Two TfL hackers get 5.5 years each for the £29 million 2024 attack, which disabled 148 systems, exposed customer data, and ...
CVE-2026-59208, a JWT matching flaw that could log users into another issuer’s account on affected multi-issuer Enterprise ...
PhantomEnigma uses more than 20 hijacked Brazilian government sites and compromised mailboxes to deliver a modular Node.js ...
Daxin resurfaces at a Taiwan manufacturer alongside Stupig, a new backdoor that runs SYSTEM commands before sign-in through ...
Zoom fixes CVE-2026-53412, a 9.8-rated Windows flaw that could enable account takeover via network access, plus three ...
This week’s ThreatsDay Bulletin covers spyware-laced game cheats, fake installers, infostealer, ransomware, phishing kits, ...
New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs ...
Shark AWS IoT policy flaw could let one certificate send root commands to other vacuums in the same region, exposing cameras, ...
ClickLock Stealer kills macOS apps every 210 milliseconds until victims enter a password, then steals browser credentials, ...
OpenAI says GPT-Red automates prompt injection testing and helped GPT-5.6 Sol record sixfold fewer direct injection failures than GPT-5.5 in benchmark ...
Agent data injection forges trusted fields across six AI models, redirecting web and coding agents while bypassing prompt ...
OkoBot injects recovery phrase lures into Ledger and Trezor apps, targeting hundreds of Windows users across more than 25 ...