General cybersecurity industry news, market trends, and analysis
Malicious Packagist Laravel packages install a cross-platform RAT enabling remote shell access and system reconnaissance via C2 server.
Researchers link Silver Dragon APT to APT41 after attacks on government entities using Cobalt Strike, DNS tunneling, and Google Drive-based C2.
CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches released by Broadcom.
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.
Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors.
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
Lessons from history highlight why AI-enabled browsers require controlled enablement.
Fake IT support calls delivered Havoc C2, enabling credential theft, lateral movement, and ransomware prep across five organizations.
South Korea's National Tax Service (NTS) has found itself in the middle of a deeply embarrassing — and costly — blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet.
Tier 1 SOC analysts face overload and false positives; integrated threat intelligence and sandboxing reduce dwell time and improve detection.
AI-powered CyberStrikeAI linked to 600 FortiGate breaches in 55 countries, with 21 IPs tied to China-based infrastructure.
Workloads keep getting more complicated and organizations are struggling to keep up. So what's the play?
