Researcher Shows Edge Browser Stores Saved Passwords in Plaintext
Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal.
Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal.
Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. [...]
The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly im…
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. [...]
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the Use…
Researchers find malicious repositories can trigger code execution in Claude Code with minimal or no user interaction.
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
A 20-year-old California man was sentenced to 78 months in prison for serving as a home invader and money launderer in a criminal ring that stole over $250 million in cryptocurrency. [...]
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated any…
A Apache Software Foundation lançou uma atualização de segurança para corrigir uma falha crítica no Apache HTTP Server que afeta o processamento de conexões HTTP/2 e pode causar negação de serviço ou, em cenários específicos, execução remota de código. A vulnerabilidade é rastrea…
A Palo Alto Networks confirmou que uma vulnerabilidade zero-day crítica no PAN-OS vem sendo explorada em ataques reais desde pelo menos abril de 2026. A falha afeta firewalls PA-Series e VM-Series expostos à internet com o User-ID Authentication Portal habilitado. Rastreada como …
Um grupo de hackers ligado ao Irã usou o Microsoft Teams como porta de entrada para roubar credenciais, manipular configurações de autenticação multifator e manter acesso persistente em redes corporativas. A campanha foi associada ao MuddyWater, também rastreado como Mango Sandst…
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]
Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes.
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. [...]
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features …
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside…
Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026.
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. [...]