Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and surveillance.

Google is testing Merkle Tree Certificates in Chrome to enable quantum-resistant HTTPS, reduce TLS handshake data & launch a new root store by 2027.

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.

APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.

AI in cybersecurity can improve detection and response, but lean teams must weigh complexity, costs, and measurable outcomes carefully.

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for ...

Researchers detail Aeternum C2 storing botnet commands on Polygon blockchain, while DSLRoot operates 300 residential proxy ...

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.

Cisco warns CVE-2026-20127 (CVSS 10.0) in SD-WAN is exploited since 2023 to gain admin access; CISA adds it to KEV and ...