Hackers use pixel-large SVG trick to hide credit card stealer

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code ...

Google: New UNC6783 hackers steal corporate Zendesk support tickets

A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value ...

New macOS stealer campaign uses Script Editor in ClickFix attack

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti ...

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

Microsoft rolls out fix for broken Windows Start Menu search

Microsoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 ...

Is a $30,000 GPU Good at Password Cracking?

A $30,000 AI GPU doesn't outperform consumer GPUs at password cracking. Specops explains why attackers don't need exotic ...

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files ...

Snowflake customers hit in data theft attacks after SaaS integrator breach

Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication ...

Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins

An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

US warns of Iranian hackers targeting critical infrastructure

Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations.