IntroductionZscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ...

Hackers target Microsoft Exchange servers worldwide, injecting keyloggers to steal credentials from victims in 26 countries.

CoinMarketCap suffered a front-end breach on June 20 involving malicious JavaScript injected through its rotating “Doodles” feature.

Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI ...

Attackers are increasingly abusing sanctioned tools to subvert automated defenses. Tracking your Windows fleet’s PowerShell ...

Redmond reported 66 flaws to be fixed in its monthly patch bundle, including one that was a zero-day until 1000 Pacific Time today. There are ten critical patches, but two of the important ones are ...

Google and Mozilla have released patches for a combined total of four high-severity memory bugs in Chrome and Firefox.

Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.

A recent Hacker News post looked at the reverse engineering of TikTok’s JavaScript virtual machine (VM). Many commenters assumed the VM was malicious, designed for invasive tracking or ...

Specifically, we use function execution time for side-channel attacks, de-randomize code segment layouts and then execute a code-reuse attack. To verify its practicality, we conduct attacks on ...