Phishing campaigns are leveraging a sophisticated method called SVG smuggling. Attackers exploit SVGs by disguising malicious JavaScript code as part of the graphic's structure. This approach helps cybercriminals circumvent traditional…
Attackers utilize advanced phishing to exploit trust in software downloads from familiar-looking websites. Security researchers flagged over 600 domains linked to fake Telegram APK files. Android users were targeted via…
A government employee with ties to DOGE was the source of another API key data breach. Marko Elez leaked a private API key to xAI, reportedly providing unrestricted access to…
DragonForce listed U.S. department store chain Belk as its latest victim. The attackers reportedly accessed and exfiltrated confidential information. Belk previously acknowledged unauthorized third-party access to internal files. The DragonForce…
A Google Gemini for Workspace prompt-injection vulnerability that allows for hidden prompts. Attackers use a known technique – zero font size and white text to hide content from users in…
Stormous Ransomware published samples from an alleged data breach targeting North Country HealthCare. The threat actor intends to sell 500,000 patient records and leak another 100,000. The stolen data reportedly…
Numerous industries are targeted in a KongTuke campaign that transitions to a FileFix variant. Attackers employ fake CAPTCHA verifications to deploy an enhanced version of the Interlock RAT. It utilizes…
Doxing of Immigration and Customs Enforcement (ICE) officers has surged, particularly in Portland. This is attributed to Antifa-affiliated groups like…
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: