The game has changed. AI isn't just a tool for defenders; it's also the ultimate exploit finder for attackers. Enterprise security needs a radical, AI-speed upgrade.
A sophisticated malvertising campaign is turning trusted platforms into vectors for Mac malware. Google Ads and Anthropic's Claude.ai are being abused, demonstrating a new frontier in attack sophistication.
A persistent phishing scam, masquerading as a critical iCloud storage alert, is back with a dangerous twist: it's now demanding payment to prevent data loss.
Ollama, the popular local LLM framework, is reeling from a critical out-of-bounds read vulnerability, codenamed 'Bleeding Llama'. Over 300,000 servers are potentially exposed, with attackers able to siphon off sensitive process memory.
It’s an ironic twist: a new malware campaign is actively removing signs of rival hackers, only to replace them with its own malware and pilfer sensitive credentials from cloud environments.
A newly discovered vulnerability in Anthropic's Claude extension for Chrome, dubbed ClaudeBleed, could grant attackers unfettered control over your AI assistant.
Just weeks after Copy Fail, another Linux kernel vulnerability, Dirty Frag, has surfaced, offering root access to unprivileged users. We dissect its complex chaining and widespread impact.
A critical denial-of-service vulnerability, CVE-2026-23870, has emerged, targeting React Server Components and frameworks like Next.js. This flaw allows unauthenticated attackers to crash servers with crafted HTTP requests.
Millions of user records might be at risk. NVIDIA confirms a breach, but pins the blame on a regional partner in Armenia.
Fast fashion giant Zara is grappling with a data breach that exposed the personal information of nearly 200,000 customers. The incident highlights a persistent vulnerability in third-party vendor security.
Just when you thought Linux kernel security was getting a handle on things, here comes 'Dirty Frag.' This latest exploit chain bypasses recent patches and lets any local user become king of the castle.
Metasploit's newest release moves beyond mere exploit patching. This update quietly signals a significant shift toward strong asset and vulnerability tracking, integrating directly with your security database.
Everyone expected another data heist, but the Canvas breach signals something deeper: educational institutions are prime targets, and the attack vectors are disturbingly human.
The vulnerability management playbook just got ripped up. AI is spitting out thousands of zero-days, while the very system meant to help us prioritize them is throwing in the towel.
Turns out, that mountain of ignored security alerts isn't just digital noise. A deep dive into 25 million alerts shows a consistent, and frankly, terrifying pattern: about one confirmed breach per week is hiding in plain sight, buried under 'informational' flags.
RansomHouse is making noise again, this time claiming they've nabbed source code from Trellix. Another day, another breach in the cybersecurity circus.
A sensitive data breach at AI platform Braintrust is forcing a scramble to secure critical API keys. Hackers gained access to an AWS account, flagging a new wave of supply chain risks for AI-dependent businesses.
The persistent threat of data theft just got a new vector. VoidStealer malware has figured out how to bypass Google Chrome's App-Bound Encryption, leaving user data vulnerable.
Justice is served on ransomware negotiators while a new worm targets cloud credentials. Meanwhile, a critical zero-day in PAN-OS demands urgent attention.
Palo Alto Networks firewalls, a cornerstone of enterprise security, are now the target of a zero-day exploit. The vulnerability allows unauthenticated attackers root privileges, raising immediate concerns for organizations relying on their devices.