Android 17 tests a block on accessibility API abuse by non-assistive apps
Google is testing an Android 17 safeguard that limits accessibility API use under Advanced Protection Mode to curb malware abuse.
Apple patches WebKit flaw that could bypass same-origin protections on iPhone, iPad, and Mac
Apple fixed CVE-2026-20643, a WebKit bug that could let malicious web content bypass same-origin protections on iOS, iPadOS, and macOS.
SideWinder espionage campaign expands across Southeast Asia
SideWinder is widening espionage activity in Southeast Asia, using spear-phishing, old Office flaws, and rotating infrastructure to target strategic s
Navia discloses data breach impacting 2.7 million people
Navia says a data breach exposed sensitive information tied to nearly 2.7 million people, raising serious identity theft and vendor risk concerns.
Musician admits using AI bots to steal $10 million in streaming royalties
Michael Smith pleaded guilty to using AI-generated music and bots to fraudulently collect more than $10 million in streaming royalties.
International joint action disrupts four major IoT DDoS botnets
The U.S., Germany, and Canada disrupted C2 infrastructure for four major IoT botnets used in large-scale DDoS attacks.
ICO’s £14m Reddit fine puts age checks and child privacy under scrutiny
The UK ICO plans to fine Reddit £14m over alleged failures in handling children’s data, sharpening scrutiny of age checks and privacy.
Apple urges iPhone, iPad, and Mac users to install fixes for two zero-days under attack
Apple has patched two actively exploited zero-days affecting iPhone, iPad, and Mac devices, and users are being urged to update immediately.
CISA warns organizations to harden endpoint management systems after Stryker cyberattack
CISA says attackers are targeting endpoint management systems after a March cyberattack on Stryker’s Microsoft environment.
Preparing for Russia’s new generation warfare in Europe
Russia’s hybrid campaign in Europe blends cyber attacks, sabotage, and influence operations, raising the risk for NATO states and key industries.
C2 implant SnappyClient targets crypto wallets
SnappyClient blends remote access, spying, and data theft to target crypto wallets, exposing users and firms to irreversible financial loss.
Attackers weaponize phishing to exhaust SOC teams
Modern phishing aims to drain SOC time, delay containment, and turn routine email alerts into identity compromise and breach risk.











