432 articles
Adaptive Security finds 3 seconds of audio enough to clone a voice for fraud; deepfake calls tricked employees into wiring $243K in one case. No detection tool caught the attack.
ESET Threat Research Director Jean-Ian Boutin explains how SMBs leverage MDR and threat intel to detect intrusions faster, citing 3.5-day median dwell time reduction.
Fast16 malware resurfaces in new supply chain attacks, abusing remote monitoring tools and browser extensions to steal credentials. Campaign targets enterprise environments.
CVE-2026-6770 in Firefox allowed fingerprinting of Tor users via a timing side-channel. Mozilla patched the flaw in Firefox 150 and Tor 15.0.10.
FTC reports Americans lost over $2.1 billion to social media scams in 2025 — a 10x increase since 2020. Investment and romance scams dominate losses.
A new GlassWorm campaign deploys 73 sleeper extensions on OpenVSX that activate malicious behavior post-update, targeting VS Code users in dev environments.
ESET analysis shows 1 in 3 Android apps request unnecessary permissions — location, camera, microphone — enabling data harvesting and surveillance. Users should audit permissions.
Anthropic's Claude Mythos Preview identifies vulnerabilities at scale since April 7, but organizations lack the triage and patching capacity to keep pace, researchers warn.
Chinese national extradited from Italy to US for alleged Silk Typhoon cyberespionage targeting US govt, defense contractors, and critical infrastructure.
U.S. Treasury sanctioned Cambodian Senator Ly Yong Phat over alleged ties to human trafficking and cyberscam compounds.
Vercel disclosed a breach after stolen OAuth tokens from Context.ai enabled unauthorized access to internal systems via a connected app. No customer data exposed.
Elastic Security Labs details a supply chain compromise of the axios npm package that deployed a unified RAT across platforms, impacting an unknown number of downstream…
