SaaS Breaches Start with Tokens – What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens...

From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine

Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a...

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme...

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious...

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called...

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance,...

Step Into the Password Graveyard… If You Dare (and Join the Live Session)

Every year, weak passwords lead to millions in losses — and many of those breaches...

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context...

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence...

Strengthening national cyber resilience through observability and threat hunting

How organisations can improve their ability to both detect and discover cyber threats....

BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages...

1 Comment

Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them

Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically...

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep...

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool...

13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that...

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of...

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in...

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been...

The Power of Ego Suspension: My Go-To Social Engineering Technique

When most people think about “influence tactics” in cybersecurity, they imagine pushy persuasion, authority plays,...

5 Critical Questions For Adopting an AI Security Solution

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly...

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

The cyber world never hits pause, and staying alert matters more than ever. Every week...

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been...

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this...

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle has released an emergency update to address a critical security flaw in its E-Business...

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI...

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning...

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

A threat actor named Detour Dog has been outed as powering campaigns distributing an information...

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot...

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Brazilian users have emerged as the target of a new self-propagating malware that spreads via...

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming...