Google Confirms High-Risk Update For 3.5 Billion Chrome Users

Nearly all 3.5 billion Chrome browser users will soon see a ‘high-risk’ security update from Google. Here’s what you need to ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
Security Boulevard

7 Identity and API Security Tools Modern SaaS Teams Should Evaluate in 2026

Discover 7 essential identity and API security tools for modern SaaS teams. Expert comparison of SSO, DAST, MCP security, and passwordless authentication tools ...
The Pioneer

Blasé Capital 2fa FROM fraud

Phishing attacks have become increasingly sophisticated, and often transparently mirror the site being targeted, allowing the ...
Bleeping Computer

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). Zimbra is a very popular email and collaboration ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
Bleeping Computer

Russian hackers exploit Zimbra flaw in Ukrainian govt attacks

Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting ...

A.I. Is on Its Way to Upending Cybersecurity

With new systems from companies like Anthropic and OpenAI, hackers can attack with greater speed. The defense is more A.I.
Microsoft

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...