General cybersecurity industry news, market trends, and analysis
A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.
GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential rotation.
The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.
Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks.
AI browser extensions increase enterprise risk with 60% higher vulnerabilities, bypassing DLP controls and exposing sensitive data.
The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.
The document provides a behavior-based model of the tactics and techniques employed by fraudsters.
Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.
Google releases DBSC in Chrome 146 for Windows, binding cookies to devices to reduce session theft and prevent unauthorized access.
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.
Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.
