Password manager Dashlane has disclosed a brute-force attack targeting two-factor authentication, resulting in encrypted vault downloads for fewer than 20 personal subscribers.
Palo Alto Networks has disclosed an authentication bypass vulnerability in PAN-OS and Prisma Access that is actively exploited to enable unauthorized VPN connections.
BTMOB, an Android remote access trojan, is now available as a malware service featuring a builder interface that allows attackers to generate custom phishing payloads.
GreyVibe, a threat group believed to be Russian, has been utilizing AI-generated phishing lures and customized malware in cyberattacks against Ukrainian entities.
Anthropic has announced plans to release its Claude Mythos-class AI models to the public after postponing their launch to address security concerns affecting public and private...
A Canadian man received a 33-year prison sentence after pleading guilty to an eight-year sextortion campaign targeting more than 145 children in the United States.
A new threat actor named JINX-0164 employs recruitment-themed social engineering and custom macOS malware to target cryptocurrency firms, aiming to steal digital assets.
A critical SQL injection flaw in Ghost CMS is actively exploited in a large-scale campaign to inject malicious JavaScript, initiating ClickFix attack techniques. Security teams are...
Cisco releases a security update addressing a critical vulnerability (CVE-2026-20223) in Secure Workload that allows unauthenticated attackers to access sensitive data via insufficiently protected REST API...
CISA has included two critical vulnerabilities affecting Langflow and Trend Micro Apex One in its Known Exploited Vulnerabilities catalog, following confirmed exploitation activity.