Nvidia and Microsoft unveil the first Windows computers equipped with Nvidia chips.
Israeli government cyber resilience under scrutiny:
- 500% surge in cyberattacks targeting Israeli missions abroad during wartime
- 65% of Israeli ministries ignored security warnings for months on a known vulnerable tool
- Sensitive salary data of hundreds of employees exposed
- 500% surge in cyberattacks targeting Israeli missions abroad during wartime
- 65% of Israeli ministries ignored security warnings for months on a known vulnerable tool
- Sensitive salary data of hundreds of employees exposed
Security researchers have uncovered a new attack technique that lets malicious websites spy on your browsing activity through hard drive.
CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers.
SideCopy group is hitting Afghanistan’s Ministry of Finance with spear-phishing attacks using Xeno RAT.
Attackers are sending ZIP files with malicious LNK files named in Pashto to trick government officials. The LNK uses mshta.exe to install Xeno RAT 1.8.7, which gives attackers persistent access for keylogging, screenshots, and more.
Attackers are sending ZIP files with malicious LNK files named in Pashto to trick government officials. The LNK uses mshta.exe to install Xeno RAT 1.8.7, which gives attackers persistent access for keylogging, screenshots, and more.
A brute-force attack against certain Dashlane accounts bypassed 2FA protections in a handful of cases, allowing attackers to register new devices and download encrypted vault copies.
A new supply chain attack has hit official Red Hat Cloud Services npm packages.
The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.
The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.
PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.
Operation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.
It gives attackers full remote control with 36 commands.
It gives attackers full remote control with 36 commands.
Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.
CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.
CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.
Hackers took over high-profile Instagram accounts — including the Obama White House account, a Space Force general, and Sephora — by simply asking Meta's AI support chatbot to change the email address on the target account.
The bot complied.
Meta had rolled out AI support with account recovery powers to all users in March, billing it as "solutions, not just suggestions."
The bot complied.
Meta had rolled out AI support with account recovery powers to all users in March, billing it as "solutions, not just suggestions."
Android just patched 124 security flaws.
One of them — CVE-2025-48595 (CVSS 8.4) — may already be seeing limited targeted exploitation.
No user interaction required. Android 14, 15, 16, and 16 QPR2 affected.
One of them — CVE-2025-48595 (CVSS 8.4) — may already be seeing limited targeted exploitation.
No user interaction required. Android 14, 15, 16, and 16 QPR2 affected.
Russian hackers "Gamaredon" are exploiting a critical WinRAR vulnerability to attack Ukraine.
They’re weaponizing CVE-2025-8088 with GammaPhish HTA files.
They’re weaponizing CVE-2025-8088 with GammaPhish HTA files.
An actively exploited #Oracle WebLogic Server flaw has been added to CISA's KEV catalog.
CVE-2024-21182 (CVSS 7.5) allows unauthenticated attackers with network access to compromise vulnerable servers and access critical data.
CVE-2024-21182 (CVSS 7.5) allows unauthenticated attackers with network access to compromise vulnerable servers and access critical data.