Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

In November 2025, Gartner formalized a new security category — Exposure Assessment Platforms — evaluating 20 vendors on their ability to continuously identify and prioritize The post What Is an ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Public Safety Minister Gary Anandasangaree on Wednesday announced $10-million aimed at bolstering security in Canada’s Jewish community, days after shootings directed at synagogues in the Toronto area ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be the first documented case of attackers abusing the Deno JavaScript runtime ...

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.

Signal says its systems are secure but it is taking reports of targeted attempts to hack some officials "very seriously".

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that ...

Generative AI is raising the risk of dangling DNS attack vectors, as the orphaned resources are no longer just a phishing ...

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime.