Attackers exploit CVE-2023-46604 in Apache ActiveMQ, deploy DripDropper malware, then patch flaw to secure persistence.

GodRAT Trojan Targets Financial Institutions via Malicious Skype Files, Leveraging Steganography and Gh0st RAT Legacy ...

Specifically, the attack chain first uses CVE-2025-31324 to sidestep authentication and upload the malicious payload to the ...

U.K. drops January 2025 Apple backdoor mandate after U.S. civil liberties concerns, protecting encrypted iCloud data.

Nearly 60% of 2024 breaches involved human factors, showing weak security culture undermines advanced defenses ...

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security ...

PipeMagic is a plugin-based modular malware that uses a domain hosted on the Microsoft Azure cloud provider to stage the ...

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

EncryptHub exploits CVE-2025-26633 with social engineering and rogue MSC files, delivering Fickle Stealer malware.

UAT-7237 exploits unpatched Taiwan servers using SoundBill, Cobalt Strike, and SoftEther VPN for persistent control.

ShinyHunters and Scattered Spider are teaming up in a coordinated Salesforce phishing and extortion campaign, with ...

Because once an agent becomes adaptive and semi-autonomous, privacy isn't just about who has access to the data; it's about ...