Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns targeting governmental organizations in Ukraine.This latest ...

Admins with Dynamics 365 on-prem should also take note of a “severe” vulnerability that allows remote code execution.

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...

Are magic links secure? A security analyst breaks down token entropy, replay protection, expiry, device binding, and email compromise risks for MojoAuth users.

Data Security Standard (DSS), issued by the PCI Security Standards Council (SSC), which establishes technical and operational requirements to protect cardholder data and promote consistent security ...

Did our AI summary help? The Indian Computer Emergency Response Team has issued a security advisory highlighting multiple vulnerabilities in Google Chrome that could expose users to serious risks. The ...