AI agents are changing how work gets done inside companies. They can schedule meetings, pull data, run workflows, write code, and take actions automatically. In many cases, they move faster than people ever could, and that speed is boosting productivity…
A cyberattack described by Polish officials as the most serious assault on the country’s energy infrastructure in years has been linked to the Russian state-backed hacking group Sandworm. The incident happened during the final week of December 2025 and targeted…
Security researchers have uncovered a new multi-stage phishing operation aimed at users in Russia, delivering a combination of ransomware and a remote access trojan (RAT) known as Amnesia RAT. According to a recent analysis from Fortinet FortiGuard Labs, the campaign…
Security researchers have uncovered a weakness inside the web control panel used by operators of the StealC malware, turning the attackers’ own infrastructure into an unexpected source of intelligence. The flaw is a cross-site scripting (XSS) vulnerability that allowed researchers…
Several AMD EPYC processor families have been found vulnerable to a new hardware-level attack that undermines protections designed for confidential virtual machines. The affected chips include both standard and embedded variants across the EPYC 7003, 8004, 9004, and 9005 series.…
Not long ago, the cloud was sold as the ultimate fix for security risks and reliability problems. The promise was simple: move everything to managed platforms and let someone else worry about uptime and protection. In exchange for that convenience,…
In today’s cybersecurity landscape, the gap between routine maintenance and a full-blown security incident is shrinking fast. Systems that once felt stable are now under constant strain as organizations roll out new AI features, automated workflows, and connected services. Each…
Cybersecurity researchers have uncovered a novel attack technique that abused indirect prompt injection to sidestep safeguards in Google Gemini, turning Google Calendar into an unexpected data-leak channel. According to findings shared by Miggo Security, attackers were able to sneak a…
Security researchers have uncovered a new tactic used by the JavaScript-based malware loader known as GootLoader, showing how threat actors are abusing broken ZIP archives to evade analysis and security tools. According to a recent report from Expel, attackers are…
OpenAI has announced plans to introduce advertising in ChatGPT for logged-in adult users in the United States. The rollout will apply to both the free version and the low-cost ChatGPT Go tier, with testing expected to begin in the coming…
Ukrainian and German investigators have uncovered the identities of two Ukrainian nationals believed to be involved with Black Basta, a ransomware-as-a-service operation linked to Russia. Authorities also announced that the group’s suspected leader, 35-year-old Russian citizen Oleg Evgenievich Nefedov, has…
Node.js maintainers have issued emergency updates to address a serious vulnerability that can cause production applications to crash unexpectedly, opening the door to denial-of-service (DoS) attacks across much of the Node.js ecosystem. According to the Node.js security team, the issue…
Microsoft has released its first Patch Tuesday updates for 2026, rolling out fixes for 114 security vulnerabilities across Windows and related products. One of the flaws, the company confirmed, is already being exploited in real-world attacks. Of the total issues…
A new 2026 web security study has found that third-party applications are accessing sensitive user data on a majority of major websites without a clear business reason. After analyzing 4,700 high-traffic sites, researchers discovered that 64% of third-party tools now…
Fortinet has released security updates to address a high-severity flaw in its FortiSIEM platform that could allow unauthenticated attackers to remotely execute code on affected systems. The vulnerability, tracked as CVE-2025-64155, carries a CVSS score of 9.4, placing it firmly…
Security researchers have uncovered an active malware campaign that is abusing a DLL side-loading weakness in a legitimate Windows executable linked to the open-source c-ares library. The technique allows attackers to quietly bypass security defenses and install a broad range…
AI agents have moved far beyond simple productivity tools. What started as personal assistants for coding, chat, or task automation are now shared, organization-wide systems embedded deep inside daily operations. Across security, IT, engineering, and business teams, these agents increasingly…
Security researchers at Lumen Technologies’ Black Lotus Labs say they have taken action against a large command-and-control infrastructure tied to the AISURU and Kimwolf botnets. Since early October 2025, the team has null-routed traffic linked to more than 550 C2…
Security researchers have identified a new malware operation, tracked as SHADOW#REACTOR, that uses a carefully layered infection process to install Remcos RAT, a commercially available remote access trojan widely abused by cybercriminals. The campaign relies on a stealthy, multi-step execution…
A serious security vulnerability has been identified in ServiceNow that affects its AI and virtual agent components, raising concerns about how agentic AI systems can be abused inside enterprise environments. The issue impacts the following ServiceNow components and versions: The…
