Threat actors abused Velociraptor via Cloudflare Workers in 2024, enabling C2 tunneling and ransomware precursors ...

Google expands Salesloft Drift breach scope beyond Salesforce; Salesloft says core platform safe, isolated to Drift app.

Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to ...

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in ...

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as ...

Amazon disrupted APT29’s June 2025 campaign exploiting Microsoft device code authentication, redirecting 10% of visitors to ...

Passwordstate 9.9 fixes authentication bypass flaw on August 28, 2025, adding clickjacking defenses for 29,000 customers.

watchTowr Labs researcher Piotr Bazydlo said the newly uncovered bugs could be fashioned into an exploit chain by bringing together the pre-auth HTML cache poisoning vulnerability with a ...

ESET uncovers AI-powered PromptLock ransomware using OpenAI gpt-oss:20b model, complicating detection with variable Lua ...

The golden rule: data needs a seatbelt. Put boundaries around what data can be shared with AI tools and how it is handled, ...

CVE-2025-7775 is the latest NetScaler ADC and Gateway vulnerability to be weaponized in real-world attacks in a short span of ...

To that end, two marketplace domains (verif [.]tools and veriftools [.]net) and one blog have been taken down, redirecting site visitors to a splash page stating the action was undertaken by the U.S.