Today, we expose a sophisticated campaign where hackers use Remote Monitoring and Management tools to hijack physical cargo, leading to billions in losses, and analyze the dangerous new trend of malware like SesameOp abusing trusted AI APIs for stealthy command-and-control operations. Plus, we cover the major patches released by both Apple and Google, including a critical Android Remote Code Execution flaw that requires zero user interaction.

Today, we dissect how a suspected Chinese APT used the new 'Airstalk' malware to compromise BPOs in targeted supply chain attacks, and why the Claude AI model was successfully tricked into exfiltrating user data. Plus, we look at the rising threat of cybercriminals exploiting legitimate RMM tools to steal physical cargo from logistics networks.

CISA issued urgent warnings, adding exploited VMware and XWiki flaws to the KEV catalog and requiring federal agencies to patch immediately. We break down the Chinese threat actor exploiting an unpatched Windows shortcut vulnerability targeting European diplomats and examine the active exploitation of the critical Windows WSUS flaw.

We dive into two major software supply chain campaigns, including the "PhantomRaven" operation, which delivered infostealers via 136 malicious NPM packages downloaded 100,000 times. Then, we look at why vetting dependencies is no longer enough and examine the shocking case of a US defense contractor executive who sold $35 million in cyber trade secrets to a Russian exploit broker.

Today we dive into critical industrial cyber threats as CISA warns of active exploitation in DELMIA factory software. We also examine Google's move to make HTTPS the default for all public sites and review the massive lawsuit alleging Microsoft tricked millions of users into pricey Copilot subscriptions.

Today we dive into the inevitability of prompt injection as agentic AI takes over enterprise functions, and reviews massive credential theft data circulating online. Plus, learn why industrial giants are falling victim to Oracle EBS exploits and how a $60 mod is killing privacy protections on smart glasses.

Today, we dive into critical AI browser vulnerabilities, including a trick that weaponizes the OpenAI Atlas omnibox, and analyze the spectacular flop of a promised $1 million WhatsApp exploit at Pwn2Own. Plus, we cover active exploitation of a critical Windows Server WSUS vulnerability and the shifting economics of ransomware.

Today we dive into critical updates for BIND against high-severity cache poisoning flaws, the zero-day exploitation of Lanscope Endpoint Manager that requires immediate federal attention, and the serious governance concerns raised by "vibe coding" and AI-generated code's lack of judgment. We also examine Verizon’s latest Mobile Security Index, highlighting soaring mobile device attacks and the alarming rise of AI-powered threats like deepfakes and SMS phishing.