Stay ahead of emerging threats with expert analysis, vulnerability reports, and cybersecurity insights.
ESET researchers discovered PromptSpy, an Android malware that uses Google's Gemini AI to dynamically navigate device interfaces and maintain persistence. The malware sends screen captures to Gemini, which responds with tap instructions, effectively solving Android fragmentation for attackers.
A maximum-severity zero-day in Dell RecoverPoint for Virtual Machines (CVSS 10.0) has been exploited by Chinese state-sponsored hackers since mid-2024. The flaw involves hard-coded Tomcat credentials enabling root access. CISA has added it to the KEV catalog with a 3-day patch deadline.
Read moreFour of the most popular VS Code extensions with over 125 million combined installs contain critical vulnerabilities that could let attackers steal files, execute code, and compromise entire organizations from a developer workstation. Three remain unpatched.
Read moreGoogle released emergency updates to patch CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that attackers are actively exploiting. All Chromium-based browsers are affected.
Read moreGoogle released emergency updates to patch CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome that is being actively exploited in the wild. This marks Chrome's first zero-day of 2026.
Read moreA critical pre-authentication RCE vulnerability in BeyondTrust Remote Support and Privileged Remote Access is now being actively exploited after a proof-of-concept was published. With a CVSS of 9.9 and approximately 8,500 unpatched on-premise deployments exposed, organizations must patch immediately.
Read moreMultiple coordinated campaigns have compromised millions of Chrome users through fake AI assistants, social media tools, and utility extensions. The AiFrame campaign alone infected 300,000 users with fake ChatGPT and Gemini extensions that steal emails and credentials, while 287 extensions with 37 million installs were found exfiltrating browsing history to data brokers.
Read moreSecurity researchers at Koi Security discovered the first known malicious Microsoft Outlook add-in, dubbed AgreeToSteal. Attackers hijacked an abandoned legitimate calendar tool by claiming its orphaned Vercel URL, turning Microsoft's own infrastructure into a phishing delivery mechanism that harvested over 4,000 Microsoft account credentials.
Read moreApple patches CVE-2026-20700, a memory corruption flaw in dyld exploited in sophisticated attacks. The vulnerability completes a three-stage exploit chain with two December 2025 bugs (CVE-2025-14174, CVE-2025-43529) discovered by Google TAG, likely used in mercenary spyware operations.
Read moreMicrosoft's February 2026 Patch Tuesday fixes 59 vulnerabilities including six actively exploited zero-days. CISA has added all six to KEV with March 3rd deadline. Critical bugs in Windows Shell, MSHTML, Word, and privilege escalation in Desktop Window Manager and Remote Desktop.
Read moreSmarterTools confirms the Warlock ransomware gang breached their network through a forgotten, unpatched SmarterMail server. The attackers exploited known vulnerabilities (CVE-2026-23760, CVE-2026-24423) to gain access, then moved laterally before deploying ransomware.
Read moreTGR-STA-1030, a state-backed Asian threat group, breached 70+ government and critical infrastructure organizations across 37 countries since January 2024. They exfiltrated financial negotiations, military updates, and banking info using Cobalt Strike, web shells, and eBPF rootkits.
Read moreCritical vulnerabilities in Kubernetes Ingress-NGINX (CVE-2025-1974 and related) allow unauthenticated attackers with pod network access to achieve RCE via file descriptor injection. Default installations expose all cluster Secrets. Public exploit available.
Read moreCloudflare mitigated a record-breaking 31.4 Tbps DDoS attack from the AISURU/Kimwolf botnet, powered by 2 million compromised Android devices. DDoS attacks surged 121% in 2025 with 47.1 million incidents. The botnet spread via trojanized Android apps and fake Windows binaries.
Read moreCVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.
Read moreCVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.
Read moreResearchers discovered DockerDash, a critical vulnerability in Docker Ask Gordon AI feature that lets attackers execute code by hiding malicious instructions in image metadata. The attack exploits blind trust between the AI assistant and MCP Gateway. Patched in Docker Desktop 4.50.0.
Read moreEmail-stealing malware has become a cornerstone of modern espionage and cybercrime. Here's how these tools work, why attackers love them, and what you can do about it.
Read moreRussia's APT28 began exploiting Microsoft Office CVE-2026-21509 just 72 hours after disclosure, targeting Ukraine, Slovakia, and Romania with email-stealing malware and Covenant implants.
Read moreMicrosoft announces three-phase plan to disable NTLM by default in Windows, pushing enterprises toward Kerberos authentication after decades of security issues.
Read moreSubscribe to our newsletter and get the latest security insights delivered to your inbox.