Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four popular Laravel-Lang Composer packages and injected malware... Read more »

Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of... Read more »

North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its... Read more »

The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was... Read more »

Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively exploiting a security flaw, tracked as CVE-2026-26980, in Ghost CMS... Read more »

A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor is adverertising a purported database... Read more »

A zero-click attack targeting iPhones on iOS 16 hijacked WhatsApp accounts without linked devices, warnings, or user interaction. There is a particular kind of security incident that is harder... Read more »

Dutch authorities arrested two suspects and seized 800 servers tied to Stark Industries, a hosting firm linked to cyberattacks and disinformation. Dutch financial crime investigators arrested two men and... Read more »

FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI... Read more »