A novel Android malware called "PromptSpy" is the first to use generative AI, specifically Google's Gemini, to automate on-screen navigation…
Read More »cybersecurity threat
Cybersecurity researchers discovered an unsecured database containing billions of sensitive records, including email addresses, passwords, and Social Security numbers, highlighting…
Read More »
A sophisticated phishing campaign dubbed Operation DoppelBrand, linked to threat actor GS7, is using highly convincing fake websites to impersonate…
Read More »
A fraudulent website impersonating the official 7-Zip software distributes a trojanized installer that secretly enrolls the victim's computer into a…
Read More »
A new, highly sophisticated ransomware-as-a-service operation named **Vect** is rapidly emerging, posing a critical threat by targeting organizations and actively…
Read More »
Russian state-backed hackers (APT28/Fancy Bear) are actively exploiting a patched Microsoft Office vulnerability (CVE-2026-21509) in targeted attacks against Ukrainian and…
Read More »
A critical authentication bypass vulnerability (CVE-2026-23760) in SmarterMail email servers allows attackers to reset administrator passwords and take full control…
Read More »
A critical path traversal vulnerability (CVE-2025-8088) in WinRAR allows attackers to hide malicious files in archives and place them in…
Read More »
The "Reprompt" attack is a cybersecurity threat that allows attackers to hijack a user's Microsoft Copilot session via a malicious…
Read More »
Malicious Chrome extensions, posing as legitimate AI tools, stole private conversations and browsing data from over 900,000 users by secretly…
Read More »
A new, affordable Python-based malware called **VVS Stealer** is actively compromising Discord accounts by stealing tokens and data, using obfuscation…
Read More »
A critical five-year-old Fortinet firewall flaw (CVE-2020-12812) allows attackers to bypass two-factor authentication by altering a username's case, and over…
Read More »
A new malware campaign called "ClickFix" uses Google Ads impersonating AI platform guides to distribute the AMOS infostealer, tricking users…
Read More »
Malicious extensions named Bitcoin Black and Codo AI were discovered on the VS Code marketplace, using social engineering and functional…
Read More »
The DragonForce ransomware operation has evolved into a "cartel" model, offering affiliates high profit shares to scale its impact, and…
Read More »
The RondoDox botnet malware is actively exploiting a critical remote code execution vulnerability (CVE-2025-24893) in XWiki Platform, as confirmed by…
Read More »
A critical remote code execution vulnerability (CVE-2025-59287) in Microsoft's WSUS is being actively exploited, affecting Windows Server versions from 2012…
Read More »
CISA has added the critical Oracle E-Business Suite vulnerability CVE-2025-61884 to its Known Exploited Vulnerabilities catalog, confirming active exploitation and…
Read More »
Whisper 2FA is a sophisticated phishing-as-a-service platform that has compromised nearly one million Microsoft 365 accounts by stealing login credentials…
Read More »
A nation-state hacking group infiltrated F5's networks, compromising thousands of organizations, including US government agencies and Fortune 500 companies, posing…
Read More »