Artificial intelligence agents are rapidly becoming integral to enterprise workflows, but they also introduce new attack surfaces. Security researchers recently uncovered a significant vulnerability within Google Cloud Platform’s Vertex AI Agent Engine. By exploiting default permission scoping, attackers could weaponize…
A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively exploiting a newly disclosed, maximum-severity vulnerability in Oracle WebLogic Server. The…
A newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse…
Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for…
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No."
No to ChatGPT.
No to DeepSeek.
No to the file-sharing tool the product team swears by.
For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot.
The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 1, 2026 – Read the full story in Forbes In 2025, the global damage cost resulting from cybercrime was an estimated $10.5 trillion USD, up from just $3…
Beginning April 6, 2026, HSBC India will require its internet banking customers to enter their passwords in uppercase letters only. The mandate, communicated via official customer emails, has sparked widespread concern among technical experts regarding the bank’s credential storage practices…
A sophisticated backdoor called EtherRAT is actively targeting organizations across multiple sectors by hiding its command infrastructure inside the Ethereum blockchain — a move that makes it uniquely hard to track and shut down. The malware runs on Node.js and…
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.
"Use-after-free in Dawn in Google Chrome prior
A new and dangerous piece of malware has surfaced and is being marketed openly to cybercriminals through private Telegram channels. Named CrystalX, this Malware-as-a-Service (MaaS) platform combines a remote access trojan (RAT), credential stealer, keylogger, clipboard hijacker, spyware, and an…
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next.
Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most
Travelers across the world are being targeted by a fast-growing fraud scheme that turns their own hotel reservations against them. Cybercriminals are hijacking trusted hotel booking workflows to deliver convincing fake payment requests to guests — and many victims never…
The notorious cybercriminal group ShinyHunters has allegedly claimed responsibility for three separate data breaches targeting Cisco Systems, Inc., asserting that over 3 million Salesforce records containing personally identifiable information (PII), GitHub repositories, AWS S3 buckets, and other sensitive internal corporate…
Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors. Read More
