-
Chinese authorities-linked hacker Xu Zewei, accused of playing a central role in the notorious Silk Typhoon (HAFNIUM) cyber campaign, has been extradited from Italy to the United States, marking a significant development in ongoing efforts to combat st…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Application security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, reve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding their global reach by leveraging SMS and over-the-top (OTT) messaging channels such as iMessage and Rich Communication Services (RCS). Over the past several months, research…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp is actively developing an independent, first-party cloud backup service featuring mandatory end-to-end encryption. This upcoming feature aims to reduce users’ reliance on third-party storage providers such as Google Drive and Apple’s iCl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploitin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
