Security leaders increasingly worry that AI-generated code introduces risks, while many organizations still depend heavily on manual reviews.

Researchers uncovered a global phishing network using Google Cloud redirects and copied news content across thousands of coordinated servers.

Fable 5's data retention policy mandates 30 days' storage, or up to two years for flagged content, but Microsoft has concerns.

Videos advertising free subscriptions are leading victims away to download and install malware via command-line tools.

We take a look at some of the biggest threats facing fans at the World Cup 2026.

Chaotic Eclipse strikes again, releasing their seventh zero-day in just two months.

Varonis has a suggestion on how to make AI agents more careful.

A cybercriminal claimed the Tchap breach on a dark web forum, saying they stole gigabytes of sensitive data.

A bug in an API endpoint was apparently abused to access customer data.

Researchers found a trojanized X-VPN installer used to deploy STX RAT malware. X-VPN itself was not breached, and only attacker-hosted downloads are affected.

A logic inversion bug was recently found in Linux, caused by a single stray character.

Lazarus is getting company as UNK_DeadDrop starts luring devs with fake jobs, too.

Some repos are already restored.

A new bug was found, allowing crooks to execute arbitrary code and possibly steal sensitive files.

A month-old VPN bug was finally fixed, but not until after Qilin had a field day with it.

A popular WordPress plugin is once again being leveraged in website takeover attacks.

Google is warning about hackers walking into offices, pretending to be IT support.

US citizen admitted working with multiple individuals on data exfiltration.

We now know the scale of last week's incident as Meta reports it to the Maine AG.

Are your private chats truly secure? New research from Surfshark dives into the most popular messaging apps, revealing alarming data harvesting and AI privacy risks. See why Signal came out on top.

The FBI is currently looking for eight major fraudsters whose whereabouts have been unknown for years.

DentaQuest confirmed suffering a data breach, while ShinyHunters claims negotiations broke down.

Google Tag Manager is also abused in this campaign.

Hackers have been preparing longer than the footballers and the scam infrastructure is now up and running.

NoName057(16) launched "Patriotic Online Games", calling all hackers to participate and get paid in crypto.

A new attack technique affects HTTP/2 configurations of major web servers, but some have released patches already.

ATG owners are urged to tighten up on security and keep track of potential attacks.

Prompt injection works on Android notifications, as well, and could have been used for a myriad of things.

China is using fake organizations to pay for intelligence reports, with higher payments for more secrets.

More than 100 spoofed websites were redirecting users and offering infostealers.