Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...]

Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]

First public downstream victim, but won't be the last AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the...

If you do the same thing three times, automate it. Introducing Mobile Data Extractor, a Python tool that handles the repetitive work of mobile app data extraction so testers can focus on what matters.

This report provides an overview of trends and developments in the cybercriminal ecosystem of Latin America and the Caribbean (LAC) in 2025.

Este informe ofrece una visión general de las tendencias y desarrollos en el ecosistema cibercriminal de América Latina y el Caribe (LAC) en 2025.

Este relatório oferece uma visão geral das tendências e desenvolvimentos no ecossistema cibercriminoso da América Latina e do Caribe (LAC) em 2025.

An automated campaign attributed to threat cluster UAT-10608 is exploiting vulnerable Next.js applications to achieve pre-authentication remote code execution and deploy a multi-phase credential...

The Meta subsidiary alleges that Italy’s SIO spyware manufacturer designed the phony app specifically for iPhones. Most of the impacted users are in Italy, according to a WhatsApp announcement.

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote...

Plus: how to train your human AI interview Amazon has seen a 40 percent efficiency gain by using AI tools to pentest its products before and after launch, according to security chief CJ Moses.…

Drupal security advisory (AV26-308)

Cisco security advisory (AV26-307)

Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on. The post Securing the...

A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. [...]

Although the LiteLLM attack was reportedly tied to a group called TeamPCP, the hacking gang Lapsus$ claimed on its website that it obtained hundreds of gigabytes of Mercor’s data.

Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup. The post Threat Brief: Widespread Impact of the Axios Supply...

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No...

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via...

Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. [...]

Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. [...]

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026,...

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity...

The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: “We...

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of...

In an essay for Lawfare, Citizen Lab director Ron Deibert warns that the Trump administration may authorize private firms to undertake offensive cyber operations with major consequences. The post...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a...

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise...

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these...