-
Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for wallet theft, secret harvesting, and staged malware delivery. The campaign is especially da…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code on targeted systems. The flaws, tracked as CVE-2026-45456, CVE-2026-45458, and CVE-202…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has released patches for three new PAN-OS vulnerabilities that could allow authenticated administrators or users to execute arbitrary commands with root privileges or force firewalls into repeated reboots, raising operational and sec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A suspected cyberattack targeting Tchap, the secure messaging platform used by French government agencies, has reportedly exposed sensitive data belonging to more than 73,000 government employees. According to threat intelligence reports shared by the …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An active espionage campaign tracked as SHEETCREEP that leverages a UAE‑India diplomatic-themed ISO lure to deliver a compact C# remote access trojan (RAT) and uses Google Sheets as its command-and-control (C2) channel. The ISO, named UAE-India_Strateg…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Authorities have dismantled a major cryptocurrency laundering infrastructure known as “AudiA6,” disrupting a critical financial backbone used by ransomware gangs and cybercriminal networks to legitimize illicit proceeds. The coordinated international o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a high-severity information disclosure vulnerability affecting its Teams application for Android, tracked as CVE-2026-42835. The flaw, publicly released on June 9, 2026, has been assigned a CVSS v3.1 base score of 8.1, categoriz…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors leverage polished tutorial-style clips to trick Windows users into running malicious code. Attack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
