GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via ...
Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies, block admin controls, and hijack sessions for ...
Exposed personal data on broker sites fuels scams, stalking, and identity theft; removal tools reduce online and physical ...
China-linked attackers used Venezuela-themed phishing and DLL side-loading to deploy the LOTUSLITE backdoor against U.S.
Cisco Talos reports China-linked APT UAT-8837 targeting North American critical infrastructure via a Sitecore zero-day, ...
Cisco released fixes for CVE-2025-20393, a CVSS 10.0 zero-day RCE flaw in AsyncOS exploited by a China-linked APT via email ...
A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
Enterprise AI agents boost automation but often run with broad permissions, allowing actions beyond user access and weakening ...
A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched in version 2.5.2.
This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old ...
AI security risks are shifting from models to workflows after malicious extensions stole chat data from 900,000 users & ...
In 2026, leading SOCs reduce MTTR and MTTD by using automated, behavior-based analysis instead of manual reviews and static scans.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback