Threat actors are seeding GitHub with fake OSINT, GPT wrappers, DeFi bots, and security utilities to deliver PyStoreRAT, a previously undocumented modular JavaScript RAT. The loaders are tiny Python …

CISA has added CVE-2018-4063 to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation targeting Sierra Wireless AirLink ALEOS routers. The high-severity flaw (CVSS …

Apple has released urgent security updates across iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to fix two WebKit zero-day vulnerabilities actively exploited in the wild. If you use any …

GenAI now lives in the browser—from web LLMs and copilots to AI-powered extensions and agentic browsers. Employees paste emails, code, and docs into prompts or upload files, creating a blind spot …

A critical React2Shell flaw is fueling large-scale, real-world attacks, pushing U.S. federal agencies and enterprises worldwide into rapid mitigation mode. Why it matters: CISA has added …

React has shipped fixes for new React Server Components vulnerabilities that can trigger denial-of-service or expose server function source code. The issues surfaced as researchers probed workarounds …

CISA has added a high-severity OSGeo GeoServer flaw to its Known Exploited Vulnerabilities (KEV) catalog after evidence of in-the-wild abuse, urging immediate patching by affected organizations. Key …

Modern buildings often hide outdated building management systems (BMS) that were never meant to face the open internet. At Black Hat Europe 2025, Gjoko Krstic of Zero Science Lab presented A City of …

Overview WIRTE, tracked by Unit 42 as Ashen Lepus, has run a persistent espionage campaign against government and diplomatic entities across the Middle East since at least 2018. Since 2020, the group …

A high-severity, unpatched zero-day in Gogs is being actively exploited, with more than 700 internet-facing instances showing signs of compromise, according to Wiz. Tracked as CVE-2025-8110 (CVSS …