Between December 2025 and January 2026, researchers uncovered a large-scale, systematic campaign targeting exposed large language model (LLM) and Model Context Protocol (MCP) infrastructure....

Nation-state groups are consistently exploiting the defect to target victims in military, government and technology for espionage. The post Cybercriminals and nation-state groups are exploiting a...

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to...

Meta also replaces a legacy C++ media-handling security library with Rust Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is...

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed...

The authors competed at Pwn2Own Berlin 2025 in the VMWare Workstation category. The vulnerability exists within the PVSCSI (Paravirtualized SCSI) controller emulation code. This is responsible for...

Security research involves long hours of staring at code and is done only by a specialized group of people. With the rise of LLMs comes the ability to use AI tools to find vulnerabilities. They...

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an...

Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang...

In 2025, Chinese-language organizations laundered on average $44 million in illicit crypto each day, amounting to $16.1 billion.

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats),...

The Justice Department has said that between February 2024 and December 2025, the gang stole at least $5.4 million from at least 63 ATMs, most of which belonged to credit unions.

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The...

Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing...

The U.S. Department of Energy on Saturday and Sunday issued a series of emergency orders intended to help grid operators in New England, Texas and the Mid-Atlantic meet higher anticipated...

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple...

Euralarm has released a new guidance document on precautionary measures for protecting installations and facilities, providing practical direction to strengthen the physical protection and...

The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV)...

Against a steady drumbeat of ransomware attacks, data breaches, and sophisticated intrusions, President Donald Trump’s administration is preparing to release a new national cybersecurity strategy...

Texas is tightening its cybersecurity defenses by expanding the list of technologies that state employees are barred from using on government devices, a move aimed at preventing foreign actors...

Reviewing Wiz’s approach to forensics in the cloud era, and announcing the public preview of AI-powered, context-aware forensics capabilities

Budding IT insiders can be corrupted into giving up protected health information, say university researchers who also found a correlation between an interest in white hat hacking and a propensity...

A new risk assessment has found that xAI’s chatbot Grok has inadequate identification of users under 18, weak safety guardrails and frequently generates sexual, violent and inappropriate material....

Alert fatigue is fast becoming one of the most pressing challenges to operational resilience, new research suggests, and it’s harming workforce morale. According to Splunk’s State of Observability...

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for...

We ported a complete Matrix homeserver to Cloudflare Workers — delivering encrypted messaging at the edge with automatic post-quantum cryptography.

A vulnerability has been discovered in Microsoft Office which could allow for a security feature bypass. Microsoft Office is a suite of applications designed to help with productivity and...

Threat hunters and researchers are racing to contain a wave of voice-phishing attacks targeting single sign-on tools, already leading to data theft and extortion attempts. Multiple cybercrime...

Just around the corner, the world will see a full-fledged cyber war led by artificial intelligence (AI) offensive and defensive agents, Israel National Cyber Directorate (INCD) Chief Yossi Karadi...

The Trump administration is planning to use artificial intelligence to write federal transportation regulations, according to U.S. Department of Transportation records and interviews with six...