Author: Mash

Microsoft has updated its Windows 11 in-box app removal policy to include a dynamic list enabling IT administrators to uninstall [...]

The KB5083769 security update for Windows 11 versions 24H2 and 25H2 is causing failures in third-party backup applications from vendors [...]

A critical vulnerability affecting all but the latest versions of cPanel and WebHost Manager allows unauthenticated attackers to gain access [...]

Researchers have discovered a critical flaw in VECT 2.0 ransomware that causes the malware to act as a data wiper [...]

Attackers exploited a flaw in Robinhood's account creation process to inject phishing messages into legitimate account confirmation emails, tricking customers [...]

A threat group tracked as UNC6692 uses email bombing followed by Microsoft Teams calls impersonating IT helpdesk agents to deploy [...]

A high-severity vulnerability named Pack2TheRoot, tracked as CVE-2026-41651 with an 8.8 rating, has existed for nearly twelve years in the [...]

Attackers uploaded a malicious version 2026.4.0 of the official Bitwarden CLI package to npm on April 22, operating for approximately [...]

A new ransomware operation called Kyber is targeting both Windows and VMware ESXi environments, with the Windows variant implementing Kyber1024 [...]

Twenty-six malicious applications infiltrated Apple's App Store in China, impersonating legitimate wallets including Metamask, Coinbase, and Trust Wallet to steal [...]

Microsoft is rolling out significant reliability improvements to Windows 11 through upcoming April optional and May mandatory updates, with many [...]

A critical remote code execution vulnerability in the widely used protobuf.js library enables attackers to execute arbitrary JavaScript by supplying [...]

The Payouts King ransomware operation is leveraging the QEMU emulator to run hidden virtual machines on compromised systems, creating reverse [...]

Attackers are exploiting a critical Marimo remote code execution vulnerability tracked as CVE-2026-39987 to deliver a new variant of NKAbuse [...]

The Kraken cryptocurrency exchange disclosed that a cybercriminal group is attempting to extort the company by threatening to release videos [...]

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package version 1.14.1 [...]

Attackers began exploiting a critical unauthenticated remote code execution flaw in the Marimo Python notebook platform just ten hours after [...]

Attackers compromised the official CPUID website for approximately 19 hours between April 9 and April 10, replacing download links for [...]

A sophisticated Lua-based malware called LucidRook has been deployed in spear-phishing campaigns against non-governmental organizations and universities in Taiwan, according [...]

A remote code execution vulnerability in Apache ActiveMQ Classic that remained undetected for 13 years has been discovered using the [...]

A severe vulnerability tracked as CVE-2026-0740 in the Ninja Forms File Uploads premium add-on for WordPress is being actively exploited, [...]

Researchers at the University of Toronto have developed a new attack called GPUBreach that induces bit flips on GDDR6 memory [...]

Device code phishing attacks, which abuse the OAuth 2.0 Device Authorization Grant flow, have increased more than 37-fold this year [...]

A deceptive Chrome extension named ChatGPT Ad Blocker, available on the official Chrome Web Store, has been caught harvesting users' [...]

A malicious Android strain called NoVoice has infected approximately 2.3 million devices through over 50 apps on the Google Play [...]

Security researchers have uncovered a new malicious implant called RoadK1ll that allows threat actors to pivot from compromised machines to [...]

Apple has begun sending lock screen notifications to iPhones and iPads running older operating system versions, alerting users to active [...]

The TeamPCP hacking group compromised the official Telnyx PyPI package today, publishing malicious versions 4.87.1 and 4.87.2 that deliver credential-stealing [...]

Microsoft has announced a significant change to Windows kernel policy that will phase out default trust for drivers signed under [...]

Mozilla has released Firefox 149 featuring an integrated VPN tool that provides up to 50 gigabytes of monthly browsing traffic [...]

A rapidly spreading malware campaign called CanisterWorm has been infecting developer environments through over 45 compromised npm packages, with the [...]

An information stealer called VoidStealer has introduced a new technique to bypass Chrome's Application-Bound Encryption by leveraging hardware breakpoints to [...]

Threat actors are exploiting Microsoft Azure Monitor alerts to send fraudulent callback phishing emails impersonating the Microsoft Security Team. The [...]

WordPress.com has introduced new capabilities allowing AI agents to draft, edit, publish posts, manage comments, and organize website content through natural [...]

A sophisticated exploit framework called DarkSword has been actively targeting iPhones running iOS 18.4 through 18.7 since November 2025, stealing [...]

Apple has deployed its first Background Security Improvements update, addressing a WebKit vulnerability tracked as CVE-2026-20643 across iPhones, iPads, and [...]

The cyberattack on medical technology firm Stryker last week involved threat actors using Microsoft Intune to remotely erase tens of [...]

A new open-source utility called Betterleaks has been released to scan directories, files, and git repositories for exposed secrets such [...]

A temporary hijacking of the AppsFlyer Web SDK allowed attackers to distribute malicious JavaScript code designed to steal cryptocurrency from [...]

Microsoft has released three new Windows 11 Insider builds across Dev, Beta, and Canary channels, introducing significant policy updates and [...]