A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...

AI Beats Hackers to a Zero-Day Cybersecurity Discovery, Twice Your email has been sent Google’s AI agent Big Sleep identified the critical vulnerability CVE-2025-6965 before cybercriminals could ...

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...

Apple has detailed the security content for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, confirming that the updates address the Coruna vulnerability disclosed last week by Google and ...

The big picture: A cybercriminal is reportedly selling a Windows zero-day exploit on the dark web for $220,000. The vulnerability, which targets Windows Remote Desktop Services, could allow an ...

Google's Threat Intelligence Group (GTIG) has a new report out about a powerful iOS exploit kit called "Coruna," which traveled from a surveillance vendor's customer to a Russian espionage group to ...

A sophisticated exploit kit capable of compromising Apple iPhones running iOS versions 13.0 through 17.2.1 has been uncovered by cybersecurity researchers. Google's Threat Intelligence Group (GTIG) ...