Security researchers have discovered a cyberattack campaign where hackers impersonate IT helpdesk staff to trick employees into giving them access to their computers. The attackers begin by flooding a victim’s email inbox with large amounts of spam. This creates confusion and pressure, making the target more likely to believe a follow up message. Shortly after, […]
Security investigators have uncovered a years long phishing campaign that successfully deceived employees at NASA and other U.S. organizations into sharing sensitive technology. The operation involved a Chinese national who posed as a trusted researcher and contacted targets through carefully crafted messages. By impersonating colleagues and collaborators, the attacker convinced victims they were participating in […]
Security researchers have revealed a serious vulnerability affecting cPanel that could allow attackers to bypass authentication and gain access to server control panels. The issue impacts multiple authentication paths and affects all supported versions of cPanel and WebHost Manager. Attackers can exploit this flaw to log in without valid credentials, potentially taking control of hosting […]
Security researchers have identified a campaign involving 73 fake extensions for Visual Studio Code that are being used to distribute malware known as GlassWorm v2. These extensions were uploaded to the Open VSX marketplace and are designed to closely resemble legitimate tools. Many imitate the names, icons, and descriptions of real extensions, making it difficult […]
A powerful new artificial intelligence system developed by Anthropic is beginning to change how the world approaches cybersecurity, and this time the story is not about fear but progress. The model, known as Claude Mythos, has shown an extraordinary ability to identify hidden software vulnerabilities at a scale that was previously impossible. Rather than creating […]
A serious data exposure involving Fiverr has raised alarms after sensitive user files—including tax forms, contracts, IDs, and login credentials—were discovered publicly accessible through Google search results. The issue appears to stem from how files were stored and shared on the platform, rather than a traditional “hack,” but the consequences are just as concerning for […]
A newly uncovered security flaw in a widely used Android component has revealed how a single hidden weakness can quietly put millions of users in danger. The issue stems from the EngageLab SDK, a third party tool embedded in many apps to power push notifications and user engagement features. While it operates behind the scenes, […]
A massive and coordinated malware campaign has exposed just how dangerous seemingly harmless browser add-ons can be. Security researchers have identified 108 malicious Chrome extensions that were secretly stealing sensitive user data, hijacking sessions, and injecting harmful scripts, all while posing as useful everyday tools. At first glance, these extensions appeared legitimate. They advertised features […]
A major new cybersecurity warning has revealed that hundreds of millions of iPhones could be at risk from a powerful malware tool called DarkSword if they are not running the latest software. Researchers have found that hacker groups have been using it to silently break into vulnerable devices around the world. DarkSword works by chaining […]
A recently discovered security issue showed that hackers could secretly take sensitive information from ChatGPT conversations without users knowing. Security researchers found that hidden tricks could be used to quietly collect data from chats. The issue has now been fixed, but it highlights how even trusted AI tools can have hidden risks. The attack worked […]