The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect ...

The Director of Public Prosecutions (DPP) has outlined detailed evidence implicating nine senior Ministry of Finance ...

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and crypto scams.

Trojanized gaming tools and new Windows RATs like Steaelite enable data theft, ransomware, and persistent remote control.

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Can your phone be tracked with VPN? Learn what VPN hides, what it doesn’t, and how to make your smartphone less trackable.

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

Millions of passengers rely on Indian Railways every day to reach their destinations. Yet when it comes to sudden travel plans and Tatkal bookings, the process has often felt like a test of patience.