Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.

Scammers are using cloned versions of popular AI coding tools to spread info-stealing malware through fake installation ...

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

Generative AI is raising the risk of dangling DNS attack vectors, as the orphaned resources are no longer just a phishing ...

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime.

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed ...

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

Authorities dismantle Tycoon 2FA phishing service linked to 64,000 attacks, millions of emails, and breaches at nearly ...