A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public disclosure.

Google’s Device Bound Session Credentials in Chrome protect against session cookie theft by binding authentication to the device.

Microsoft discovered that a third-party Android SDK widely used in cryptocurrency wallet applications is affected by a severe vulnerability.

A threat actor tracked as UNC6783 and targeting BPOs for corporate data theft is likely linked to the ‘Mr. Raccoon’ hacker.

The Google API keys, all using the ‘AIza…’ format, can be abused for retroactive privilege escalation: a key that a developer ...

Palo Alto Networks and SonicWall have released patches for multiple vulnerabilities, including high-severity flaws.

“RSAC estimates that there were at least 200 million Apple Intelligence-capable devices in consumers’ hands as of December ...

Eurail says hackers stole the names and passport numbers of 300,000 people from its network in a December 2025 cyberattack.

AI can’t be fully trusted, yet businesses depend on it. Explore the risks of bias, hallucinations, and adversarial ...

The DDoS-capable Masjesu botnet focuses on evasion and persistence, but targets a broad range of IoT devices to spread.

News of the latest Bitcoin Depot hack comes just days after threat actors believed to be operating out of North Korea stole ...

A researcher has come across what appears to be an actively exploited Adobe Acrobat and Reader zero-day vulnerability.