CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and ...

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...

Android Package (APK) malformation has emerged as a standard Android malware evasion tactic, with the technique identified in more than 3000 malicious samples across families including Teabot, TrickMo ...

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

As AI agents increasingly rely on third-party API routers, criminals are using this dependence to trick users and inject malicious code into their machines.

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Anthropic announced this week that its new model found security flaws in "every major operating system and web browser." Even ...

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

More than 1000 ComfyUI servers are exposed to the internet. Attackers exploit misconfigurations to add instances to a botnet.

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

AtlasCross RAT spreads via 11 fake domains registered October 27, 2025, enabling encrypted C2 control and persistence.