A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025… Read More »Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question… Read More »Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator… Read More »Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks… Read More »⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web.… Read More »Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster… Read More »Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That’s according to a report published… Read More »PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious… Read More »Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their… Read More »Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a… Read More »Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software