Indirect prompt injection in GitLab Duo exposed private source code and inserted malicious HTML into AI responses, risking ...

CISA, which added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog in late April 2025, said it's continuing to ...

Windows Server 2025 flaw allows any user with dMSA write permissions to escalate privileges and compromise AD.

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched ...

52% of breaches stem from manual identity workflows in disconnected apps—causing customer loss and compliance risks.

UNC5221 exploited Ivanti EPMM flaws CVE-2025-4427/4428 in global attacks starting May 15, 2025, enabling remote access and ...

Microsoft and Europol dismantled Lumma’s 2,300-domain C2 network after 10M infections tied to credential and crypto theft.

APT28 targets NATO-aligned logistics and tech firms via malware, phishing, and 7 CVEs to spy on Ukraine aid routes.

Three critical Versa Concerto flaws disclosed after 90 days allow remote code execution via reverse proxy misconfigurations.

Fake Facebook ads impersonating Kling AI deploy PureHVNC RAT via spoofed sites, stealing credentials and crypto data.

The original executable that launches "ckcfb.exe" simultaneously also extracts a second binary referred to as "StilKrip.exe," ...

The attack chains leverage spear-phishing lures as a starting point to activate the infection process and deploy a known ...