Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishi...
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw,...
Targeted macOS endpoint monitoring, the CL-CRI-1089 cluster tied to Operation FlutterBridge repurposes the Flutter framework to deliver a novel macOS malware...
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-...
Two alleged members of the notorious Scattered Spider cybercrime collective have pleaded guilty to orchestrating a disruptive cyber attack against Transport ...
A large-scale credential harvesting campaign called “FortiBleed” has been uncovered, revealing how threat actors are exploiting Fortinet FortiGate firewalls ...
OpenAI has announced Daybreak, a new cybersecurity initiative aimed at automating vulnerability patching on a large scale using its latest GPT-5.5-Cyber model.
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP...
A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibili...
QNAP has issued security advisory QSA-26-10, which addresses 14 vulnerabilities affecting its widely used NAS and surveillance platforms, including QTS, QuTS...
Microsoft has announced a significant update to its Microsoft 365 ecosystem to enhance data protection. This update will prevent AI-powered and connected con...
A malicious npm package, postcss-minify-selector-parser, has been discovered masquerading as a benign PostCSS utility and delivering a multi-stage Windows re...
A suspicious file named “GST Debit Note Apr_26.com,” which triggered a deeper investigation and revealed a polished, multi-stage steganographic loader delive...
Researchers have uncovered a systemic LLM credential exposure problem in the iOS ecosystem, with 282 AI‑powered apps leaking exploitable API credentials and ...
The LACUNA Chain’s “Ghost Frames” technique introduces a new method for manipulating call stacks that effectively bypasses modern Endpoint Detection and Resp...
Attackers can now manipulate AI “deep-research” agents by discreetly editing Reddit threads and Wikipedia pages. They can insert as little as a 13-word snipp...
A newly analyzed botnet family, AryStinger, weaponizes long‑neglected routers and NAS appliances to build a stealthy reconnaissance and relay infrastructure ...
Microsoft has announced that the upcoming Windows 11 version 26H2 will be delivered using an enablement package model. This approach aligns with their goal o...
In the ever-evolving landscape of digital commerce, safeguarding cardholder data is paramount. The Payment Card Industry Data Security Standard (PCI DSS) set...