Author: Mash

The threat group TA558, also tracked as RevengeHotels, is using AI-generated scripts in a new campaign targeting hotels in Brazil [...]

A self-propagating supply chain attack has compromised at least 187 npm packages, beginning with the popular @ctrl/tinycolor library, which receives [...]

Google has confirmed that cybercriminals created a fraudulent account within its Law Enforcement Request System (LERS), a platform used by [...]

A new phishing-as-a-service platform named VoidProxy is targeting Microsoft 365 and Google accounts, even when protected by third-party single sign-on [...]

A threat actor known as WhiteCobra is distributing fraudulent extensions across the Visual Studio Marketplace and OpenVSX registry, targeting developers [...]

A recently identified ransomware variant, named HybridPetya, mimics the behavior of the infamous Petya/NotPetya malware but adds the capability to [...]

Microsoft has eliminated the registration fee for individual developers who want to publish their applications on the Microsoft Store. This [...]

A security vulnerability in the Cursor AI code editor could allow malicious repositories to automatically execute harmful code as soon [...]

A malfunction in Microsoft’s anti-spam service is mistakenly flagging legitimate URLs as malicious, preventing users from opening links in Exchange [...]

A new malware operation, dubbed GPUGate, is using malicious Google Ads and counterfeit GitHub commit pages to target IT and [...]

Cybercriminals are exploiting iCloud Calendar's invitation system to distribute fraudulent emails that appear to originate directly from Apple's official servers. [...]

VirusTotal's AI Code Insight feature has uncovered a previously undetected phishing operation that uses SVG image files to impersonate Colombia's [...]

Cybercriminals are actively exploiting a zero-day vulnerability in older Sitecore systems to install WeepSteel malware, a reconnaissance backdoor. This security [...]

A new offensive security framework named HexStrike-AI is being actively used by hackers to quickly weaponize recently disclosed security flaws. [...]

Zscaler disclosed a security breach after attackers accessed its Salesforce environment through stolen OAuth and refresh tokens from Salesloft Drift, [...]

Hackers are exploiting Meta’s ad network with fraudulent promotions of a free TradingView Premium app that secretly installs the Brokewell [...]

Microsoft has moved Windows 11 version 25H2 to the Release Preview Channel, the final stage before its full rollout later [...]

Researchers have uncovered that the Chrome extension FreeVPN.One, installed over 100,000 times and even labeled as “featured” in the Chrome [...]

Cybercriminals are distributing the TamperedChef information-stealing malware by promoting a fake PDF editing tool called AppSuite PDF Editor through Google [...]

Microsoft has released the Windows 11 KB5064081 preview cumulative update for version 24H2, introducing 36 features and changes. As part [...]

Over 28,000 Citrix NetScaler ADC and Gateway devices remain exposed to a critical remote code execution flaw (CVE-2025-7775) that is [...]

Google is rolling out a new security initiative called Developer Verification to reduce malware risks, especially from sideloaded apps obtained [...]

A critical security issue in Google’s Gemini CLI tool allowed attackers to stealthily run malicious commands and steal data through [...]

A newly discovered Android spyware, tracked as Android.Backdoor.916.origin, is masquerading as an antivirus allegedly from Russia’s Federal Security Service (FSB) [...]

A newly discovered Mac malware named Shamos is being spread through deceptive ClickFix attacks that disguise themselves as troubleshooting guides [...]

Microsoft is experimenting with a new Edge feature called Journeys, designed to transform browsing history into organized summaries. However, early [...]

A new study has shown that agentic AI browsers, which can independently shop, book tickets, and manage accounts, are highly [...]

A critical flaw in Ollama Desktop v0.10.0, an open-source tool for running large language models locally, allowed attackers to hijack [...]

A newly uncovered cyber-espionage campaign has been targeting foreign embassies in South Korea with the XenoRAT malware, delivered through malicious [...]

Plex has warned users to quickly update their Plex Media Server after patching a recently reported security issue affecting versions [...]

Cybercriminals are using the Japanese hiragana character "ん" to make malicious URLs look like legitimate Booking.com addresses, taking advantage of [...]

Security experts have uncovered a new malvertising campaign delivering PS1Bot, a modular malware framework capable of keylogging, data theft, reconnaissance, [...]

Fortinet has issued an urgent warning about a critical remote command injection vulnerability (CVE-2025-25256, CVSS 9.8) in FortiSIEM, a widely [...]

The KB5063878 cumulative update for Windows 11 24H2, released earlier this week, is failing to install for many systems using [...]

Two hackers, calling themselves "Saber" and "cyb0rg," allege they infiltrated the North Korean state-backed cyber group Kimsuky and released nearly [...]

Mozilla’s Firefox 141 introduced Smart Tab Grouping, an AI-powered tool designed to help users organize tabs locally without compromising privacy. [...]

Google has confirmed a security incident involving one of its Salesforce CRM systems that exposed information of potential Google Ads [...]

A new Endpoint Detection and Response (EDR) disabling tool, believed to be an upgraded version of "EDRKillShifter" created by RansomHub, [...]

Security researchers from Cisco Talos have uncovered five “ReVault” vulnerabilities in Dell’s ControlVault3 firmware and Windows APIs, affecting over 100 [...]

Adobe has issued urgent patches for two critical zero-day vulnerabilities in Adobe Experience Manager (AEM) Forms on JEE after researchers [...]