Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery ...

Google finds nation-state hackers abusing Gemini AI for target profiling, phishing kits, malware staging, and model ...

Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using ...

First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s ...

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.

Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS, macOS, and ...

Microsoft patches 59 vulnerabilities, including six actively exploited zero-days, with CISA mandating urgent federal ...

Cisco Talos links UAT-9921 to VoidLink, a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 control.

First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in ...

State-backed hackers from China, Russia, Iran, and North Korea target defense contractors using espionage, malware, hiring scams, and edge exploits.

Patch Tuesday delivers fixes for 59 Microsoft flaws, six exploited zero-days, plus critical SAP and Intel TDX vulnerabilities ...

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...