14+ hour, 54+ min ago  (411+ words) In a recent discovery, Socket's Threat Research Team uncovered a sophisticated supply chain attack targeting ASP.NET developers. The campaign deploys a multi-stage payload, starting with the NCryptYo dropper, followed by the credential-harvesting packages DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_. The malicious packages have been…...

1+ day, 13+ hour ago  (408+ words) A critical remote code execution (RCE) flaw has emerged in RubitMQ job workers, rooted in unsafe JSON deserialization. Unlike memory corruption bugs, this stems from flawed design assumptions in Ruby background systems that blindly trust processed data. The vulnerability, tracked…...

5+ day, 9+ hour ago  (347+ words) Google has reported significant success in safeguarding the Android ecosystem by preventing over 1.75 million policy-violating apps from reaching the Play Store in 2025. This marks a decline from 2.36 million the previous year, showing how AI-driven defenses are deterring bad actors early....

5+ day, 13+ hour ago  (382+ words) Advantest Corporation, a top Japanese supplier of semiconductor testing equipment, disclosed a ransomware attack that struck its IT systems on February 15, 2026. The Tokyo-based firm, listed on the Tokyo Stock Exchange (TSE: 6857), detected unusual activity and quickly isolated affected areas. This…...

5+ day, 14+ hour ago  (227+ words) Jamf Threat Labs first reported DigitStealer in mid-November 2025, noting its multi-stage design that steals from 18 cryptocurrency wallets, browsers, macOS Keychain, and more. It spreads via fake apps like DynamicLake, using disk images that trick users into running malicious Terminal commands....

1+ week, 11+ hour ago  (394+ words) Palo Alto Networks is set to bolster its AI security arsenal by acquiring Koi Security, a startup specializing in protecting endpoints from the risks posed by advanced AI agents. Announced on February 17, 2026, this definitive agreement targets a growing threat: AI…...

1+ week, 12+ hour ago  (401+ words) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in the Microsoft Windows Video ActiveX Control to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2008-0015, this flaw, originally disclosed nearly two decades…...

1+ week, 15+ hour ago  (418+ words) A critical "log poisoning" vulnerability in the widely used OpenClaw AI assistant exposes organizations to indirect prompt injection attacks. Attackers can manipulate the agent's behavior by hiding malicious instructions in log files, tricking the AI into executing harmful actions during…...

1+ week, 16+ hour ago  (585+ words) QR codes have become ubiquitous in daily life, providing an easy way for people to access websites, make payments, and download apps. However, this widespread use has also made QR codes a prime vector for cybercriminals to exploit. Over the…...

1+ week, 1+ day ago  (390+ words) The Milano Cortina 2026 Winter Olympics mascots, Tina and Milo the adorable stoat siblings designed by Italian schoolchildren have become instant global sensations. Selected from over 1,600 public poll entries, these plush toys top merchandise lists. The official 27 cm Tina plush sells…...