MuddyWater used Teams phishing in 2026 to steal credentials, enabling stealthy data exfiltration and persistence without ...

CyberStars Awards 2026 launched as a global program recognizing cybersecurity excellence across products, companies, and ...

"A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks ...

CloudZ RAT exploits Phone Link since Jan 2026, stealing credentials and OTPs via Pheno plugin, bypassing 2FA protections.

AI agents outpace IAM governance as 50% identity activity stays unseen, increasing enterprise security and compliance risks.

DAEMON Tools supply chain attack since April 8, 2026 infects signed installers, enabling targeted malware delivery globally.

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP ...

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.

UAT-8302 targets governments since 2024 using shared China-linked malware, enabling persistent access and cross-group cyber ...

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.

ScarCruft spreads BirdCall via sqgame.net since late 2024, targeting Android users, enabling surveillance and data theft.

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.