Author: Mash

Attackers compromised the official CPUID website for approximately 19 hours between April 9 and April 10, replacing download links for [...]

A sophisticated Lua-based malware called LucidRook has been deployed in spear-phishing campaigns against non-governmental organizations and universities in Taiwan, according [...]

A remote code execution vulnerability in Apache ActiveMQ Classic that remained undetected for 13 years has been discovered using the [...]

A severe vulnerability tracked as CVE-2026-0740 in the Ninja Forms File Uploads premium add-on for WordPress is being actively exploited, [...]

Researchers at the University of Toronto have developed a new attack called GPUBreach that induces bit flips on GDDR6 memory [...]

Device code phishing attacks, which abuse the OAuth 2.0 Device Authorization Grant flow, have increased more than 37-fold this year [...]

A deceptive Chrome extension named ChatGPT Ad Blocker, available on the official Chrome Web Store, has been caught harvesting users' [...]

A malicious Android strain called NoVoice has infected approximately 2.3 million devices through over 50 apps on the Google Play [...]

Security researchers have uncovered a new malicious implant called RoadK1ll that allows threat actors to pivot from compromised machines to [...]

Apple has begun sending lock screen notifications to iPhones and iPads running older operating system versions, alerting users to active [...]

The TeamPCP hacking group compromised the official Telnyx PyPI package today, publishing malicious versions 4.87.1 and 4.87.2 that deliver credential-stealing [...]

Microsoft has announced a significant change to Windows kernel policy that will phase out default trust for drivers signed under [...]

Mozilla has released Firefox 149 featuring an integrated VPN tool that provides up to 50 gigabytes of monthly browsing traffic [...]

A rapidly spreading malware campaign called CanisterWorm has been infecting developer environments through over 45 compromised npm packages, with the [...]

An information stealer called VoidStealer has introduced a new technique to bypass Chrome's Application-Bound Encryption by leveraging hardware breakpoints to [...]

Threat actors are exploiting Microsoft Azure Monitor alerts to send fraudulent callback phishing emails impersonating the Microsoft Security Team. The [...]

WordPress.com has introduced new capabilities allowing AI agents to draft, edit, publish posts, manage comments, and organize website content through natural [...]

A sophisticated exploit framework called DarkSword has been actively targeting iPhones running iOS 18.4 through 18.7 since November 2025, stealing [...]

Apple has deployed its first Background Security Improvements update, addressing a WebKit vulnerability tracked as CVE-2026-20643 across iPhones, iPads, and [...]

The cyberattack on medical technology firm Stryker last week involved threat actors using Microsoft Intune to remotely erase tens of [...]

A new open-source utility called Betterleaks has been released to scan directories, files, and git repositories for exposed secrets such [...]

A temporary hijacking of the AppsFlyer Web SDK allowed attackers to distribute malicious JavaScript code designed to steal cryptocurrency from [...]

Microsoft has released three new Windows 11 Insider builds across Dev, Beta, and Canary channels, introducing significant policy updates and [...]

A new malware strain called Slopoly, exhibiting strong signs of generative AI assistance in its development, was used in an [...]

Security researchers have disclosed multiple now-patched vulnerabilities in the n8n workflow automation platform, including critical flaws allowing remote code execution [...]

A newly developed method called "Zombie ZIP" allows malicious payloads to remain undetected by manipulating compressed file headers to deceive [...]

Cybercriminals are targeting employees in financial and healthcare sectors through Microsoft Teams conversations, using Quick Assist remote access tools to [...]

Cybercriminals are exploiting the special-use .arpa domain and IPv6 reverse DNS mechanisms to launch phishing campaigns that evade traditional reputation-based [...]

A threat actor tracked as Velvet Tempest was observed using ClickFix social engineering techniques alongside legitimate Windows tools to deploy [...]

Fraudulent OpenClaw installers hosted on GitHub and promoted through Microsoft Bing's AI-powered search results were found deploying information-stealing malware to [...]

A critical unauthenticated vulnerability in the FreeScout helpdesk platform enables attackers to achieve remote code execution simply by sending a [...]

A phishing campaign is leveraging a counterfeit Google Security page to distribute a Progressive Web App capable of stealing one-time [...]

A popular Chrome extension called QuickLens, which enabled Google Lens searches directly in the browser, was hijacked after being sold [...]

Microsoft is introducing new Windows 11 Insider builds that strengthen security for batch file and CMD script execution in enterprise [...]

Microsoft is investigating a persistent bug causing the mouse pointer to disappear within the classic Outlook desktop client, nearly two [...]

A new information-stealing operation called Arkanix Stealer appeared on dark web forums in late 2025 but vanished after only two [...]

Security researchers have identified PromptSpy, the first Android malware family that integrates generative AI directly into its operational flow. Discovered [...]

A suspected Chinese state-sponsored hacking group has been actively exploiting a critical Dell vulnerability since mid-2024 in a series of [...]

Security researchers have documented the first real-world instance of information-stealing malware targeting configuration files belonging to the popular OpenClaw AI [...]

Threat actors have developed an innovative ClickFix campaign that leverages DNS lookups to distribute malicious payloads, marking the first known [...]