8+ hour, 15+ min ago  (411+ words) Disguised as a massive order request from a fake "Joyce Malave," the attack uses a weaponized Word document to launch a complex, six-stage kill chain. By chaining together legacy document features, obfuscated scripts, and a full Python runtime, attackers are…...

9+ hour ago  (383+ words) Apple has aggressively broadened the deployment of iOS 18.7.7 and iPadOS 18.7.7, pushing the update to millions of additional devices via Automatic Updates to defend users against the DarkSword exploit, a sophisticated, web-based attack vector capable of silently compromising unpatched iPhones and…...

8+ hour, 37+ min ago  (395+ words) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Google Chrome and Chromium-based browsers that is being actively exploited in real-world cyberattacks. The flaw, officially tracked as CVE-2026-5281, has been added…...

10+ hour, 49+ min ago  (419+ words) On March 31, 2026, security researchers identified a severe supply chain attack targeting Axios, a popular HTTP client for JavaScript handling over 70 million weekly downloads. Two updated versions of the package, 1.14.1 and 0.30.4, were compromised by a malicious dependency that installs remote access…...

11+ hour, 16+ min ago  (433+ words) A critical unauthenticated remote code execution vulnerability in Cisco's Smart Software Manager On-Prem platform could allow attackers to seize full root control of enterprise license management infrastructure. Cisco has issued a high-priority security advisory warning of a critical vulnerability in…...

11+ hour, 28+ min ago  (356+ words) Cybersecurity researchers have uncovered a highly sophisticated malware campaign that delivers the notorious Remcos Remote Access Trojan (RAT). Remcos is a widespread threat known for providing attackers with backdoor access to infected systems and collecting sensitive information. This newly analyzed…...

12+ hour, 15+ min ago  (331+ words) The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones deployed across vital…...

13+ hour, 29+ min ago  (379+ words) A high-severity local privilege escalation flaw in Symantec's Data Loss Prevention Agent for Windows could hand attackers complete control over enterprise machines, and it requires no special permissions to exploit. Security researchers have disclosed a critical vulnerability in the Symantec…...

13+ hour, 17+ min ago  (380+ words) The Blackpoint Response Operations Center (BROC) has identified a newly discovered Node. js-based implant named RoadK1ll during a recent intrusion analysis. Unlike traditional remote access trojans packed with large command sets, RoadK1ll serves a highly specific operational purpose. It is a lightweight…...

14+ hour, 23+ min ago  (368+ words) In June 2025, cybersecurity firm Nisos uncovered a sophisticated employment fraud scheme when a suspected North Korean IT worker attempted to infiltrate their company. The operative applied for a remote Lead Artificial Intelligence Architect position using the stolen identity of a…...