Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

Security researchers warn of active attacks on SolarWinds Web Help Desk. Malicious actors are exploiting vulnerabilities to infiltrate systems and then ...

Java Development Kit (JDK) 26, a planned update to standard Java due March 17, 2026, has reached the initial release candidate (RC) stage. The RC is open for critical bug fixes, with the feature set ...

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to ...

Meanwhile, CVE-2025-8088 can be abused to create booby-trapped archive files that can load malicious computer code into a hacker-selected path on a Windows PC. Antivirus vendor ESET originally ...

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious ...

Microsoft has released patches for CVE-2026-21509, a newly disclosed Office zero-day vulnerability that can be exploited to bypass security features. The tech giant’s advisory for CVE-2026-21509 ...