APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.
OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...
Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.
The U.S. DoJ seized $61 million in Tether tied to pig butchering crypto investment scams, while Tether reports freezing $4.2 ...
Trojanized gaming tools and new Windows RATs like Steaelite enable data theft, ransomware, and persistent remote control.
North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for ...
While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and ...
Cisco warns CVE-2026-20127 (CVSS 10.0) in SD-WAN is exploited since 2023 to gain admin access; CISA adds it to KEV and ...
A fake Go module posing as golang.org/x/crypto captures terminal passwords, installs SSH persistence, and delivers the ...
Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results