Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that ...

Generative AI is raising the risk of dangling DNS attack vectors, as the orphaned resources are no longer just a phishing ...

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...

The thick client is making a comeback. Here’s how next-generation local databases like PGlite and RxDB are bringing ...

Mobile platforms operate under fundamentally different trust assumptions than we relied on for web security. Your mobile ...

Tycoon 2FA accounted for around 62pc of all phishing attempts blocked by Microsoft by mid-2025. A joint cybersecurity operation has disrupted one of the world’s largest phishing-as-a-service platforms ...

The circuit court now expects the Trump administration to file a brief by March 20 explaining why it appealed the district court’s ruling and for Kelly’s legal team to file its reply brief by April 27 ...

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

WebMCP exposes structured website actions for AI agents. See how it works, why it matters, and how to test it in Chrome 146.