Microsoft is expanding its AI-driven vulnerability discovery across Windows, introducing a multi-model “agentic” scanning system designed to identify securit...
An AI-assisted threat actor has demonstrated how quickly a modern AWS environment can be compromised when valid credentials, weak identity controls, and expo...
A targeted GodDamn ransomware incident shows the payload is not entirely new but the latest rebrand of a long-running family. Analysis reveals strong code ov...
A large-scale exploitation campaign is actively weaponising known vulnerabilities across multiple content management systems, with WordPress plugins forming ...
A critical vulnerability has been discovered in HP Linux Imaging and Printing Software (HPLIP), which exposes Linux systems to potential privilege escalation...
RedHook, an Android Remote Access Trojan (RAT) first profiled in July 2025, has resurfaced with a markedly more dangerous capability: autonomous abuse of And...
A newly disclosed vulnerability pattern known as “GhostApproval” is exposing significant flaws in the trust boundary of leading AI coding assistants, includi...
Foxit has released critical security updates to address multiple use-after-free vulnerabilities that could lead to remote code execution (RCE) in its widely ...
A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data e...
A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datas...
GitLab has released critical security updates to address eight vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE). Administrators are ...
A newly disclosed attack technique called “HalluSquatting” is raising serious concerns in the AI security landscape. This technique demonstrates how attacker...
GitHub Copilot’s new coding agents, which are integrated into IDEs, are susceptible to a specific type of “workflow-level” jailbreak attacks. These attacks c...
A coordinated supply-chain campaign that pushed 17 malicious packages across npm and PyPI, masquerading as SDKs for well-known payment services including Pay...
Threat actors are increasingly chaining classic phishing with collaboration platforms and covert tunneling to create highly believable intrusion paths. A rec...
A targeted campaign in which the ToddyCat (aka APT-style) group leverages a previously observed loader family, Umbrij, to hijack Gmail accounts by abusing Go...