Microsoft warns tax-season phishing hit 29,000 users via IRS lures, enabling credential theft and RMM-based access.

Hybrid identity gaps and high user turnover create orphaned accounts in universities, increasing attack surface and breach risk.

CVE-2025-32975 exploited since March 2026 on unpatched KACE SMA systems, enabling admin takeover and payload delivery.

Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting ...

Telegram blocked 43M channels in 2025, but cybercrime persists as actors adapt, maintaining platform dominance and forcing ...

Russian-linked phishing hits thousands of messaging accounts via fake support tactics, enabling impersonation and data access ...

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.

Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device ...

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...

Outdated iOS exploited via Coruna, DarkSword kits through web attacks, enabling mass data theft on unpatched devices.

Claude Code bypasses security controls by acting locally before monitoring, exposing data risks and audit gaps.

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...