The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns targeting governmental organizations in Ukraine.This latest ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

APRA's AI governance letter to banks, insurers and super funds could also have implications for accounting firms that have ...

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

Web scraping is a process that extracts massive amounts of data from websites automatically, with a scraper collecting thousands of data points in a matter of seconds. It grabs the Hypertext Markup ...