Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
AI Agents in SaaS: Why the Cyber Kill Chain Fails and What OpenClaw Exposed
In September 2025, Anthropic publicly disclosed a cyber‑espionage campaign in which a state‑sponsored threat actor used an AI agent to ...
Massive Microsoft 365 Device Code Phishing Campaign Targets Global Organizations with EvilTokens PhaaS
An extensive Microsoft 365 phishing campaign abusing the OAuth device code flow has impacted more than 340 organizations across the ...
Critical Vertex AI Security Gap: Over‑Privileged Service Accounts Put AI Agents and Cloud Data at Risk
Palo Alto Networks’ Unit 42 has disclosed a critical security blind spot in Google Cloud Vertex AI that could allow ...
Google Ads Malvertising Campaign Uses Huawei Driver in BYOVD Attack to Kill EDR
A large-scale malvertising campaign active since January 2026 is abusing Google Ads to target US users searching for tax forms ...
Malicious npm Packages theGhost: New Node.js Supply Chain Attacks Target Crypto Wallets and Developer Credentials
A new wave of malicious npm packages is targeting the Node.js ecosystem, focusing on the theft of cryptocurrency wallets and ...
Google Gemini Launches AI-Powered Dark Web Threat Intelligence and SOC Agents
Google is expanding its Threat Intelligence ecosystem with a new Gemini-based dark web monitoring service designed to automatically scan underground ...
Tycoon2FA Phishing Platform Rapidly Recovers After Europol Takedown and Resumes MFA‑Bypassing Attacks
The phishing-as-a-service platform Tycoon2FA, which Europol publicly claimed to have disrupted in early March, has almost fully restored its operations. ...
FCC Moves Against Foreign-Made Wi‑Fi Routers: Cybersecurity and Supply Chain Implications
According to recent reports, the US Federal Communications Commission (FCC) has updated its Covered List of communications equipment deemed a ...
PolyShell Vulnerability in Magento and Adobe Commerce: Unauthenticated File Upload, RCE and Defacement Risks
A newly disclosed critical vulnerability dubbed PolyShell exposes all current versions of Magento Open Source and Adobe Commerce 2.x to ...
AI Music, Botnets and VPNs: How a $10M Streaming Fraud Scheme Exploited Royalty Systems
A recent US criminal case has exposed how a combination of AI-generated music, large-scale bot traffic and cloud infrastructure can ...
