GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.

Phishers abused Google Sites and DKIM replay to send valid-signed emails, bypassing filters and stealing credentials.

Security teams must integrate browser security into their enterprise security stack to gain real-time visibility, detect ...

Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.

Microsoft secures MSA and Entra ID with Azure Confidential VMs + HSM, preventing token forgery and reducing breach risks.

"In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019-0708)," the South ...

SuperCard X malware exploits NFC relay and social engineering to steal card data in Italy, enabling ATM fraud.

From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs ...

Proton66-hosted IPs launched global cyberattacks since Jan 8, 2025, exploiting critical CVEs to deploy malware.

The surge in DDoS attack traffic this year has been driven in part by the rapid expansion of IoT devices - from smart watches ...

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting ...

XorDDoS is a well-known malware that has a track record of striking Linux systems for over a decade. In May 2022, Microsoft ...