Latest News

Recently, cybercriminals exploited a vulnerability in Google’s OAuth system to send phishing emails that appeared legitimate by passing DKIM (DomainKeys Identified Mail) verification. The incident came to light when a fraudulent Google security alert was reported. The attack leveraged Google’s

Surfshark announced that it will add its Bypasser split-tunneling feature to its macOS app as part of a new update. This means that this capability is now available on all major platforms supported by Surfshark, including Windows, Android, iOS, and its browser extension. Surfshark’s Bypasser

More than 16,000 Fortinet devices globally have been found to be compromised with a persistent symlink backdoor. It’s a vulnerability that allows read-only access to sensitive configuration files even after patching. Initially reported to affect 14,000 devices, that number has since climbed to over

Hertz has confirmed that customer data has been stolen during a cyberattack on Cleo Communications, a third-party vendor providing file transfer services. The company said the breach occurred when “zero-day vulnerabilities within Cleo’s platform” were exploited in October and December 2024 — an

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained nearly 8 million records belonging to a UK-based software company that facilitates employee data management, compliance, timesheets, and payroll. The

Security researchers have found that AI’s tendency to hallucinate package names when used to assist with writing code has led to a new software supply chain vulnerability, dubbed “slopsquatting.” The term, introduced by security expert Seth Larson, refers to a variation of typosquatting. While

Under the Trump administration, the Department of Homeland Security (DHS) announced that it will begin to consider immigrants’ social media history as part of their visa evaluation process. This policy will be enacted by the United States Citizen and Immigration Services (USCIS) agency. In an

A newly released court document from WhatsApp’s lawsuit against NSO Group has confirmed that 1,223 users across 51 countries were targeted by Pegasus spyware in a two-month attack campaign in 2019. The breakdown, based on internal WhatsApp data, provides the most detailed picture yet of how widely

A UK tribunal has ruled that the government cannot conduct its legal battle with Apple concerning encryption behind closed doors, affirming the public’s right to open justice in a case with wide-reaching privacy implications. The judgment, handed down by the Investigatory Powers Tribunal on April

Corporate email marketing accounts have been compromised and used in a phishing campaign known as "PoisonSeed," which is targeting cryptocurrency users and spreading fraudulent wallet seed phrases. The attacks were initiated in March 2025 and targeted Coinbase and Ledger users globally. Security