Zeljka Zorz

An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have …

Veteran security engineer Niels Provos is working on a new technical approach designed to stop autonomous AI agents from taking actions you haven’t specifically authorized. …

The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing …

A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller …

The article has been taken down following a legal request.

SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the …

CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities …

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect …

A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike …

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on …

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The …

Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams …