New JavaScript backdoor targets Ukrainian entities using Microsoft Edge's debugging features for stealth. S2 Grupo links campaign to Laundry Bear threat group.
Canadian BPO giant confirms breach after ShinyHunters claims massive data theft including call recordings, source code, and FBI background checks. Ransom ignored.
British government registry's WebFiling vulnerability let logged-in users access other companies' dashboards since October 2025. Unauthorized filings were possible.
Three ClickFix campaigns target macOS users with MacSync infostealer disguised as ChatGPT and AI coding tools. Latest variant adds in-memory execution to evade detection.
North Korean threat group Konni weaponizes KakaoTalk messaging app after compromising victims via spear-phishing. EndRAT, RftRAT deployed in multi-stage campaign.
CISA renews warnings about CVE-2025-47812, a CVSS 10.0 vulnerability in Wing FTP Server that grants attackers root/SYSTEM access. Over 8,000 servers remain exposed.
Threat group ShinyHunters exploits misconfigured Salesforce Experience Cloud sites, stealing data from 100+ organizations including 921K records from Aura.com.
Global campaign hijacks WordPress sites in 12 countries to serve fake Cloudflare CAPTCHAs that deploy Vidar, VodkaStealer, and other credential theft malware.
Russian-linked AuraStealer infostealer uses TikTok videos and 48 C2 domains to steal credentials. ABE bypass defeats Chrome's cookie encryption.
CVE-2026-23813 allows unauthenticated attackers to reset admin passwords on HPE Aruba AOS-CX switches. No exploitation seen yet, but patch immediately.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.