Researchers have discovered two vulnerabilities that could allow threat actors to abuse hosted email services in order to spoof the sender's identity and evade protections. The identified vulnerabilities impact millions of domains.

A malicious package named "zlibxjson version 8.2," has been discovered in the PyPI repository.

The North Korea-linked "DEV#POPPER" malware campaign targeting software developers has expanded its focus on Windows, Linux, and macOS systems with new malware and tactics.

"SMS Stealer" is a novel malware with more than 107,000 samples that has been targeting Android devices for over two years. It steals SMS messages to obtain One-Time Passwords (OTPs) and other sensitive user data.

Metomic reports that healthcare organizations continue to expose their most sensitive data, putting their business and patients at risk.

According to researchers at the University of the Republic of Uruguay, hackers can apply Artificial Intelligence (AI) to spy on a user's display by capturing leaked electromagnetic radiation from a PC's HDMI cable.

The nation-state threat actor "SideWinder" is behind a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.

The new red team post-exploitation framework "Specula," released by the cybersecurity company TrustedSec, uses Microsoft Outlook as a Command-and-Control (C2) beacon for Remote Code Execution (RCE).

According to Microsoft's threat intelligence team, ransomware groups are exploiting a critical vulnerability in ESXi hypervisors to gain full administrative access on domain-joined systems less than a week after VMware shipped patches for the fla

IBM released its annual "Cost of a Data Breach Report," which revealed that the global average cost of a data breach hit $4.88 million in 2024, as breaches become more disruptive and place additional demands on cyber teams.

Cybercriminals are selling stolen Generative Artificial Intelligence (GenAI) platform account credentials on underground markets.

In a massive scam campaign dubbed "EchoSpoofing" by Guardio Labs, an unknown threat actor has sent millions of messages spoofing Best Buy, IBM, Nike, Walt Disney, and other popular companies by exploiting an email routing misconfiguration in email secu