TA416 targeted European governments from mid-2025 using PlugX and OAuth abuse, enabling cyber espionage against EU and NATO ...

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...

Third parties cause 30% of breaches in 2025, with $4.91M average costs, driving $18.7B TPRM growth by 2030 and stricter ...

Drift lost $285M on April 1, 2026 after nonce-based social engineering enabled admin takeover, exposing DPRK-linked crypto ...

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...

The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.

AI extensions after DeepSeek block at U.S. law firm, routing traffic to China servers, exposing compliance risk.

The activity begins with the attackers distributing malicious VBS files via WhatsApp messages that, when executed, create ...

In December 2025, TechCrunch reported that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and ...

REF1695 spreads RATs and miners since Nov 2023 via ISO lures, earning 27.88 XMR across four wallets through cryptomining and ...