Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.

A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.

Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target.

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.

A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.

Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.

The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.

When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase.

Multiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities.

It's the law of unintended consequences: equipping browsers with agentic AI opens the door to an exponential volume of prompt injections.

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.

The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.

Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia.

The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.

South America's largest country is notorious for banking malware attacks; Maverick self-terminates if its targeted user is based outside Brazil.

GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world.

A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.

Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.