Dragos attributes a December 2025 Polish grid attack to ELECTRUM, disrupting ~30 DER sites without outages but damaging OT.

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Agentic AI reshapes SOC workflows by investigating 100% of alerts, reducing noise, accelerating hunting, and delivering over ...

Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run ...

China-linked Mustang Panda used updated COOLCLIENT malware in 2025 espionage to steal data from government and telecom ...

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via ...

Near-identical password reuse bypasses security policies, enabling attackers to exploit predictable patterns using breached ...

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw, CVE-2026-24858, now listed by ...

Pakistan-linked hackers targeted Indian government entities using phishing, Google services, Golang malware, and GitHub-based ...

Meta is rolling out Strict Account Settings on WhatsApp and using Rust-based media code to protect journalists and high-risk ...

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...