The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...

An in-cluster attacker, i.e., a threat actor with initial access to the cluster's network, could chain CVE-2025-59359, ...

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million ...

FileFix phishing attack in June 2025 delivers StealC malware via Bitbucket images, bypassing detection with obfuscation.

Astrix's AI Agent Control Plane (ACP), is the industry's first solution designed to deploy secure-by-design AI agents across ...

Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, ...

The latest findings from ETH Zürich and Google show that it's possible to bypass advanced TRR defenses on DDR5 memory, opening the door for what the researchers call the "first-ever RowHammer ...

Mustang Panda’s Hive0154 uses SnakeDisk USB worm to drop Yokai backdoor on Thailand IPs, expanding malware ecosystem.

Browser-based attacks exploiting OAuth flaws, MFA gaps, and malicious extensions drive large-scale data breaches.

Your weekly strategic brief on the cyber threat landscape. Uncover the deeper patterns behind attacks, from bootkit malware ...

AI-powered Villager tool reached 11,000 PyPI downloads since July 2025, enabling scalable cyberattacks and complicating ...

AI has flipped the SOC equation. What was once out of reach for all but the largest enterprises is now accessible and ...