
Security researchers have published a detailed, working exploit …
Meta on Monday said it detected and blocked spear-phishing attem…
A China-nexus cyber espionage group has been observed deploying …
Cybersecurity researchers have disclosed details of a financiall…
Microsoft has announced that Visual Studio Code (VS Code) will a…
Microsoft's GitHub repositories have become the latest to fa…
Cisco has warned that a high-severity security flaw impacting Ca…
Multiple software supply chain attacks have hit the npm ecosyste…
Eighteen months ago, the AI SOC was a marketing line. Today it…
Threat actors are actively exploiting a critical security flaw i…
Security researchers and the FBI are warning that a wave of FIFA…
The threat actor known as PCPJack has hijacked cloud servers ass…
Redis has patched a use-after-free in its blocking-client code…
Cybersecurity researchers have flagged a new campaign targeting …
Google on Monday released patches for 124 security vulnerabiliti…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
Most organizations now recognize that endpoint protection alone …
Cybersecurity researchers have disclosed details of a spear-phis…
Password manager Dashlane has disclosed that "fewer than&qu…
A new Mini Shai-Hulud supply chain attack campaign, codenamed Mi…
A new cyber espionage campaign codenamed Operation Dragon Weave …
Three years ago, the practical question for an MSP building a cy…
Cybersecurity researchers have disclosed details of a new malici…
Threat actors are attempting to actively exploit a critical secu…