Google dismantled IPIDEA, a residential proxy network used by 550+ threat groups to hijack millions of consumer devices for cybercrime and espionage.

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via ...

Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run ...

Near-identical password reuse bypasses security policies, enabling attackers to exploit predictable patterns using breached ...

Dragos attributes a December 2025 Polish grid attack to ELECTRUM, disrupting ~30 DER sites without outages but damaging OT.

China-linked Mustang Panda used updated COOLCLIENT malware in 2025 espionage to steal data from government and telecom ...

Agentic AI reshapes SOC workflows by investigating 100% of alerts, reducing noise, accelerating hunting, and delivering over ...

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher ...