New Perseus Android malware checks user notes for secrets
Perseus shows how Android malware can turn plain text notes into a gold mine for passwords, seed phrases, and financial secrets.
Shai-Hulud-like worm targets developers through npm and AI tools
Researchers warn a Shai-Hulud-like npm worm is targeting developers, stealing secrets, and abusing AI tooling in supply-chain attacks.
Vulnerabilities in password managers put browser trust under scrutiny
Researchers say some password managers can leak or alter credentials through browser-side flaws, challenging how users interpret encryption claims.
Fake AI assistants in Chrome Web Store steal passwords and spy on emails
Malicious AI-themed Chrome extensions are stealing passwords, hijacking sessions, and spying on email at alarming scale.
European governments breached in zero-day attacks targeting Ivanti
European institutions were hit in a wider Ivanti zero-day campaign, exposing the risks posed by compromised edge appliances.
New zero-click flaw in Claude Desktop extensions raises hard questions about AI app trust
LayerX says a zero-click flaw in Claude Desktop extensions could enable RCE, raising fresh concerns about AI app trust and endpoint security.
Ai security threats loom as enterprise usage jumps 91%
Zscaler’s AI findings suggest enterprise adoption is outpacing security, with prompt injection, data leakage, and risky integrations driving exposure.
Russian hacktivists intensify disruptive cyber pressure on UK orgs
The UK NCSC says Russian hacktivists are increasing disruptive attacks on critical sectors, with DDoS and defacements driving pressure.
Interlock ransomware targets Cisco enterprise firewalls
Interlock’s reported use of a critical Cisco firewall flaw shows how ransomware crews are turning edge-device bugs into stealthy enterprise breaches.
FBI seizes Handala data leak site after Stryker cyberattack
The FBI’s seizure of Handala sites after the claimed Stryker attack highlights rising destructive cyber risk across healthcare supply chains.
Darksword: iPhone exploit kit serves spies and thieves alike
DarkSword shows how advanced iPhone exploit chains can power both surveillance and theft, with targeted victims reported in four countries.
Five malicious Rust crates target CI/CD secrets through fake time utilities
Five malicious Rust crates on crates.io reportedly stole .env secrets from developer and CI/CD environments, raising supply-chain risk.











