AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Google rushes Chrome update fixing two zero-days already under attack

Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed. The bugs, tracked as CVE-2026-3909 and ...

Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data

Excel users are warned to update now, as a critical vulnerability has been confirmed that can lead to “zero-click information ...