Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based coding assistants. These tools, integrated into IDEs such as GitHub Copilot, can perform a wide range...
Twenty-two-year-old American Conor Brian Fitzpatrick, better known by his alias Pompompurin, has received a new sentence in the case concerning the creation and administration of the notorious hacking forum BreachForums. An appellate court overturned...
Apple has released supplemental security updates for older iPhone and iPad models, addressing a zero-day vulnerability previously patched in the latest versions of iOS, iPadOS, and macOS. Tracked as CVE-2025-43300, the flaw stems from...
Google has altered its approach to Android security updates, breaking with a decade-long tradition of monthly vulnerability disclosures. In the July 2025 bulletin, the company reported no vulnerabilities whatsoever—a first in 120 publications. Yet...
A dangerous worm dubbed Shai-Hulud has been uncovered in the JavaScript ecosystem, infecting at least 187 packages in the NPM repository. What sets it apart is that it not only steals developer credentials but...
A sprawling advertising-fraud operation known as SlopAds hid behind a storefront of hundreds of seemingly innocuous Android apps and ballooned into a global enterprise. Researchers at Satori (HUMAN) recently described how 224 programs amassed...
Acronis researchers have reported a fresh campaign that employs a modified FileFix technique to deliver the StealC data stealer. The attackers staged a convincing, multilingual phishing operation that forges pages for various services —...
Researchers at Socket have disclosed a new attack against the npm ecosystem, in which more than 40 packages were discovered to be laced with embedded malicious code. The compromise mechanism was meticulously engineered: it...
The newly emerged AISURU botnet has powered the largest recorded DDoS assault to date, peaking at 11.5 Tb/s. This surge shattered the spring record of 5.8 Tb/s and underscored how rapidly threats tied to...
Huntress has published a detailed account of an incident in which attackers, having exploited a vulnerable SonicWall VPN, gained access to the management console and nearly stripped the organization of its defensive capabilities by...
U.S. airlines have found themselves at the center of a scandal following revelations of large-scale transfers of passenger data to government agencies. According to a contract obtained by 404 Media through a Freedom of...
Researchers from Doyensec, together with an independent author known as BitsByWill, have publicly demonstrated a working exploitation chain that enables remote execution of code in the Linux kernel via KSMBD — the in-kernel SMB3...
