Topics

A major phishing campaign dubbed Beamglea used 175 malicious npm packages and UNPKG CDN to target over 135 global tech, energy, and industrial firms, with over 26,000 downloads. Attackers used trusted infrastructure to host redirect scripts for credential theft, posing new supply chain threats.

A fast-evolving spyware campaign called ClayRat is infecting Android users via fake WhatsApp and TikTok apps distributed on phishing sites and Telegram, with rapid self-spreading tactics and advanced data theft capabilities.

A critical authentication bypass flaw in the WordPress Service Finder theme threatens over 6,000 sites. Learn about the exploit, recent attacks, and how administrators should respond to protect their WordPress sites.

Thousands of WordPress sites have been compromised as hackers use stolen credentials and fake plugins to inject advanced ClickFix phishing scams, spreading info-stealing malware to visitors. Find out how the attack works and how site owners can stay protected.

Risk today comes in layers. From sophisticated cyberattacks to evolving regulatory mandates, organizations are juggling an expanding...

OpenAI and Microsoft have disrupted state-backed hackers from Russia, North Korea, and China using ChatGPT for cyberattacks. Learn how these actors misused AI tools, the countermeasures in place, and why this signals new challenges for cybersecurity.

Google unveils DeepMind's CodeMender, an AI tool that identifies and patches software vulnerabilities automatically in open source projects, marking a new era in automated cybersecurity.

A newly uncovered 13-year-old vulnerability in Redis allows remote code execution, impacts 330,000+ servers, and scores a maximum 10.0 CVSS. Learn how it works, what’s at risk, and how to protect your infrastructure.

XWorm 6.0 returns with over 35 plugins and enhanced data theft functions. Discover how this modular malware is reshaping cyberthreats and what new tactics it's using in attacks worldwide.

Cybercriminals never slow down. They evolve, innovate, and outpace traditional security systems at every turn. Organizations that still...

A new self-spreading malware called SORVEPOTEL is sweeping through Brazilian WhatsApp users, targeting Windows PC users and rapidly propagating via compromised accounts.

A Chinese cybercrime group, UAT-8099, is exploiting compromised IIS servers worldwide for sophisticated SEO fraud and credential theft, targeting multiple countries and industries.

The malicious Soopsocks package on PyPI infected over 2,600 systems with a stealth Windows backdoor before its removal, highlighting the growing threat of software supply chain attacks and open-source repository vulnerabilities.

Cloud adoption has exploded in the last decade, but many companies are still flying blind when it comes to managing and forecasting...

A critical security flaw in Red Hat OpenShift AI (CVE-2025-10725) allows low-privileged users to gain full control of hybrid cloud infrastructure, impacting AI workloads and sensitive data.

Android users in the UAE are at risk from new spyware disguised as Signal and ToTok apps, distributed via fake websites. Learn how these threats operate and how to protect yourself.

Enterprises today are managing an unprecedented blend of digital complexity, compliance pressure, and cyber threats that evolve faster...

A new $50 'Battering RAM' hardware attack can bypass Intel and AMD cloud security protections like SGX and SEV-SNP, exposing sensitive data. Learn how it works and the implications for cloud security.

Milesight routers are being exploited by hackers to send phishing SMS messages to users across Europe, targeting government services, banks, and telecom providers. Learn more about the smishing campaign and the vulnerabilities involved.

New Android Trojan 'Datzbro' targets elderly with AI-generated Facebook travel events, posing a significant threat of device takeover and financial fraud.

UK police have convicted Zhimin Qian in the world's largest crypto bust, seizing £5.5 billion in Bitcoin. Learn about the fraud, the conviction, and the record-breaking seizure.

A new macOS XCSSET malware variant has emerged, targeting Firefox and employing a clipper module to steal cryptocurrencies. Researchers detail its advanced persistence and data exfiltration techniques.

Microsoft warns of AI-driven phishing attacks using LLM-crafted SVG files to bypass email security, employing sophisticated obfuscation techniques.

Technology leaders and innovators gathered at the Microsoft AI Tour in Chicago to explore how artificial intelligence is reshaping the...