Threat actors abused Velociraptor via Cloudflare Workers in 2024, enabling C2 tunneling and ransomware precursors ...

Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to ...

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in ...

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as ...

Google expands Salesloft Drift breach scope beyond Salesforce; Salesloft says core platform safe, isolated to Drift app.

Amazon disrupted APT29’s June 2025 campaign exploiting Microsoft device code authentication, redirecting 10% of visitors to ...

Initial access, per Microsoft, is achieved through intrusions facilitated by access brokers like Storm-0249 and Storm-0900, ...

Passwordstate 9.9 fixes authentication bypass flaw on August 28, 2025, adding clickjacking defenses for 29,000 customers.

watchTowr Labs researcher Piotr Bazydlo said the newly uncovered bugs could be fashioned into an exploit chain by bringing together the pre-auth HTML cache poisoning vulnerability with a ...

ESET uncovers AI-powered PromptLock ransomware using OpenAI gpt-oss:20b model, complicating detection with variable Lua ...

HOOK Android trojan evolves with 107 commands, adding ransomware overlays and NFC scams, threatening financial security.

The golden rule: data needs a seatbelt. Put boundaries around what data can be shared with AI tools and how it is handled, ...