Iranian threat actor Lemon Sandstorm accessed Middle East CNI from 2023–2025 using VPN flaws, web shells, and 8 custom tools.

Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.

Leonidas Varagiannis (aka War), 21, and Prasan Nepal (aka Trippy), 20, the two alleged leaders of a child extortion group 764 ...

Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2 ...

"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency ...

NDR solutions uncover hidden threats missed by legacy tools by analyzing encrypted traffic, lateral movement, and blind spots ...

"Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users ...

Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.

Phishing attacks deliver DarkWatchman and Sheriff malware; targets span Russia, Ukraine, Baltics, with stealth and ...

Prompt injection flaws in Anthropic’s MCP and Google’s A2A protocols enable covert data exfiltration and AI manipulation.

Companies need to rethink how they protect their private and public use of AI and how they defend against AI-powered attacks.

The report found a median account takeover exposure rate of 1.4% among platforms ranging from 5 million to 300 million users.