Browser Fingerprinting - In an article by Rahul Naskar, he describes vulnerabilities with Incognito. “I'm not a privacy enthusiast, but that doesn't mean I don't care about it. I have always used the best settings to protect my privacy since I learned about the benefits of controlling how my personal information is collected, stored, and shared online. I still remember the day when I first learned about private browsing, and every time I went Incognito, it felt like adding one more brick to m
All Articles (2885)
Sort by
The US federal government is rethinking how to support its globally adopted vulnerability tracking ecosystem after years of backlogs, funding scares, and growing doubts about whether the existing model can scale as vulnerability disclosures continue to accelerate. At the center of that ecosystem, there are two distinct but interdependent components. The Common Vulnerabilities and Exposures program, operated by Mitre, assigns standardized identifiers to software flaws. The National Vulnerabili
FortiGuard Labs recently observed several targeted phishing campaigns in Taiwan that use themes designed to exploit local business processes. These campaigns disseminate Winos 4.0 (ValleyRat) and subsequent malicious plugins through weaponized attachments or embedded links. The lures mimic official communications, such as tax audit notifications, tax filing software installers, and cloud-based e-invoice downloads.
Affected Platforms: Microsoft Windows Impacted Users: Microsoft Windows Impa |
The rapid rise of OpenClaw, a locally running agentic AI assistant, has introduced a new class of security risk: malware that targets the assistant itself. Because the framework stores persistent memory, configuration data, and authentication material on the user’s device, it effectively becomes a vault of API keys, tokens, private keys, and sensitive personal context. Security researchers have now observed infostealing malware exfiltrating these files (openclaw.json, device.json, and soul.md)
Many malware attacks against open-source software components have compromised thousands of software packages and repositories, but the practical damage these attacks have caused organizations is harder to quantify. The longer-term and indirect costs of these attacks may prove most significant for organizations. Open-source components and software have long been a well-established source of threat activity. The widespread use, combined with the broad variance in how well-supported different pro
The past few years have brought an extraordinary shift in how digital content is created. Videos and images that once required studios, actors, and expensive equipment can now be produced by generative deep learning models that run on a laptop. These systems can fabricate a person’s face, voice, and gestures with such precision that the results often look indistinguishable from real footage. This technological leap has opened remarkable creative possibilities, yet it has also created a new kind
Bitcoin has spent more than a decade moving from fringe experiment to global financial phenomenon. Yet despite wider adoption, institutional interest, and the rise of crypto infrastructure, a persistent fear keeps resurfacing: what if Bitcoin’s value could eventually fall to zero?
Supporters often argue that Bitcoin can’t go to zero because of its scarcity and network effects. Critics counter that scarcity alone doesn’t guarantee lasting demand, and that markets can abandon even once-dominant
A new search tool, named EpsteIn, is an open-source Python script developed by software engineer Christopher Finke that allows users to check if their LinkedIn connections are mentioned in the publicly released Jeffrey Epstein court documents. These documents, comprising over 3.5 million pages, were recently released by the US Department of Justice. The tool supports open-source intelligence (OSINT) activities to validate professional networks and identify potential associations. It operates
Quorum Cyber has published its 2026 Global Cyber Risk Outlook report[1], detailing a significant evolution in cyber threats driven by Artificial Intelligence (AI) and Ransomware-as-a-Service (RaaS) platforms. The analysis, based on incidents across more than 350 organizations worldwide in 2025, indicates that cybercrime has entered a more industrialized phase. This development allows even poorly skilled attackers to launch sophisticated operations, with nation-state actors automating up to 90%
Details are emerging of how the US military employed cyber capabilities to disrupt Iranian air missile defense systems during Operation Midnight Hammer, a coordinated effort to target Iran's nuclear program. The operation focused on nuclear sites at Fordow, Natanz, and Esfahan. This disruption assisted in preventing Iran from launching surface-to-air missiles against US warplanes that entered Iranian airspace, according to US officials. The strikes occurred on 21 June 2025, involving seven B-2
How smart is today’s artificial intelligence, really? Not in marketing terms, not in sci fi language, but in the sober light of difficult questions like… How many tendons attach to a tiny bone in a hummingbird’s tail? Which syllables in a Biblical Hebrew verse are “closed” according to the latest specialist scholarship? Those are not trivia questions; they are examples from “Humanity’s Last Exam,” a new benchmark that is reshaping how we think about AI progress.[1]
The benchmark comes from a
State-backed hackers and cybercriminals are increasingly exploiting Google’s Gemini AI to streamline their attacks from initial reconnaissance to post-compromise operations. According to new research, actors linked to China, Iran, North Korea, and Russia used the model for target profiling, phishing lure generation, translation, coding, vulnerability testing, command-and-control development, and data exfiltration.
Some operatives even posed as cybersecurity experts to trick the AI tool into prod
Recently observed a phishing campaign in the wild that delivers a new variant of XWorm.
XWorm is a multi-functional Remote Access Trojan (RAT) first identified in 2022 that remains actively distributed, including through Telegram-based marketplaces. Once deployed, it provides attackers with full remote control of compromised Windows systems. This campaign relies on multiple phishing emails that employ social engineering to trick recipients into opening a malicious attachment. The following an
Even though Valentine’s Day is over, the romance scam schemes still persist. While you might be out there searching for your Valentine, scammers were out there looking for victims. The FBI is reporting record-high numbers of what they are calling "romance scams," people online pretending to be a potential love interest in an attempt to steal your money.
The FBI is urging people to think twice about who they might be engaging. "This is a whiteboard that was found in the scam compound in Cambod
A federal jury in San Francisco has convicted a former Google software engineer of economic espionage and theft of trade secrets, marking one of the most significant US prosecutions to date involving the theft of advanced artificial intelligence technology. According to the US Department of Justice (DOJ), Linwei Ding, also known as Leon Ding, was found guilty on 14 federal counts, including seven counts of economic espionage and seven counts of theft of trade secrets, following an 11-day trial
Recently, the Federal Bureau of Investigation (FBI) released Operation Winter Shield. This document outlines critical actions organizations can take to enhance resilience against cyber intrusions, based on FBI recommendations.
Phish-Resistant Authentication:
- Implement phish-resistant methods like FIDO2 security keys for high-impact accounts and critical systems.
- Require number-matching and domain display for authenticator apps, avoiding push-only approvals.
- Eliminate SMS-based multi-factor au
In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
Researchers at Varonis Threat Labs have disclosed a proof-of-concept attack technique that enables the silent exfiltration of outgoing emails from Microsoft 365 accounts using legitimate Outlook add-ins. Named Exfil Out&Look, the method exploits Outlook Web Access (OWA) to intercept and transmit email content without generating forensic traces in audit logs. The technique involves creating a custom Outlook add-in with standard web technologies, including a manifest file that specifies minimal
Microsoft is warning that the June expiration of software certificates will put those still using Windows 10 in an even more vulnerable state. The software certificates deal with a feature called Secure Boot, which can prevent a PC from loading malicious code as the machine starts up. Microsoft initially introduced the feature in 2011 with Windows 8 to ensure only trusted software runs during the boot process, warding off potential "pre-boot malware" threats.[1]
The problem is that “all Window
It's happening: AI bots are starting to organize in their own digital societies. The kicker? The humans are setting up institutions for them. Are we digging our own graves? For now, there's some reason to believe what's going on is more hype than substance. But while it's the first time we have seen some things, they're a continuation of the agentic AI theme that's been building for about a year. It wouldn't be surprising if more is on the way.
Even OpenAI CEO Sam Altman is on edge this we
