Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to...

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access...

FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy...

Adding to previous research about an operation against Poland's electrical grid, analysts at Dragos say it affected dozens of facilities and disrupted operational technology.

Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection...

A coding error, possibly introduced thanks to over-reliance on artificial intelligence (AI) vibe coding tools, has rendered an emergent strain of ransomware an acutely dangerous threat, according...

Cyble Vulnerability Intelligence researchers tracked 1,031 vulnerabilities in the last week, and nearly 200 already have a publicly available Proof-of-Concept (PoC), significantly increasing the...

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier...

ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation

Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk, the most severe of which could allow for arbitrary code execution. SolarWinds Web Help Desk (WHD) is a web-based software...

Vietnam-based cybercrime actor appears to now be using AI to write scripts used in phishing campaigns

An alleged data breach involving Jabarprov was reported on January 25, 2026. Learn about the incident details, impact on customers, and recommended security measures.

The Bottom Line Up Front: Privacy as a Moat: In 2026, privacy is no longer a legal “tax”; it’s a competitive advantage that accelerates sales and builds brand equity. The End of Data Hoarding:...

The Bottom Line Up Front: Privacy as a Moat: In 2026, privacy is no longer a legal “tax”; it’s a competitive advantage that accelerates sales and builds brand equity. The End of Data Hoarding:...

Between December 2025 and January 2026, researchers uncovered a large-scale, systematic campaign targeting exposed large language model (LLM) and Model Context Protocol (MCP) infrastructure....

Nation-state groups are consistently exploiting the defect to target victims in military, government and technology for espionage. The post Cybercriminals and nation-state groups are exploiting a...

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to...

Meta also replaces a legacy C++ media-handling security library with Rust Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is...

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed...

The authors competed at Pwn2Own Berlin 2025 in the VMWare Workstation category. The vulnerability exists within the PVSCSI (Paravirtualized SCSI) controller emulation code. This is responsible for...

Security research involves long hours of staring at code and is done only by a specialized group of people. With the rise of LLMs comes the ability to use AI tools to find vulnerabilities. They...

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an...

Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang...

In 2025, Chinese-language organizations laundered on average $44 million in illicit crypto each day, amounting to $16.1 billion.

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats),...

The Justice Department has said that between February 2024 and December 2025, the gang stole at least $5.4 million from at least 63 ATMs, most of which belonged to credit unions.

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The...

Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing...

The U.S. Department of Energy on Saturday and Sunday issued a series of emergency orders intended to help grid operators in New England, Texas and the Mid-Atlantic meet higher anticipated...