Security researchers have identified a critical Bluetooth vulnerability dubbed "BlueGhost" that affects billions of devices and allows attackers within radio range to silently pair and take control of smartphones, laptops, and IoT devices.
Researchers have uncovered a sophisticated phishing-as-a-service platform called "PhantomNet" that uses AI to generate convincing login pages and bypass MFA in real-time through adversary-in-the-middle techniques.
A public exploit has been released for a critical unauthenticated RCE vulnerability in Fortinet FortiGate firewalls before the vendor has issued a patch, putting an estimated 490,000 devices at immediate risk.
The U.S. Securities and Exchange Commission has charged four publicly traded companies with securities fraud for making materially misleading statements about cybersecurity incidents in their SEC filings.
A sophisticated supply chain attack attributed to Chinese state-sponsored group Jade Typhoon has compromised at least 8 major defense contractors through a trojanized update to a widely-used network management tool.
A new ransomware campaign is mass-exploiting a known vulnerability in VMware ESXi hypervisors to encrypt virtual machines, with over 3,500 servers compromised worldwide in the past two weeks.
CISA and the FBI have attributed a series of cyber attacks against US water and wastewater systems to an Iranian government-affiliated threat actor exploiting default credentials on Unitronics PLCs.
Mozilla has shipped Firefox 135 with ML-KEM (Kyber) post-quantum key encapsulation enabled by default for all TLS 1.3 connections, making it the first major browser to fully transition to quantum-resistant encryption.
The Lazarus Group has been attributed to a $340 million theft from decentralized finance platform NexusVault after exploiting a smart contract vulnerability in the platform's cross-chain bridge.
Academic researchers have disclosed a new hardware-level vulnerability in Intel processors codenamed "SilentGate" that allows extraction of cryptographic keys through a novel side-channel attack on the CPU microarchitecture.
CISA has issued an emergency alert after discovering a new strain of ICS-specific malware called "AquaGhost" designed to manipulate water treatment chemical dosing systems at municipal facilities.
Palo Alto Networks has released emergency patches for a critical zero-day vulnerability in PAN-OS that has been exploited by a suspected nation-state actor to breach government and defense networks.
NIST has published its final guidance for federal agencies to complete migration to post-quantum cryptographic standards by 2030, with critical systems required to begin transition by end of 2026.
Researchers have identified a series of malicious ChatGPT plugins that exploit the platform's OAuth implementation to steal users' third-party API keys, session tokens, and personal data.
Toyota Motor Corporation has confirmed that a cyber attack on its supplier management system disrupted production at 12 manufacturing plants across Japan, North America, and Europe for approximately 48 hours.