Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated ...

Malicious Packagist Laravel packages install a cross-platform RAT enabling remote shell access and system reconnaissance via ...

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.

Researchers link Silver Dragon APT to APT41 after attacks on government entities using Cobalt Strike, DNS tunneling, and ...

CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches released by Broadcom.

New RFP guide helps CISOs evaluate AI governance tools, focusing on interaction-level security and vendor accountability.

Fake IT support calls delivered Havoc C2, enabling credential theft, lateral movement, and ransomware prep across five ...

SloppyLemming targeted Pakistan and Bangladesh with BurrowShell, a Rust keylogger, and 112 Cloudflare Workers domains in 2025 ...

In addition to abusing identity dark matter, left unchecked, MCP agents (AI Agents that use the MCP protocol to connect to apps, A2A, APIs, and data sources) introduce their own hidden exposures.

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.