Outlook add-in phishing, Chrome and Apple zero-days, BeyondTrust RCE, cloud botnets, AI-driven threats, ransomware activity, ...

ZeroDayRAT is a cross-platform mobile spyware sold on Telegram that enables live surveillance, OTP theft, and financial data ...

Cyber attacks average 1,968 weekly as ClickFix, ransomware shifts, and exposure gaps accelerate exploitation beyond defense ...

Academic study finds 25 attack methods in major cloud password managers exposing vault, recovery, and encryption design risks.

Google fixes actively exploited Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw enabling sandboxed remote code execution.

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery ...

Google finds nation-state hackers abusing Gemini AI for target profiling, phishing kits, malware staging, and model ...

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws ...

Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS, macOS, and ...

First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in a supply chain attack.

First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s ...

Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using ...