Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business…
npm’s Update to Harden Their Supply Chain, and Points to Consider
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce…
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial…
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI)…
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead…
The CTEM Divide: Why 84% of Security Programs Are Falling Behind
A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming…
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile…
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw…
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the…
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows…