X plans to retire the twitter.com domain for WebAuthn. Consequently, accounts that use hardware security keys or passkeys must re-enroll under x.com. Otherwise, access can break. This guide explains why re-enrollment matters, how to do it safely, and what SOC teams should monitor during the transition.
Attackers abused a Chrome zero-day to install Memento spyware in targeted operations. This analysis explains the chain, highlights reliable signals to hunt, and outlines a focused 72-hour action plan.
AI chats can mirror delusions, escalate insomnia, and miss crisis cues. Use safer design, publish real metrics, and route users to human help.
Global law enforcement has seized a dark web leak site allegedly operated by Scattered Spider, halting a notorious pipeline of stolen corporate data. Here’s what cybersecurity experts need to know about the takedown.
A former general manager at a top-tier cyber-weapons developer faces criminal charges after allegedly stealing eight trade secrets between 2022 and 2025 and selling them to a Russian buyer. The case underscores serious risks to national security, supply-chain oversight, and insider threat policies across the defense-cyber industry.
Qilin ransomware now combines a Linux payload with a BYOVD (Bring-Your-Own-Vulnerable-Driver) exploit, enabling affiliates to bypass endpoint controls and compromise virtualised and Windows environments. This briefing explains the attack chain, detection challenges, and immediate defensive steps security teams must apply.
Security researchers revealed that ChatGPT’s Atlas Browser can be manipulated through hidden prompt injections, allowing attackers to hijack AI behavior, leak data, and bypass safeguards. Learn how it works and how to defend against it.
The latest version of the ransomware family known as LockBit has resurfaced with a potent new variant, LockBit 5.0, capable of striking Windows endpoints, Linux servers and VMware ESXi hypervisor platforms in one campaign. Organisations must reassess their ransomware defences and detection posture now.
The Lazarus Group launched a sophisticated social-engineering campaign targeting European unmanned aerial vehicle (UAV) manufacturers via fake job offers to steal intellectual property and design data. Understanding the “Operation DreamJob” method, infection chain and mitigation is critical for defense supply-chain security.
A new phishing technique called CoPhish abuses Microsoft Copilot Studio agents to steal OAuth tokens via trusted Microsoft domains, bypassing traditional security filters and highlighting the growing threat within low-code platforms.