Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
A new attack technique dubbed HalluSquatting turns AI assistants’ tendency to hallucinate into a scalable infection vector.
A threat actor is targeting organizations across multiple sectors in voice-enabled attacks involving Microsoft 365 phishing ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
The GigaWiper backdoor combines several malware families and can sabotage systems using a wiper, encryption, and wiping ...
Exploit for "Bad Epoll" Linux kernel vulnerability (CVE-2026-46242) can lead to root access on desktops, servers, and Android ...
Cyberespionage groups linked to both China and India spent more than two years quietly breaking into Pakistani law ...
Several AI coding assistants were tricked into facilitating developer machine hacking via an attack technique that has been ...
In other news, a DHS database was hacked, Adobe is releasing patches twice a month, and Canada has disrupted ransomware operations.
A 16-year-old Linux KVM flaw (CVE-2026-53359) dubbed Januscape can allow attackers to escape virtual machines and execute ...
GhostLock (CVE-2026-43499) is a 15-year-old Linux kernel vulnerability that allows attackers to gain root privileges.
Mount Royal University has confirmed that employee, student, and university data was stolen and deleted in a ransomware ...