Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using ...

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...

Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS, macOS, and ...

Cisco Talos links UAT-9921 to VoidLink, a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 ...

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.

State-backed hackers from China, Russia, Iran, and North Korea target defense contractors using espionage, malware, hiring scams, and edge exploits.

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

Patch Tuesday delivers fixes for 59 Microsoft flaws, six exploited zero-days, plus critical SAP and Intel TDX vulnerabilities ...

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile ...

First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in ...

Google finds nation-state hackers abusing Gemini AI for target profiling, phishing kits, malware staging, and model extraction attacks.

Exposed training apps in cloud environments enable exploitation, lateral movement, and crypto-mining activity across ...