Attackers weaponize phishing to exhaust SOC teams
Modern phishing aims to drain SOC time, delay containment, and turn routine email alerts into identity compromise and breach risk.
Rust-based VENON malware targets 33 Brazilian banks with credential-stealing overlays
VENON is a new Rust-based Windows banking trojan using overlays to steal credentials from customers of 33 Brazilian banks.
Ransomware gangs are shifting to DDoS, insiders, and contractor abuse for 2026
Recorded Future warns 2026 ransomware will rely more on DDoS, insider recruitment, and contractor compromise as profits tighten.
Trivy breach shows how a trusted scanner can become a malware delivery channel
A supply-chain breach of Trivy reportedly pushed credential-stealing malware via official releases and GitHub Actions, raising major CI/CD trust conce
FBI warns Russian hackers target Signal and WhatsApp in mass phishing attacks
Reported FBI and CISA warning points to Russian phishing campaigns targeting Signal and WhatsApp accounts of high-value users.
Critical CVEs jumped 120% in December as React2Shell led exploit activity
Recorded Future says December 2025 saw a 120% jump in critical CVEs, with 22 exploited flaws and React2Shell leading attacker activity.
Inside the CopyCop playbook: How to fight back in the age of synthetic media
CopyCop shows how AI-generated fake news sites can scale Russian influence operations—and what readers, journalists, and platforms can do to resist.
China’s zero-day pipeline: From discovery to deployment
Recorded Future says China is turning vulnerability discovery into state power, giving its cyber operations a lasting strategic edge.
NCA says teens are being drawn into cybercrime through online radicalization
The UK’s NCA warns that online communities are grooming some teenagers into cybercrime, turning a tech threat into a youth safeguarding issue.
Crypto scam ShieldGuard dismantled after fake Chrome security tool was found stealing wallets
A fake Chrome crypto security extension called ShieldGuard was removed after researchers found it stole wallet data and exposed users to theft.
Critical zero-click flaw in n8n exposed cloud and self-hosted servers to takeover
A critical n8n flaw reportedly allowed unauthenticated zero-click server takeover across cloud and self-hosted deployments.
MCP security risks stem from AI architecture, not a patchable bug
Researchers warn MCP introduces architectural AI security risks that standard patches cannot fix, raising enterprise concerns over tool access.