More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. [...]

The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year. [...]

Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outside the official Google Play app store. [...]

Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outside the official Google Play app store. [...]

State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. [...]

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. [...]

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). [...]

Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. [...]

French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. [...]

Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. [...]

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. [...]

A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses. [...]

The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. [...]

The Pakistani APT36 cyberspies are using Linux.desktop files to load malware in new attacks against government and defense entities in India. [...]

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. [...]

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. [...]

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. [...]

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. [...]

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...]

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. [...]

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. [...]

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. [...]

American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations. [...]

A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. [...]

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure. [...]