TA416 targeted European governments from mid-2025 using PlugX and OAuth abuse, enabling cyber espionage against EU and NATO ...

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...

The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...

Third parties cause 30% of breaches in 2025, with $4.91M average costs, driving $18.7B TPRM growth by 2030 and stricter ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

AI extensions after DeepSeek block at U.S. law firm, routing traffic to China servers, exposing compliance risk.

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, ...

The activity begins with the attackers distributing malicious VBS files via WhatsApp messages that, when executed, create ...

Drift lost $285M on April 1, 2026 after nonce-based social engineering enabled admin takeover, exposing DPRK-linked crypto ...

Apple expanded iOS 18.7.7 on April 1, 2026 after DarkSword disclosure, enabling auto security updates across more devices.

In December 2025, TechCrunch reported that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and ...