Latest News

The hackers stole information from a file transfer solution and the country’s power supply was not affected.

Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions. 

The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.

All new extensions will be required to declare their data collection practices in their manifest file using a specific key.

Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.

Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms.

The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.

WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution. 

Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox.

CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.

Shortly after the browser was launched, numerous fraudulent domains and fake applications were discovered.

Lazarus has used fake job offers in attacks targeting companies developing UAV technology, for information theft.

Other noteworthy stories that might have slipped under the radar: Everest group takes credit for Collins Aerospace hack, Maryland launches VDP, gamers targeted with red teaming tool and RAT.

The customer information published on the dark web includes names, addresses, phone numbers, and email addresses.

In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews.