AI browser extensions increase enterprise risk with 60% higher vulnerabilities, bypassing DLP controls and exposing sensitive data.

Google releases DBSC in Chrome 146 for Windows, binding cookies to devices to reduce session theft and prevent unauthorized access.

Backdoored Smart Slider 3 Pro v3.5.1.35 update distributed for 6 hours via compromised infrastructure, enabling RCE and data ...

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

UAT-10362 spear-phishing targets Taiwanese NGOs in October 2025, deploying LucidRook malware for data exfiltration and ...

EngageLab SDK flaw exposed 50M+ Android installs after April 2025 disclosure, risking crypto wallet data until November 2025 ...

Employees are using unapproved AI tools. Learn the risks of shadow AI, including data leaks and identity sprawl & how ...

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...

Hack-for-hire phishing tied to Bitter targeted MENA journalists from 2023–2025, compromising an Apple account and enabling ...

Claude Mythos finds thousands of zero-days as Anthropic launches Project Glasswing, enhancing defenses but exposing AI ...

APT28 exploits SOHO routers for global DNS hijacking and adversary-in-the-middle attacks, enabling credential theft and ...