First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in ...

Study of 128 enterprises shows CTEM adopters achieve 50% better attack surface visibility and stronger security outcomes amid rising breach costs.

Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346 exploitation sessions have originated ...

Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS, macOS, and Apple devices.

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...

Patch Tuesday delivers fixes for 59 Microsoft flaws, six exploited zero-days, plus critical SAP and Intel TDX vulnerabilities ...

Researchers uncover SSHStalker, an IRC botnet exploiting legacy Linux flaws and SSH servers to build persistent covert access.

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...

Microsoft patches 59 vulnerabilities, including six actively exploited zero-days, with CISA mandating urgent federal remediation.

UNC1069 targets crypto firms via Telegram lures, fake Zoom meetings, and multi-stage malware to steal credentials, browser data, and funds.

Warlock ransomware breached SmarterTools via unpatched SmarterMail, exploiting critical flaws to access Windows systems and deploy encryption payloads ...

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.