JavaScript injection attacks surged in 2024, hitting major brands via Polyfill.io. Learn why frameworks failed.

A massive mobile malware campaign targets Android and iOS users in Asia, stealing personal data through fake apps.

The shortcoming unearthed by Wiz in Base44 concerns a misconfiguration that left two authentication-related endpoints exposed without any restrictions, thereby permitting anyone to register for ...

Phishing emails mimicking PyPI target developers to steal credentials via fake sites. Users urged to stay alert.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability ...

Chaos ransomware rises after BlackSuit takedown, hitting U.S. targets with $300K demands and stealthy evasion tactics.

Browser-based identity attacks surge in 2025, targeting SaaS apps and weak credentials across enterprise accounts.

In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub ...

Legacy email filters miss post-delivery threats in Microsoft 365 and Google Workspace, exposing data. Here's how EDR-style ...

Vendetect - It is an open-source tool designed to detect copied or vendored code across repositories — even when the code has ...

Tridium Niagara flaws expose critical infrastructure to takeover if misconfigured, affecting security and system uptime.

Scattered Spider targets VMware ESXi in fast, stealthy ransomware attacks across U.S. retail and airline sectors.