2+ hour, 8+ min ago  (544+ words) A publicly accessible Java Script file on Click Up's homepage has been silently leaking nearly a thousand corporate and government email addresses, including employees from Fortinet, Home Depot, Tenable, Mayo Clinic, and U. S. state government workers, through a hardcoded third-party API…...

5+ hour, 37+ min ago  (548+ words) Security researchers have raised a warning about two widely trusted tools, mac OS textutil and Kee Pass XC, showing that both can become dangerous when placed inside automated pipelines that process attacker-controlled input. The findings do not point to traditional…...

6+ hour, 8+ min ago  (716+ words) North Korean state-sponsored hackers from the Kimsuky group have launched a targeted campaign against prescription pharmaceutical companies, using a cleverly disguised malware file named White Life Science ERP Specification. The attack uses a fake Excel document to trick employees into…...

4+ hour, 13+ min ago  (647+ words) A credential-stealing malware named Vidar has quietly emerged as one of the most active threats targeting corporate employees in early 2026. Threat actors are using fake software downloads promoted through You Tube videos to trick workers into installing it on their…...

4+ hour, 46+ min ago  (612+ words) A newly discovered malware campaign is targeting government employees in Pakistan using carefully crafted spear-phishing emails that combine obfuscation and staged payload delivery to stay hidden from security tools. The attack was directed at staff from the Punjab Safe Cities…...

8+ hour, 25+ min ago  (246+ words) Multiple vulnerabilities in the CODESYS Control runtime, one of the world's most widely adopted software-based programmable logic controller (Soft PLC) platforms. CODESYS is utilized across diverse industrial sectors, from water treatment facilities and energy grids to automated manufacturing lines. Because…...

9+ hour, 24+ min ago  (1573+ words) In the modern enterprise, the network is the ultimate source of ground truth. As organizations accelerate their digital transformation and adopt complex, cloud-native security architectures, the traditional perimeter has dissolved. To counter this, modern Security Operations Centers (SOCs) are deploying…...

8+ hour, 49+ min ago  (376+ words) A suspicious executable named Vibing. exe on the Microsoft Store has sparked major privacy and security alarms among cybersecurity researchers. Marketed as an interface to the "AI-native world" by the elusive Vibing-Team, the application reportedly harvests sensitive user data without…...

14+ hour, 9+ min ago  (342+ words) A newly disclosed security vulnerability in Tenable's Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The…...

13+ hour, 17+ min ago  (318+ words) Released by security researcher 0x Steph on Git Hub, pentest-ai-agents is a collection of 28 Claude Code subagents, each carrying deep domain expertise across the full penetration testing lifecycle. Rather than relying on a single general-purpose AI model, the framework automatically routes…...