432 articles
Telegram founder Pavel Durov alleges WhatsApp's default end-to-end encryption is misleading, as unencrypted cloud backups can expose billions of user messages.
Adobe has released emergency updates for a critical vulnerability (CVE-2026-34621) in Acrobat Reader that is being actively exploited to execute arbitrary code.
A ClickFix social engineering campaign bypasses macOS security warnings by using Script Editor to execute malicious commands, marking a significant evolution in Mac-targeting malware.
A Cloudflare IP block intended to prevent illegal football streaming inadvertently blocked access to Docker Hub and other services in Spain, highlighting collateral damage from blunt security measures.
A sophisticated phishing campaign uses a counterfeit Claude AI website to distribute a trojanized installer, deploying the remote access trojan PlugX to establish persistent backdoor access.
The Financial Industry Regulatory Authority has established a new intelligence hub to centralize analysis of cyber threats and fraud targeting broker-dealers and capital markets.
A state-directed internet blackout in Iran has surpassed 1,000 cumulative hours, marking a significant escalation in digital censorship and control tactics.
Juniper Networks has released patches for a critical, pre-authentication remote code execution vulnerability in Junos OS, alongside dozens of other security fixes.
The latest Metasploit Framework release introduces exploit modules for Cisco Catalyst SD-WAN and osTicket, alongside significant improvements to LDAP/ADCS data collection and Windows persistence techniques.
OpenAI has removed the undocumented 'Study Mode' from ChatGPT, a feature that disabled web search and file uploads, highlighting concerns over silent feature changes and potential security implications for automated workflows.
Orange Business is embedding generative AI into its enterprise voice platforms, a move that expands the attack surface and introduces novel data security and privacy risks.
OpenAI's GPT-5 raises the bar for AI-assisted cyberattacks — spear-phishing at scale, automated exploit generation, and deepfake social engineering. Here's what security teams need to know and do.
