First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in ...

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...

Patch Tuesday delivers fixes for 59 Microsoft flaws, six exploited zero-days, plus critical SAP and Intel TDX vulnerabilities.

Microsoft patches 59 vulnerabilities, including six actively exploited zero-days, with CISA mandating urgent federal remediation.

UNC1069 targets crypto firms via Telegram lures, fake Zoom meetings, and multi-stage malware to steal credentials, browser data, and funds.

Researchers uncover SSHStalker, an IRC botnet exploiting legacy Linux flaws and SSH servers to build persistent covert access.

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...

Warlock ransomware breached SmarterTools via unpatched SmarterMail, exploiting critical flaws to access Windows systems and deploy encryption payloads ...

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.

Bloody Wolf spear-phishing campaign deploys NetSupport RAT across Uzbekistan and Russia, hitting 60+ victims and multiple ...

Ivanti EPMM zero-day flaws enabled cyberattacks on Dutch, EU, and Finnish government systems, exposing employee contact and device data.

This week’s cyber recap covers AI risks, supply-chain attacks, major breaches, DDoS spikes, and critical vulnerabilities security teams must track.