Your blog category
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a… Read More »Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for… Read More »CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.… Read More »Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine.… Read More »GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is… Read More »Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report from LayerX exposes just how deep this… Read More »Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently… Read More »Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider… Read More »Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. “This flaw… Read More »EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is… Read More »UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns