Security researchers have uncovered several serious vulnerabilities in Anthropic’s Claude Code, an AI-powered coding assistant, that could let attackers run commands on a developer’s machine and steal sensitive API credentials. According to findings from Check Point Research, the weaknesses stem…
Google has revealed that it worked alongside industry partners to dismantle the infrastructure of a suspected China-linked cyber espionage group known as UNC2814. The group is believed to have compromised at least 53 organizations in 42 countries, with additional suspected…
⚠️ New Cyber Espionage Operation Targets Organizations Across MENA Security analysts have uncovered a fresh wave of cyberattacks attributed to the Iran-aligned hacking group commonly tracked as MuddyWater. The campaign, dubbed Operation Olalampo, is primarily focused on organizations and individuals…
⚠️ Massive Supply-Chain Attack Targets Developers via Malicious npm Packages Security researchers have uncovered an active software supply-chain campaign spreading through the npm ecosystem that behaves like a self-propagating worm. The operation relies on at least 19 malicious packages designed…
⚠️ Why LLM Infrastructure Is Becoming a Major Security Risk As more organizations deploy their own Large Language Models (LLMs), the real danger is shifting away from the models themselves and toward the systems that surround them. To keep AI…
🛑 Cyber Threat Landscape 2026: Key Findings from New Research A newly released security study examining over 1.1 million malicious files and 15.5 million attack events reveals a major shift in attacker behavior. Roughly four out of five of the…
Researchers from the Chinese Academy of Sciences and Nanyang Technological University have unveiled a new defense system called AURA designed to protect valuable knowledge graphs used in advanced AI applications from theft and misuse. Instead of trying to block attackers…
A powerful new edition of the notorious LockBit ransomware is spreading across corporate networks, posing a serious threat to organizations around the globe. Dubbed LockBit 5.0, the updated strain expands its reach by attacking multiple operating systems, including Windows, Linux,…
Security researchers have uncovered a new social engineering campaign aimed at macOS users that delivers credential-stealing malware through a highly refined version of the ClickFix technique. The operation, dubbed “Matryoshka,” uses multiple layers of hidden code to slip past security…
Security researchers are warning of widespread exploitation targeting a severe remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The flaw, identified as CVE-2026-1281, allows attackers to take control of vulnerable systems without authentication and is already being used…
Cybercriminals are exploiting excitement around the Milano Cortina 2026 Winter Olympics by launching dozens of fraudulent online stores designed to steal shoppers’ money, payment details, and personal information. Security researchers warn that the campaign specifically targets fans searching for official…
A newly identified cyber espionage group has launched coordinated attacks against Ukrainian institutions using a previously undocumented malware strain known as CANFAIL, according to security researchers. The activity appears to focus on critical sectors tied to national security and infrastructure.…
Microsoft security researchers have uncovered an advanced evolution of the ClickFix social engineering technique, revealing how attackers are now using DNS requests to secretly pull malicious payloads onto victims’ computers. The new approach reduces reliance on typical web downloads, making…
Google has issued urgent security updates for its Chrome browser after confirming that a newly discovered vulnerability is already being used in real-world attacks. The flaw, identified as CVE-2026-2441, carries a high severity rating and could allow attackers to execute…
Cybersecurity researchers have uncovered a powerful new mobile spyware toolkit called ZeroDayRAT, now being sold through Telegram channels to cybercriminals worldwide. Unlike typical malware focused only on stealing data, this platform gives attackers full remote visibility into a victim’s phone,…
Rapid technological progress is transforming how societies function, from government services to everyday communication. But as countries digitize more of their infrastructure, new vulnerabilities emerge alongside the benefits. Lithuania, widely known for its advanced e-government systems, is now confronting that…
For years, ransomware encryption has been treated as the clearest warning sign of a cyberattack. Locked files, halted operations, public fallout. But new research suggests the industry may be focusing too much on visible damage while a more dangerous shift…
Security researchers have uncovered a new ransomware strain known as Reynolds that takes defense evasion a step further by embedding a vulnerable driver directly inside its payload. This approach allows the malware to disable endpoint security tools before encryption begins,…
North Korean IT operatives are taking their remote work scams a step further. Instead of relying only on fake profiles, they are now submitting job applications using real LinkedIn accounts stolen or impersonated from legitimate professionals. According to the Security…
This week’s security updates weren’t defined by one major “headline hack.” Instead, they revealed something more dangerous in the long run: small missteps and quiet shifts that attackers are learning to exploit over and over. Most of the stories have…
