Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called ...

CVE-2025-47577 flaw in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files—no patch yet, 100K+ ...

Iranian hacker pleads guilty to Robbinhood ransomware attacks causing $19M+ in losses, crippling U.S. cities via BYOVD and ...

In March 2024, the DoJ indicted seven hackers associated with APT31, accusing them of engaging in sweeping cyber espionage ...

Amazon-hosted IPs scanned 75 tech targets on May 8 in a one-day exploit surge, showing orchestrated cloud-based recon.

PumaBot hijacks Linux IoT devices via SSH brute-force, fakes Redis services, and mines crypto using stealthy rootkits.

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited ...

Mimo exploits CVE-2025-32432 in Craft CMS days after disclosure, deploying cryptominer and proxyware for monetization.

The attack works by targeting session tokens. This enables the attackers to subvert even multi-factor authentication (MFA); ...

Session hijacking now drives enterprise breaches—88% involve stolen credentials, often exploited within hours.

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more ...

Mobile-focused phishing using SEO poisoning and fake portals hit payroll systems in May 2025, rerouting salaries and evading ...