Topics

A new Android vulnerability called 'Pixnapping' allows malicious apps to steal 2FA codes and other sensitive data without permissions by exploiting hardware and API features. Patches are available, but challenges remain.

Malicious packages in npm, PyPI, and RubyGems are exploiting Discord webhooks to exfiltrate sensitive developer data, posing a significant supply chain risk. Learn how this attack works and how to defend against it.

Nonprofits are at a defining moment. The need to achieve greater mission impact while safeguarding sensitive information has never been more urgent. Many organizations still operate with separate systems for AI, cybersecurity, and IT strategy, which often results in inefficiencies, gaps in protection, and missed opportunities for innovation. The next phase of digital transformation lies in aligning these core elements into a single, cohesive digital foundation that drives bot

Discover the details of ChaosBot, a new Rust-based malware that leverages Discord for command and control, allowing attackers to hijack PCs and execute commands remotely. Learn about its distribution, evasion techniques, and connection to the broader Chaos ransomware family.

Microsoft has significantly restricted access to Internet Explorer (IE) mode within its Edge browser following reports of active exploitation by threat actors. Hackers were reportedly using social engineering and unpatched zero-day exploits in IE's JavaScript engine to bypass modern browser defenses and gain unauthorized access to user devices. The company has since implemented stricter controls to mitigate this risk.

Enterprise applications are essential to daily operations, but without a structured approach to managing them from deployment to...

A major phishing campaign dubbed Beamglea used 175 malicious npm packages and UNPKG CDN to target over 135 global tech, energy, and industrial firms, with over 26,000 downloads. Attackers used trusted infrastructure to host redirect scripts for credential theft, posing new supply chain threats.

A fast-evolving spyware campaign called ClayRat is infecting Android users via fake WhatsApp and TikTok apps distributed on phishing sites and Telegram, with rapid self-spreading tactics and advanced data theft capabilities.

A critical authentication bypass flaw in the WordPress Service Finder theme threatens over 6,000 sites. Learn about the exploit, recent attacks, and how administrators should respond to protect their WordPress sites.

Thousands of WordPress sites have been compromised as hackers use stolen credentials and fake plugins to inject advanced ClickFix phishing scams, spreading info-stealing malware to visitors. Find out how the attack works and how site owners can stay protected.

Risk today comes in layers. From sophisticated cyberattacks to evolving regulatory mandates, organizations are juggling an expanding...

OpenAI and Microsoft have disrupted state-backed hackers from Russia, North Korea, and China using ChatGPT for cyberattacks. Learn how these actors misused AI tools, the countermeasures in place, and why this signals new challenges for cybersecurity.

Google unveils DeepMind's CodeMender, an AI tool that identifies and patches software vulnerabilities automatically in open source projects, marking a new era in automated cybersecurity.

A newly uncovered 13-year-old vulnerability in Redis allows remote code execution, impacts 330,000+ servers, and scores a maximum 10.0 CVSS. Learn how it works, what’s at risk, and how to protect your infrastructure.

XWorm 6.0 returns with over 35 plugins and enhanced data theft functions. Discover how this modular malware is reshaping cyberthreats and what new tactics it's using in attacks worldwide.

Cybercriminals never slow down. They evolve, innovate, and outpace traditional security systems at every turn. Organizations that still...

A new self-spreading malware called SORVEPOTEL is sweeping through Brazilian WhatsApp users, targeting Windows PC users and rapidly propagating via compromised accounts.

A Chinese cybercrime group, UAT-8099, is exploiting compromised IIS servers worldwide for sophisticated SEO fraud and credential theft, targeting multiple countries and industries.

The malicious Soopsocks package on PyPI infected over 2,600 systems with a stealth Windows backdoor before its removal, highlighting the growing threat of software supply chain attacks and open-source repository vulnerabilities.

Cloud adoption has exploded in the last decade, but many companies are still flying blind when it comes to managing and forecasting...

A critical security flaw in Red Hat OpenShift AI (CVE-2025-10725) allows low-privileged users to gain full control of hybrid cloud infrastructure, impacting AI workloads and sensitive data.

Android users in the UAE are at risk from new spyware disguised as Signal and ToTok apps, distributed via fake websites. Learn how these threats operate and how to protect yourself.

Enterprises today are managing an unprecedented blend of digital complexity, compliance pressure, and cyber threats that evolve faster...

A new $50 'Battering RAM' hardware attack can bypass Intel and AMD cloud security protections like SGX and SEV-SNP, exposing sensitive data. Learn how it works and the implications for cloud security.