Risk & Resilience

Microsoft reports a ClickFix social engineering campaign abusing Windows Terminal to execute malicious commands and deploy Lumma Stealer targeting browser credentials.

Real world investigations show how AI powered SOC platforms can conduct multi source threat analysis, helping security teams detect credential compromise and advanced phishing attacks faster.

Security researchers discovered malicious Laravel related packages on Packagist that deploy a cross platform remote access trojan affecting Windows, macOS, and Linux systems.

Europol and cybersecurity partners dismantled Tycoon 2FA, a phishing as a service toolkit tied to more than 64,000 attacks and nearly 100,000 affected organizations worldwide.

Google confirms active exploitation of CVE 2026 21385, a high severity Qualcomm graphics component flaw, as part of Android March 2026 security updates addressing 129 vulnerabilities.

China linked Amaranth Dragon exploited a WinRAR vulnerability in targeted espionage campaigns across Southeast Asia, with overlaps tied to APT41 and parallel PlugX operations by Mustang Panda.

Researchers uncover a malicious Go module impersonating golang.org/x/crypto that steals terminal passwords, installs SSH persistence, and deploys the Rekoobe Linux backdoor.

Researchers have uncovered nearly 3,000 publicly exposed Google Cloud API keys that gained unintended access to Gemini endpoints after API enablement, raising concerns over data exposure and unexpected billing charges.

A software developer accidentally accessed and controlled about 7,000 DJI Romo robot vacuums worldwide while trying to connect his own device to a PlayStation controller, exposing serious security vulnerabilities in smart home devices.

Cisco Talos tracks UAT-10027, a malicious campaign targeting U.S. education and healthcare sectors with Dohdoor backdoor using DNS over HTTPS for stealthy command-and-control.

Google, in collaboration with industry partners, has disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group using GRIDTIDE malware to target 53 organizations across 42 countries, supporting affected organizations and cutting off malicious access.

North Korea linked Lazarus Group has been observed using Medusa ransomware in attacks targeting a Middle Eastern entity and a U.S. healthcare organization, signaling a tactical shift toward ransomware as a service operations.