Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender
Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a ...
20 articles
Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a ...
A large-scale cyber espionage campaign dubbed “FortiBleed” has compromised more than 70,000 Fortinet firewalls and VPN gateways worldwide, exposing enterpris...
A long-running, stealthy campaign attributed to the China-nexus actor tracked as Velvet Ant has been found to include deeply engineered backdoors in the auth...
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offen...
Multiple instances of typosquatting domains hosting malicious content generated with AI-powered website creation tools. One striking campaign combined an AI-...
A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the ...
Malicious LNK files masquerading as job resumes are being used in targeted campaigns against corporate employees, combining social engineering with multi-sta...
A sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputatio...
Austin, TX, USA, June 17th, 2026, CyberNewswire New SpyCloud research highlights the expansion of phishing attacks as AI and phishing-as-a-service fuel enter...
London, United Kingdom, June 17th, 2026, CyberNewswire New research from cybersecurity company Heimdal finds 29% of US executives say AI risk is under contro...
A sophisticated, long-running phishing operation has evolved into a serverless, modular campaign that weaponizes GitHub Pages to harvest payment card data, c...
A sophisticated ClickFix social engineering campaign in May 2026 triggered a full hands-on-keyboard intrusion spanning 11 hosts, deploying a novel trio of ma...
A critical vulnerability in Google Cloud’s Vertex AI has been discovered, allowing attackers to hijack machine learning model uploads, poison artifacts, and ...
A large-scale software supply chain attack has compromised more than 140 npm packages under the widely used Mastra namespace, exposing developers, CI/CD pipe...
Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payl...
Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments.
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only.
A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) va...
A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpa...
The U.S.