Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

The dirty secret of critical infrastructure and manufacturing isn't that we are "behind" on patching. It's that patching is ...

ESET researchers have traced the reactivation of Sednit’s advanced implant team to a 2024 case in Ukraine, where a keylogger named SlimAgent was ...

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation ...

After several years of using simple implants, the Russia-affiliated threat actor is back with two new sophisticated malware tools.

ISC2, the non-profit membership association for cyber security professionals, has launched a code of conduct to spread more ethical, principled practices across the global cyber security trade. The ...

Shares of several major cybersecurity providers dropped today after Anthropic PBC introduced a tool for finding software vulnerabilities. The offering is called Claude Code Security. It’s available as ...

Anthropic (ANTHRO) unveiled a new feature called Claude Code Security built into Claude Code on the web. Cybersecurity stocks were in the red on Friday. CrowdStrike (CRWD) and Cloudflare (NET) each ...

The department has sent Google, Meta and other companies hundreds of subpoenas for information on accounts that track or comment on Immigration and Customs Enforcement, officials and tech workers said ...

Most people assume that turning on two-factor authentication is enough to protect their accounts. It’s a big improvement. But it’s not enough. If someone can take control of your phone number, trick ...