Cybersecurity

A Chrome ad blocker with over 10 million installs can be configured to execute arbitrary JavaScript code remotely.The extension, Adblock for YouTube, runs on...

A new backdoor named Mistic has been deployed in financially motivated attacks across insurance, education, IT, and professional services since April 2026.The backdoor is...

A critical command injection flaw (CVE-2025-67038) in Lantronix EDS5000 devices is being actively exploited, allowing attackers to execute arbitrary commands with root privileges.The U.S....

A new critical flaw dubbed Cordyceps threatens open-source software supply chains.The vulnerability allows unauthenticated attackers to hijack CI/CD workflows and execute code.Major organizations including...

The U.S. Department of Justice seized the cloud computing account of the HuiOne Group, crippling a key part of its massive money laundering operation.The...

A financially-motivated initial access broker has targeted over 430,000 FortiGate firewalls globally since February 2026.The FortiBleed operation uses a custom tool to harvest over...

Security firm AIR successfully deployed a deceptive AI agent skill that bypassed all major security scanners and reached an estimated 26,000 agents.The skill exploited...

WhatsApp accounts across 11 countries are being hijacked to distribute malware-laden VBScript files.The campaign uses obfuscated scripts disguised as business documents to install legitimate...