A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.

Verify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in ...

The US is seeking the forfeiture of $7.74 million in cryptocurrency in frozen wallets tied to North Korean fake IT workers ...

Kingsley Utulu has been sentenced to more than 5 years in prison for his role in a scheme that involved hacking, fraud and ...

President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive ...

FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took ...

The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025 with 42 deals.

Data loss prevention (DLP) provider MIND this week announced raising $30 million in Series A funding, which brings the total raised by the company to $41 million. The new investment round was led by ...

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization ...

Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).

An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution.