North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile ...

Exposed training apps in cloud environments enable exploitation, lateral movement, and crypto-mining activity across ...

Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS, macOS, and Apple devices.

Google finds nation-state hackers abusing Gemini AI for target profiling, phishing kits, malware staging, and model extraction attacks.

Study of 128 enterprises shows CTEM adopters achieve 50% better attack surface visibility and stronger security outcomes amid rising breach costs.

First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in ...

Patch Tuesday delivers fixes for 59 Microsoft flaws, six exploited zero-days, plus critical SAP and Intel TDX vulnerabilities ...

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...

Researchers uncover SSHStalker, an IRC botnet exploiting legacy Linux flaws and SSH servers to build persistent covert access.

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.