Citizen Lab reports that law enforcement agencies globally use Webloc, an advertising-based geolocation surveillance system, to track up to 500 million mobile devices without warrant.
The GlassWorm campaign uses a Zig dropper in a fake WakaTime VS Code extension to infect all developer IDEs on a machine.
This article examines the security threats posed by AI browser extensions operating outside traditional enterprise controls.
Google has made Device Bound Session Credentials (DBSC) generally available to Windows users of Chrome 146, a security feature designed to prevent session theft attacks.
A critical RCE vulnerability in Marimo Python notebook was exploited within 10 hours of disclosure, demonstrating rapid weaponization of newly disclosed flaws.
The update system for Smart Slider 3 Pro plugin was compromised by threat actors to distribute a backdoored version.
Microsoft Defender researchers disclosed a now-patched intent redirection vulnerability in EngageLab SDK that exposed over 50 million Android users, including 30 million cryptocurrency wallet users.
UAT-10362 is a previously undocumented threat cluster conducting spear-phishing campaigns against Taiwanese NGOs and universities.
A security bulletin on threats spanning hybrid botnets, decade-old exploits, fraud losses, and AI-enabled attacks.
Shadow AI refers to the unauthorized adoption of AI tools by employees without formal IT and security team approval, creating security blind spots in enterprises.
A zero-day vulnerability in Adobe Reader has been actively exploited via malicious PDF files since at least December 2025.
A hack-for-hire campaign linked to the threat actor Bitter targeted journalists, activists, and government officials across the MENA region using spear-phishing and Android spyware.
