Latest updates from top security sources
Organizations are dramatically increasing investments in AI agent identity management as enterprise deployments accelerate, according to new research from Omdia. The study reveals ...
Security researchers have identified a new self‑propagating threat, named PCPJack, that behaves like a worm while simultaneously purging systems infected by the earlier TeamPCP mal...
A federal jury in Virginia has convicted 39-year-old Richmond resident James E. Thornton on multiple charges stemming from a 2023 cyber intrusion that resulted in the deletion of 9...
Cybersecurity researchers have disclosed a previously unknown Linux backdoor called PamDOORa that is being actively advertised on the Russian cybercrime forum Rehub for $1,600 by a...
Security analysts have uncovered a sophisticated intrusion campaign leveraging the CloudZ remote access trojan (RAT) alongside a previously undocumented plugin called Pheno to targ...
Security researchers have uncovered a sophisticated cyberattack campaign leveraging the Windows Phone Link application to steal text messages and circumvent two-factor authenticati...
A sophisticated phishing campaign is leveraging Google’s sponsored search ads to mimic the login page of ManageWP, GoDaddy’s platform for centrally managing large fleets of WordPre...
A new proof‑of‑concept (PoC) published by security researcher Alex Chen of CyberX Labs shows that Microsoft Edge stores user passwords in plaintext within the browser’s process mem...
Progress Software has released urgent updates for MOVEit Automation (formerly Central) that address two security flaws, the most severe of which is a critical authentication bypass...
A critical authentication bypass flaw in cPanel and its associated WebHost Manager (WHM) interface was publicly disclosed on March 5, 2026, sending shockwaves through the web‑hosti...
Fraudsters are not breaking into credit unions with zero‑days or ransomware; they are exploiting the normal loan origination workflow. Flare’s threat‑intelligence team uncovered a ...
Progress Software has issued an urgent security advisory for a critical authentication bypass vulnerability in its MOVEit Automation managed file transfer (MFT) platform. Tracked a...
Security researchers have flagged a new iteration of the consent‑phishing tool known as ConsentFix, now labeled v3, which dramatically expands the scale and automation of attacks a...
cPanel and its WebHost Manager (WHM) product line contain a critical authentication flaw that could allow a remote attacker to bypass login controls and gain full control of the ho...
Tycoon, a well‑known phishing collective that has long abused two‑factor authentication (2FA) bypass tricks, has quietly shifted to a new attack vector: OAuth 2.0 device‑code phish...
Security researchers have linked a new wave of cyber‑attacks to Russia’s military intelligence, specifically the APT groups tied to the GRU, which are actively exploiting known vul...
Worldcoin’s World ID initiative, built by Tools for Humanity, is deploying a biometric authentication system based on iris scanning to assign a unique human identity to every AI ag...
Google has announced significant changes to its Android app distribution model, implementing mandatory developer verification for all apps published on Google Play Store. The new r...
Even major online services that pride themselves on seamless login experiences are quietly exposing sensitive user data through SMS sign‑in links. Security researchers analyzing th...
Google has officially announced its Android developer verification program will feature both free and paid tiers, marking a significant shift in how developers are authenticated be...
Clorox has filed a lawsuit against a service desk vendor following a 2023 cybersecurity breach that cost the company approximately $380 million. The legal action centers on allegat...
A coordinated phishing operation attributed to the threat group 0ktapus has ensnared more than 130 organizations across multiple industries, according to researchers at Threatpost....