4+ hour, 32+ min ago  (252+ words) The breaches stem entirely from external social engineering tactics rather than technical vulnerabilities within the application itself. Threat actors execute these account takeovers by manipulating users into voluntarily surrendering their sensitive authentication data, as reported by Signal. The primary objective…...

1+ hour, 56+ min ago  (355+ words) In a recent security advisory, Cloudflare disclosed multiple HTTP request smuggling and cache poisoning vulnerabilities in its open-source Pingora framework. Cloudflare has explicitly confirmed that its own Content Delivery Network and customer traffic are completely safe. Because Cloudflare does not…...

2+ hour, 12+ min ago  (298+ words) OpenAI has announced the acquisition of Promptfoo, an artificial intelligence security platform designed to help enterprises identify and fix vulnerabilities in their AI systems during development. Once the acquisition is finalized, OpenAI plans to integrate Promptfoo's advanced security evaluation technology…...

3+ hour, 31+ min ago  (935+ words) Internally branded "GhostLoader," this threat combines polished social engineering, encrypted payload delivery, and long'term persistence to exfiltrate almost every valuable secret a developer holds " from SSH keys and cloud credentials to AI agent configs and live browser sessions. The package…...

3+ hour, 19+ min ago  (667+ words) A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware'as'a'service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds capable…...

4+ hour, 1+ min ago  (445+ words) A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how…...

6+ hour, 11+ min ago  (631+ words) A newly discovered malware operation is targeting employees at finance and healthcare organizations by posing as internal IT support. Once inside, the attackers deploy a stealthy new tool called the A0Backdoor. Cybersecurity researchers at BlueVoyant have identified a threat group, known…...

3+ hour, 34+ min ago  (307+ words) A highly advanced iPhone hacking toolkit, originally developed for Western intelligence agencies, has leaked into the hands of Russian spies and Chinese cybercriminals. The exploit framework, known internally as "Coruna," was likely created by Trenchant, the hacking and surveillance division…...

23+ hour, 21+ min ago  (665+ words) Activity associated with the Iranian APT group Seedworm (aka MuddyWater, Temp Zagros, Static Kitten) has been observed on the networks of multiple U.S. organizations since early February 2026, continuing through the latest U.S.-Israeli strikes on Iran. Targets include a U.S. bank, a U.S. airport,…...

21+ hour, 52+ min ago  (589+ words) Hackers are abusing a fake CleanMyMac download page to infect macOS users with'SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead of offering a standard installer, the page shows an "advanced" installation step telling users to…...