Japan’s defense infrastructure has faced scrutiny following an investigation that revealed members of the Japan Self-Defense Forces (JSDF) used counterfeit U...
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database co...
Hackers have weaponized a WinRAR path-traversal flaw tracked as CVE-2025-8088 to silently plant a Startup shortcut and run a multi-stage PowerShell loader th...
Scammers are increasingly exploiting Shopify’s ecosystem and its Shop order-tracking app to deliver fraudulent invoices directly into users’ purchase histori...
Russian authorities leveraged Cellebrite’s Universal Forensic Extraction Device (UFED) to gain access to a detained human rights activist’s iPhone, according...
A previously undocumented Rust-based infostealer they call KuinaExtractor, a family that has evolved from a capable early prototype into a hardened, stealth-...
WhatsApp has introduced a new proactive security feature that warns users before they start conversations with unknown phone numbers. This update, currently ...
A Chinese-speaking threat cluster tracked as CL-STA-1062 has deployed a newly discovered .NET backdoor, TinyRCT, in targeted campaigns against government and...
OpenAI has reportedly delayed the full public release of its next-generation AI model, GPT-5.6, following a formal request from the Trump administration to l...
Microsoft’s long-planned Secure Boot certificate rollover has reached a critical milestone, impacting more than just routine updates. The Microsoft Corporati...
A fresh supply-chain wave tied to the Mini Shai-Hulud, Miasma, and Hades malware families is actively poisoning npm packages in the LeoPlatform and RStreams ...
Hackers are weaponizing malicious Minecraft Fabric mods to deliver LoaderClient. This stage-one malware loader steals session data and hands it off to the We...
Agentic AI transforms Penetration Testing from a periodic consulting practice to a continuous validation discipline. While traditional pentests remain releva...
ManageEngine has disclosed a critical account takeover vulnerability, tracked as CVE-2026-11374, affecting various integrated products within its AD360 ident...
LokiBot, a long-lived infostealer first advertised in May 2015, continues to evolve. Recent samples demonstrate deliberate attempts to evade static detection...
Google has announced a significant enhancement to its AI platform with the release of Gemini 3.5 Flash, which now includes native support for agentic compute...
A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widel...
A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within h...