Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

QR codes are widely used in entry and exit systems for various events to monitor the number of participants and ensure that ...

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Ocean Network bridges this gap by focusing on the Orchestration Layer. To ensure top-tier reliability and performance from day one of Beta, Ocean Network is renting high-performance GPUs from Aethir, ...

Nvidia led a week of big AI moves, major security threats, app ecosystem changes, and tech industry shakeups across Apple, Google, Meta, Microsoft, and OpenAI.