Rokarolla targets 217 banking and crypto apps with 137 commands, enabling PIN, SMS code, and crypto payment theft.
ESET found two Windows SprySOCKS variants with 30+ commands, C2 over TCP, UDP, and WebSocket, and government targets in 4 ...
Attackers are exploiting three Fortinet FortiSandbox flaws, including one patched last week, risking auth bypass and command ...
Cisco patched CVE-2026-20262 in Catalyst SD-WAN Manager after limited exploitation, with federal fixes due June 29.
North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...
CISA added CVE-2026-54420 to KEV, requiring federal agencies to patch LiteSpeed cPanel root escalation by June 18, 2026.
Spur study finds VPNs and residential proxies now appear in nearly every security incident, exposing gaps in IP-based ...
Google fixed a Vertex AI SDK flaw in v1.148.0 after Unit 42 showed bucket squatting could enable model hijacking and code ...
Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...
Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
Google says UNC6508 used REDCap backdoors and Workspace rules to copy research and defense emails across U.S. and Canadian ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results