Critical CVSS 9.8 command injection vulnerability in Totolink A7100RU routers enables unauthenticated remote code execution. Public exploit available, no patch released.
FBI IC3 2025 report reveals record $20.9 billion in cybercrime losses. Investment fraud tops $8.6B, cryptocurrency scams reach $11.4B, and ransomware losses surge 259%.
Google warns of UNC6783 threat actor using Okta and Zendesk phishing to breach BPO providers, stealing 13M Adobe support tickets and bug bounty data. FIDO2 keys recommended.
GTA 6 developer Rockstar Games confirms third-party breach after ShinyHunters stole Snowflake credentials through Anodot. Ransom deadline set for April 14.
Google's DBSC ties authentication cookies to hardware TPM chips, making stolen sessions worthless. Chrome 146 for Windows now protects against infostealer attacks.
Microsoft tracks Storm-2755 'Payroll Pirate' using poisoned search results and AiTM phishing to hijack Canadian employee direct deposits. HR systems compromised.
CVE-2026-34621 is a prototype pollution flaw in Adobe Acrobat Reader with a CVSS 8.6 score. Active exploitation began in December 2025. Update immediately.
US, UK, and Canadian law enforcement froze $12 million in stolen crypto and identified 20,000 victims of approval phishing scams in week-long crackdown.
Microsoft found an intent redirection vulnerability in EngageLab's Android SDK affecting 50M+ app installs. Crypto wallets with 30M users were at risk.
ClickFix attackers bypass macOS 26.4 Terminal paste scanning by using applescript:// URLs to launch Script Editor. Same payload, new delivery vector.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.