Peter Stokes, a 19-year-old dual U.S.-Estonian citizen accused of involvement with the hacking group Scattered Spider, has been extradited from Finland to face U.S. charges including...
A critical vulnerability in Argo CD's repo-server component allows unauthenticated code execution if attackers can access the internal port. The flaw remains unpatched and poses a...
CISA has added a critical remote code execution vulnerability in Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog due to active exploitation.
KDDI Corporation reported a data breach involving unauthorized access to an email system shared by six Japanese ISPs, affecting up to 14.2 million email login credentials.
OpenAI has released an improved version of its GPT-5.5-Cyber model to trusted defenders as part of its Daybreak initiative, aimed at helping identify and patch software...
Researchers have uncovered malicious npm packages masquerading as PostCSS tools that deliver a Windows remote access trojan (RAT). The packages were published within the last month...
A medium-severity flaw in the Gravity SMTP WordPress plugin is being exploited to extract sensitive configuration data including API keys and OAuth tokens.
This week's threat landscape features misuse of browser add-ons and AI chat links to spread malware, memory-resident macOS attacks, and compromised cloud agents exploited as open...
Many enterprises cannot readily identify who authorized autonomous AI agents accessing sensitive company data, exposing them to security risks from orphaned AI tools and standing privileges....
F5 has addressed two critical vulnerabilities in NGINX Open Source that could allow remote attackers to execute code. The flaws include a use-after-free issue affecting the...