1+ hour, 17+ min ago  (165+ words) Thursday. Another week, another batch of things that probably should've been caught sooner but'weren't. This'one's got some range " old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust…...

2+ hour, 43+ min ago  (314+ words) Employees may use generative AI tools like Chat GPT or Claude in everyday workflows, and while this can improve productivity, it can result in sensitive data being shared externally without oversight. Whether or not the AI vendor uses that data…...

2+ hour, 59+ min ago  (386+ words) Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December2025. The finding, detailed by EXPMON's Haifei Li, hasbeen described as a highly-sophisticated PDF exploit. The artifact ("Invoice540. pdf") first appeared…...

3+ hour, 34+ min ago  (565+ words) An'apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings'from Access'Now, Lookout,'and SMEX. "The attacks were…...

21+ hour, 44+ min ago  (319+ words) Called Masjesu, the botnet has been advertised via Telegram as a DDo S-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of Io T devices, such as routers and gateways, spanning multiple architectures. "Built for…...

20+ hour, 23+ min ago  (399+ words) "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices,"Darktrace said in a newreport. Chaoswas first documented by Lumen Black Lotus Labs in September 2022, describing it as a cross-platform malware capable…...

1+ day, 24+ min ago  (492+ words) The Russian threat actor known'as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite'codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM)…...

1+ day, 4+ hour ago  (366+ words) In one instance highlighted by the company, Mython Preview is said to have autonomously come'with a web browser exploit that chained together four vulnerabilities to escape the renderer and operating system sandboxes. Anthropic'also noted in the preview's system card that…...

1+ day, 6+ hour ago  (489+ words) The North Korea-linked persistent campaign known'as Contagious'Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. The complete list of identified packages is as follows'- These loaders are designed to fetch platform-specific second-stage payloads,…...

1+ day, 9+ hour ago  (730+ words) "These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial loss," the U. S. Federal Bureau of Investigation(FBI) said in a post on X. The agencies saidthe campaign is part ofa recent…...