Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

Why You Should Never Click ‘Reset Password’ in Your Inbox (and What to Do Instead)

A password reset email can look legitimate, but you need to be vigilant. Here’s how to stay safe.
The Hacker News

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical ...
PCMag on MSN

Stop Using Passwords. Here's Why You Should Switch to Passkeys ASAP

Passkeys offer far stronger security than traditional passwords—and may eventually replace them. We break down everything you ...

I tested NordVPN's free scam checker against a real threat in my inbox - here's how it did

I tested NordVPN's free scam checker against a real threat in my inbox - here's how it did ...

Vibe Coding Plugins? Validate With Official WordPress Plugin Checker

Official WordPress Plugin Checker offers automated code review for security and best practices. Don't vibe code plugins ...
The Hacker News

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat ...

Chrome encryption bypass discovered: New malware steals passwords and cookies

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege ...
CSO Online

Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...

Google details new 24-hour process to sideload unverified Android apps

Google is planning big changes for Android in 2026 aimed at combating malware across the entire device ecosystem. Starting in ...