Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns targeting governmental organizations in Ukraine.This latest ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

Web scraping is a process that extracts massive amounts of data from websites automatically, with a scraper collecting thousands of data points in a matter of seconds. It grabs the Hypertext Markup ...

Data Security Standard (DSS), issued by the PCI Security Standards Council (SSC), which establishes technical and operational requirements to protect cardholder data and promote consistent security ...

Chrome 148 was promoted to the stable channel with 127 security fixes, including three for critical-severity vulnerabilities.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...